If your business operates from the cloud, you will likely not have a server on premises. This means your laptop, PC's, tablets and/or personal devices become the front-line interface to the internet and core business applications.
To ensure optimal productivity and security, it is recommended businesses adapt a 'fleet management' regime, including:
Such a 'fleet management' regime should be adapted because PC's and other devices become more vulnerable and less efficient with age (3 years maximum is recommended) meaning your business becomes more susceptible to downtime or lower productivity due to:
Because your devices are now the only defence between your data and hackers obtaining unauthorised access, it is even more important to keep your hardware updated and protected.
A significant point to note is that all recent PC's and laptops have a Solid State Drive (SSD); there are great advantages including faster and more efficient processing and less chance of corruption. However, there is little warning that a SSD will fail or arrive at it's end of life and it is common that data will be corrupted or lost completely if a SSD reaches capacity or fails.
While on the subject of hardware, there are growing preferences for tablets, such as the Microsoft Surface Pro. Modern tablets offer the same specifications and capabilities as a larger workstation yet is compact and able to be taken anywhere the user goes. It is also just as easy to connect it in to a docking station and interact as you would normally at a desk computer.
Contact us to discuss your requirements for protecting your business from downtime or if you would like to learn more about our Surface Pro bundles.
A Vulnerability Scan is a relatively simple way to test your IT systems risk to scams, theft or sabotage. It's an application that, when applied correctly and with the right advice, is an extremely efficient and effective strategy for SMB's.
With the cloud becoming the norm, your user-interface and other systems and devices become your frontline cyber-security guards by default. Therefore, it is now more imperative than ever to ensure you are 'sure and secure'.
A Vulnerability Scanner is an application that can:
Apart from having an effective inventory of items in your IT systems, the outcome from the scan is a calculated risk list of vulnerabilities for each and every part of your system.
With the right advice and consultation from a knowledgeable source like Loyal IT, you can then prioritise which vulnerabilities need to be explored and how they should be mitigated.
As a point of interest for small to medium sized businesses that no longer have a server (and utilise 'the cloud'), one of the most effective risk mitigation strategies is to have an effective hardware management regime, a little bit like a vehicle fleet management regime; but more about this in our next blog.
|Posted in: Services Security IT IT Consulting Networking Security Computer Software|
Multi-Factor Authentication (MFA) is typically described as a bulletproof solution to remote access security.
It is an effective way to add an additional security 'gate' to deter unwanted access to remote databases or sensitive information. Many of you may already have seen some version of MFA when you log into your bank account or when you re-log into your email account (such as Office 365) - once you have logged in with your username and password, you are then sent a text and asked to enter the code.
The Essential Eight guide defines that MFA is for VPNs, RDP, SSH and other technologies, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository. Why?: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
The Small business cyber security guide defines it as a security measure that requires two or more proofs of identity to grant you access; Multi-factor authentication (MFA) typically requires a combination of something the user knows (i.e. something you know), something the user physically possesses (i.e. something you have) and/or something the user inherently possesses (i.e. something you are).
Examples of the three categories of identification could be:
Something you know:
Something you have:
Something you are:
Most remote access security comes down to something you know; and that something is almost always a password. In creating a password, both length and complexity used together is the best defence. Length is perhaps more important (mathematically) from a time point of view. It will take less time to crack a 6 character letter, number and special character password than it will for a 16 character letter and number only password. It's also best not to do "keyboard walks" in password creation because every cracker will have them in their password lists. (Keyboard walking is simply typing in straight lines up and down the keyboard).
Because the first factor in remote access security authentication is vulnerable (i.e. usually a password), then it's essential to have a second or even third authentication factor.
However, implementing multi-factor authentication can be a hindrance to users as it can slow down the access to the system. There is always a balance between security and usability. There is a curve that we look to when making decisions and recommendations about the balance. Our advice is that MFA should be implemented and we also know how to determine the right combination of MFA versus user's tolerances.
Loyal I.T. Solutions can help your business set up multi-factor authentication for services that support this technology.
Governments and authorities in Australia are escalating their focus on cyber-security, including introducing more guidance, advice and mandatory reportable incidents.
If your organisation is covered by the Privacy Act 1988, then the NDB (Notifiable Data Breach) scheme applies. In simple terms, any suspected or known cyber attack must be notified to affected individuals and the OAIC (Office of the Australian Information Commission).
The real aim though is to mitigate the risk of cyber attack and remember, apart from the likes of phishing and ransomeware; the other common attack is the simple theft of a customer database, which among other things contains names and passwords - this might seem harmless enough, but in the hands of the seasoned cyber criminals, that info gives them a shot at hacking your and your customer's accounts.
In our recent blog, we talked about the Essential Eight cyber security mitigation strategy; this is a strategy that ALL businesses should have in place.
One of the most understated essentials for cyber security is having up-to-date hardware (laptops, desktops, servers etc). I.T. hardware becomes more vulnerable the older it gets and cyber crime is essentially random - the perpetrators are looking for the easiest targets. They use software over the web that, among other things, identifies the type and age of hardware and if it's over a couple of years old, they know all the vulnerabilities. A bit like a car thief and an older model car.
Click here to view Loyal I.T.'s fact sheet flyer about the importance of having up-to-date hardware.
If you have any questions or concerns about the age or vulnerability of your I.T. hardware, please contact Kaylene or myself by email or call us on (02) 4337 0700.
To wrap it up, here's some facts and figures to re-emphasise the ever present threat; a small to medium sized business is just as attractive to cyber criminals as a large 'big prize' corporation. Just like a corner store or service station is just as vulnerable or attractive to criminals as is a big bank.
Some revelations from the survey How Australian Small Businesses Understand Cyber Security:
The latest NDB report indicates that 64% of reported breaches were Malicious or Criminal Attacks. Malicious or criminal attacks is broken down to:
The same report highlighted the top 5 industries being attacked the most-
Loyal I.T. has extensive experience in supplying, setting up, installing and maintaining business I.T. hardware (as well as software, systems and managed services).
|Posted in: Computer hardware Services Security IT IT Consulting Networking Security Computer Software|
Before we talk specifically about the The Australian Cyber Security Centre's (ACSC) recommended Essential Eight-cyber security mitigation strategy; let's put the situation in perspective.
Reports are continuing to reveal facts and stats on cyber security that are increasingly alarming for small and medium sized businesses (SMB's). There are more incidents and more dollars being lost than ever before. Let me take you through a few points.
Recently, The Australian Cyber Security Centre (ACSC) published the Small Business Survey Report: How Australian Small Businesses Understand Cyber Security. They received over 1700 responses. Some of the revelations from the survey are:
The latest Notifiable Data Breaches report indicates a rise in breaches (as reported under the guidelines for mandatory reporting). In the period July to December 2019, the main categories of reported breaches were:
The same report highlighted the top 5 industries being attacked the most:
It's no secret that I have a passion for auditing, analysing and developing & implementing strategies for cybersecurity mitigation. If I was to hone in on one 'go to' mitigation strategy, it would be the Essential Eight. It is a relatively easy to understand, 8 point strategy that in its whole, cover's all angles for cyber security.
The 8 essential points are under 3 distinct defensive lines:
Mitigation Strategies to Prevent Malware Delivery and Execution
Mitigation Strategies to Limit the Extent of Cyber Security Incidents
Mitigation Strategies to Recover Data and System Availability
The first and most blatant revelation here is that standard anitvirus software hardly gets a mention. An effective strategy is more behavioural and tangiable than it is digital and automated. And just like a business's physical premises needs a lot more than just locks on a door, a business's I.T. and data require many angles for effective cyber security.
If you have any concerns or ideas for your cyber security risk mitigation or even if you are not sure what you don't know, please give us a call for a no obligation discussion (on 02 4337 0700) or email me.
.....and here are some parting insights from the above mentioned ACSC survey.....
The most common barriers identified for small business owners to implement good cyber security practices are:
|Posted in: Services Security IT IT Consulting Networking Security Computer Software|
for enquiries or log a job.