In a world of malware, viruses, cyber criminals and more, security and compliance is a big deal. The constant publication of high profile data breaches only encourages the fact that absolutely nothing is off limits when it comes to security hacking.
The European Parliament enforced the General Data Protection Regulation (GDPR) on 25th May 2018. If businesses don’t meet the compliancy criteria, they could face severe penalties of up to 4% of their worldwide turnover. Not a risk any business should be willing to take.
Sigma distribute a trusted range of security products that will protect businesses from today’s ever-growing list of cyber threats.
The UK Government’s Cyber Essentials scheme encourages organisations to adopt good practice in information security. It describes the following five key controls for keeping information secure.
Click a headline below for more information
• Boundary firewalls and internet gateways
The first line of defence against an intrusion from the internet. A well configured firewall can stop breaches happening before they enter a network. An internet gateway can prevent users within an organisation accessing websites or other online services that present a threat or aren’t trusted.
• Secure Configuration
Almost all hardware and software will require some level of set-up and configuration in order to provide the most effective protection. You should remove unused software and services from your devices to reduce the number of potential vulnerabilities. Older versions of some widespread software have well documented security vulnerabilities. If you don’t use it, then it is much easier to remove it than try to keep it up-to-date. Make sure you have changed any default passwords used by software or hardware - these are well known by attackers.
• Access Control
Organisations should restrict access to their systems to users and sources they trust. Each user must have and use their own username and password. Each user should use an account that has permissions appropriate to the job they are carrying out at the time. You should also only use administrator accounts when strictly necessary (e.g. for installing known and trusted software).
• Malware Protection
You should have anti-virus or anti-malware products regularly scanning your network to prevent or detect threats. You will also need to make sure they are kept up-to-date and that it is switched on and monitoring the files that it should be. You should also make sure you receive and act upon any alerts issued by the malware protection.
• Patch Management
Computer equipment and software need regular maintenance to keep it running smoothly and to fix any security vulnerabilities. Ensure the latest supported version of applications are being used and all the necessary patches supplied by the vendor have been applied.
With the rise of Bring Your Own Device (BYOD) in business, it is important to ensure that personal data is protected in case a device is lost or stolen.
In a BYOD environment, it is essential that personal data is appropriately secured so that it cannot be accessed in the event of loss or theft.
Encryption is a means of ensuring that data can only be accessed by authorised users and comes in many different forms and offers protection under different circumstances.
Cloud computing is a model that gives on-demand access to a shared pool of resources and these resources can be provisioned and released with minimal management effort.
According to Cloud Security Alliance (CSA), over 70% of the world’s businesses now operate partly on the cloud. With benefits including automatic updates, lower fixed costs and the freedom to work from any location, cloud computing seems like the right move.
The cloud has opened up a whole new world for storage, access, flexibility and productivity, but it has also opened up a new world of security concerns.
Click a headline below for more information
• Data Breaches
Overall data breaching is three times more likely to occur for businesses that utilise the cloud than those who don’t.
• Hijacking of Accounts
Attackers now have the ability to use login information to remotely access sensitive data stored on the cloud giving them the ability to falsify and manipulate information through hijacked credentials.
• Insider Threat
Employees can use their authorised access to an organisation’s cloud-based services to misuse or access information such as customer accounts, financial forms and other sensitive information.
• Malware Injection
Malware injection is the act of inserting - or injecting - malicious code into a cloud server. The attacker uploads a crafted image and manipulates it to be seen as part of the victim’s cloud environment.
• Insecure APIs
Application Programming Interfaces (APIs) give users the opportunity to customise their cloud experience. As the infrastructure of APIs grows to provide better service, so do its security risks. API vulnerabilities lie in the communication that takes place between applications. While this can help programmers and businesses, they also leave exploitable security risks.
• Denial of Service Attacks
Denial of service attacks are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, or they may overload the capabilities of a machine or network and block all users at once.
• Data Loss
Data on cloud services can be lost through a malicious attack, system failure, or a data wipe by the service provider. Losing vital information can be devastating to businesses that don’t have a recovery plan.
Did you know only 31% of small businesses take active measures to guard themselves against security breaches?
Seen as the perfectly unprepared target, small and medium business’ are becoming the prime focus for hackers and cybercriminals due to their lack of knowledge and resources when it comes to keeping their IT systems secure.
A risky situation to be in considering smaller businesses will find it harder to repair the damage if their data is compromised. The cost of recovery is staggering and in most cases, it leads to the shutdown of businesses.
Choose a vendor and discover what products are available
Don’t give hackers the chance to intrude in your customers systems. With Avast Business Endpoint Protection solutions your customers’ business and data is safe from ransomware, viruses and malware from their email and file servers.
Secure your whole enterprise with Becrypt. Encryption is not required under GDPR but it secures your data and makes it harder for hackers or third parties to access it. From an insider threat to losing a device, Becrypt has a way of securing all your data with their solutions.
The need for secure remote working and remote accessing is higher than ever. Bomgar’s solutions will make sure that tech teams can deliver secure remote support and offer secure access to systems and third-party vendors.
Even though businesses have security in place, we still hear reports about new breaches almost every day that will cost companies a lot of money once GDPR applies.
Flexera’s Software Vulnerability Manager empowers IT Security and Operations with intelligence to continuously track, identify and remediate vulnerable applications — before exploitation leads to costly breaches.
FlexNet Code Aware is an automated open source risk assessment and package discovery solution that enables users to quickly scan their products for security and intellectual property (IP) compliance risk.
Data transfer is part of every business nowadays. But under GDPR breaches of this data can cost enterprises a lot of money. Globalscape makes sure that your data transfers are secure and no third party has access to them. Data transfers are always a risk, but in a global economy data has to be shared between offices and employees all over the world.
IDERA SQL Security Suite helps with compliance and security. Compliance Manager gives you an overview of who did what, when, where and how to sensitive data as well as tracking, detecting and alerting on suspicious activities. SQL Secure identifies vulnerabilities in the server environment, helps you manage security policies and rank security levels with security report cards.
Having security in place for all circumstances is one of the first steps to comply with GDPR law. ManageEngine offers a variety of security solutions to make your customer's IT environment secure.
Not just securing the data, but also having a system in place for auditing and compliance will be part of the new legislation. If a breach occurs and there isn’t enough proof that auditing was in place, the fines will be higher. Authorities also have the right to do checks to see if businesses comply with GDPR. Bolster the security of your Windows server environment. Quest’s security and compliance automated solutions provide real-time visibility into administrator and user activities, plus report on server configurations and user permissions.
Complement your governance, risk and compliance initiatives with solutions that help users achieve and prove compliance, and streamline administration for complex, growing environments.
Help your customers protect their business from breaches and hacks with the ThreatTrack solutions for Internet, Email and Servers. Protecting every part of the system gives hackers less possibilities to enter the system and extract important customer information, which could cost your customers up to £20million or 4% of their annual global turnover (whichever is greater) under GDPR law.
TITUS solutions enable organisations to discover, classify, protect and confidently share information, and meet regulatory compliance requirements by identifying and securing unstructured data. TITUS products enhance data loss prevention by classifying and protecting sensitive information in emails, documents and other file types – on the desktop, on mobile devices, and in the cloud.