This page contains a Flash digital edition of a book.
technology 19


Lock the digital doors to keep cyber attackers out


Every business is at risk of a cyber attack – and it might be your people rather than your systems that leave you most vulnerable. In this article, Taylor Made Computer Solutions’ managing director, Tim Walker, talks about what companies can do to protect their assets and ensure they do not get caught out


The message from the CEO to the finance team was unusual but it seemed clear enough – an urgent instruction to pay a large sum to a supplier.


The FD made several attempts to double check but the boss was in meetings all day, and as the request seemed pressing, the money was transferred.


Only later did it become clear that the CEO knew nothing of the transaction – the email that had appeared genuine had, in fact, been sent by a hacker who had manipulated internal emails.


This was a real scenario I heard about recently, and one which could apply to any business. At Taylor Made Computer Solutions, we are finding companies increasingly coming to us after becoming aware that an attempt at a cyber attack has been made on them and either their existing IT support company or their internal IT team have not managed to stop the attack from entering their business.


Of course, there are technical measures that can and must be taken to make sure systems are secure and protected from attacks, malware and viruses. But many organisations overlook the fact that their vulnerabilities may not be limited to those found in hardware or software.


We offer a service in which security experts deliberately try to “break into“ a client’s system using the various methods that hackers are known to use.


Although we do regularly discover technical vulnerabilities, we often find that the biggest weaknesses are found in their own members of staff and their lack of knowledge of what to do, or a lack of effective processes which would help prevent an attack.


This won’t usually be a disgruntled employee who wants to cause deliberate harm to the business (although it sometimes is). More often than not it will be that employees are unaware of


THE BUSINESS MAGAZINE – THAMES VALLEY – DECEMBER 15/JANUARY 16


the often sophisticated and convincing techniques that fraudsters may use to glean vital information that puts an organisation at risk.


There is a huge social engineering aspect to data fraud, and experienced hackers will try a number of methods to piece together information that can be used to help guess passwords or to find their way into systems in other ways.


Employees must be trained to employ a healthy dose of cynicism every time they are being asked for information over the phone, online or by email.


While many may be aware of the more blatant “phishing“ attacks, in a busy working environment it can be easy to let more subtle approaches slip through the net. Employees must learn to constantly question what they are being told, and to never give out more information than they need to, even in general conversation with an apparently harmless caller.


It is vital that organisations have an IT security policy, and among the first things that we will do with a new client is establish whether this exists.


This should include guidelines on everything from whether employees are allowed to use devices such as USB flash drives in the network to the use of personal email accounts and particularly social media, where information posted online can lead hackers to a wealth of information that can be used to their advantage.


Names, birthdays, children’s names, favourite places, favourite football teams and much, much more can all be found on social media profiles, and all are valuable in helping potential attackers to guess passwords or start conversations that can lead to exploitable vulnerabilities being exposed.


It is also important that clear policies are in place for when employees leave – is


www.businessmag.co.uk


there an established exit routine? Are passwords routinely changed and remote access rights revoked?


We should treat cyber security like any other form of workplace security. When we leave our premises at night, we make sure we lock the doors and rarely lose sleep worrying about a break-in because we’ve done all we can to keep our physical assets secure. Ensuring that rigorous testing, using a qualified third-party who will ensure your IT, physical and personnel borders are well audited and help to plug any holes, will help keep a business safe. You don’t know what you don’t know.


By testing systems and processes, addressing vulnerabilities and having clearly-communicated policies, we can ensure that we are confident enough to feel the same about our digital assets too.


Details:


01329-239900 www.tmcs.co.uk


Follow TaylorMade on twitter: @TaylorMadeCS


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56