Introduction

This is our first security article, mainly in the context of a small business but it will hopefully contain useful information for wider audiences and individuals.

Your IT SystemsIt’s all to easy to be complacent when it comes to online security but as recent news headlines have proved and will continue to, the consequences of complacency can be very significant. What’s absurd is with just a little work and common sense, it’s easy to greatly reduce your chances of becoming a statistic and by reading on, this will hopefully help you to become “IT security wise”.

In a similar way to installing a house alarm, having the right systems and software in place will help prevent attacks and for those that slip through the nets, it will either prevent or greatly reduce the damage that can be done.

Your IT Systems

A few pointers:

  • As a general rule of thumb, make sure the latest system or manufacturer updates are always installed.
  • Install recommended commercial security software on all your devices. Free is better than nothing but not best.
  • If you have to login to your system with a user account, make sure it has non-administrative privileges.
  • Pay very careful attention to ANY system messages displayed by your system and if in doubt, get in touch.
  • If you have to work remotely, make sure any connections you make are secure (using https) or a VPN.
  • Do not use your desktop or work space as a storage area for important files, unless you have a backup.

As a managed client, we’ve recently brought online a remote management system and have started connecting clients for better centralised control and alerting. We will continue to roll this out in 2018 along with some other improvements.

If you are in any doubt about any of the points made or would like a free audit of your system, please get in touch before it’s too late.

Email Phishing

This year we’ve received our highest number of phishing emails yet and most from clients that are unsure whether a message is legitimate or not? Unsurprisingly and compared to only a year or two ago, these message are getting more sophisticated and much harder to spot, yet the same or very similar principles remain for determining their legitimacy.

First off, treat ALL emails as non-genuine from the start, not the other way round. Next, consider the following points and if the answer to anyone of these questions is “Yes” then your suspicion level should be immediately raised, even more so if multiple questions apply.

  • Was the email from this company or individual unexpected?
  • Is the email inviting you to click a link within it, send a reply, make a call?
  • Is there a time limit to the requested task or other pressure for you to take action?
  • If the message appears to be from a legitimate source, is the nature of the inquiry unusual or out of character?
  • Was the message delivered to your SPAM, rather than Inbox folder?
  • Are there spelling mistakes, bad grammar or perhaps both?

If you’re in any doubt then the ONLY action you should take is to either delete or better still forward the message to our help desk.

Internet Shopping / Browsing

When you buy online check the beginning of the URL in your search/address bar. Any online business worth their salt, will have installed a security certificate and the site will normally redirect your browser to the secure version, regardless of the page visited.

The important thing to takeaway here, is the address for the website MUST begin with ‘https://’, not ‘http://’ and MUST display a closed padlock symbol just to the left of this and in green (see Illustration). You would expect this to be the case for the whole site, although at the very least, it MUST be present wherever your payment details are submitted.

If you receive any other display or do NOT see the ‘https://‘ prefix, then you should be looking elsewhere.

Mobile apps

An often overlooked but hidden and ever present danger is the use of mobile devices (Smart phones, Tablets) and their connectivity to both your home and business network. These modern devices are very powerful but represent a very real danger when given access to your network.

It cannot be over emphasized enough, that you must be very cautious about what “Apps” (software) you install on your device and what devices you allow to connect to your network. A rogue piece of code installed in a game or even a legitimate piece of software could be used to hack or steal information from your systems. Some of the normal security mechanisms that protect your network will already be bypassed because your mobile device is connected internally.

This is why mobile apps from mainstream platforms (namely Google with Android, Apple with iOS and Microsoft with Windows) require application developers to specify which privileges their software will require. When someone shares an application with you or if you’re just contemplating whether to install a new application from your “App Store” it’s recommended to always check the privileges required e.g. Ask yourself why does this XYZ App, require access to perhaps my phone contacts, GPS, camera, WiFi network? The latest operating systems will normally prompt you to allow access to a specific function on your device and will confirm the application request, so ALWAYS acknowledge these with care!

Particularly for the non-technical user, checking applications as described above can be pretty daunting and realistically doesn’t often happen. Therefore, if this sounds like you then it’s recommended to at least install a security product like ESET Mobile Security and Anti-virus which actively attempts to protect your device from viruses and malware.

Whether your system is managed by IT Stratus or not, contact us to find out whether your security package includes cover for mobile devices and if not, we can arrange cover for any devices you require.

Passwords

Do any of these passwords  look familiar “password”, “december18”, “qwerty”, “123456”, “welcome”, “admin”?

Even if they don’t there are still far too many of us using common passwords and/or the same password for multiple accounts that are not only easy to compromise but also allow a hacker to access a lot of information very quickly. Don’t become a victim and start by changing your habits today, it’s not too late.

We realise it’s not easy for most users to create not only complex passwords but also different ones for multiple accounts, however that is a very outdated excuse for adhering to the above advice. Using an online Cloud service like LastPass allows you to generate complex and unique passwords and to easily and automatically log you into your web based accounts using a simple browser plugin, available for all the mainstream Web browsers like Chrome, Firefox, Safari and Internet Explorer.

2FA Two Factor Authentication

Enable 2FA on as many accounts as possible.  2FA, much like most online bank logins, requires you to enter a OTP (One Time Password) in addition to your normal password and is widely adopted by most major online sites and increasingly many others too. Most 2FA systems support multiple systems and one of the most widely adopted Google Authenticator, that can be installed on most mobile devices and is also free. Some services may also allow just a text message to be sent to your device with a OTP but be aware that you’re then at the mercy of your mobile network and the speed of this delivery also.

Review

We hope this article has helped open your eye’s to just some of the important IT security practices and in future articles, we hope to highlight more ways to protect you and your business.

If you require any further information or assistance in any business IT matters, please do not hesitate to get in touch.  If you would like to find out more about this subject, download security awareness posters or access tools to help with security matters, we can provide further information and support.

A few useful sites

We have more information and videos at our support portal, so please ask if you require more informaiton: