g
In 2015 the average cost of the most severe online security breaches for SMEs ranged from
£75,000 - £311,000 The average cost for big businesses averaged from
£1,500,000 - £3,100,000
• Require employees to use unique, hard to guess, passwords and make sure that your security policy requires password changes at regular intervals. Ensure that you revoke all passwords and other forms of secure access as soon as an employee leaves the company.
• Ensure physical access to your business is restricted. Compromise of your physical security may allow hackers to access your critical system components such as servers, routers and desktops. It can also lead to the loss of confidential files and security information. Warn employees about baiting and tailgating, always enforce access policies and challenge strangers on your premises, politely of course.
• Finally, a tested and foolproof backup system is now a basic business requirement. Ensure that your backups are stored securely and test them on a regular basis. Malware can encrypt all of your sensitive data until you pay a ransom demand. A regular backup will allow you to wipe and restore rather than pay the ransom, as well as guarding against other data loss issues. Having at least one offsite or cloud backup is also essential.
System monitoring
Unfortunately, these simple steps, whilst important, are not enough on their own to guard completely against the social engineering threat. If rogue employees have been inserted inside your company, or existing employees have become disgruntled, then they will be on the inside of all of your security perimeters, no matter how robust they are.
That is when you need the additional assurance that one of the new cyber security system monitoring solutions can provide. There are now plugin devices available on the market that take only a couple of hours to configure, which can provide the normal anti- virus and malware scanning, but which also monitor your network for signs of suspicious insider activity and failed attempts to hack into the system, via multiple incorrect passwords and the like. These solutions can provide invaluable intelligence that can be acted upon proactively to nip a successful hack or insider threat in the bud.
The monitoring system will look out for failed password attempts, visits to dubious websites and other suspicious activity, such as the downloading of data unrelated to an
© CI TY S ECURI TY MAGAZ INE – SUMMER 2016 www. c i t y s e cur i t yma ga z ine . com
individual’s role which is then not used for any obvious purpose. It can scan the network and identify which user login and which terminal the activity has originated from. If you have your own suspicions over an individual, you can even ask the system to retrospectively go back over data audit trails to find out if past behaviour by an individual can provide you with evidence.
The scale and nature of the cyber threat can now be overwhelming for many companies that cannot afford a full-time IT team of half- a-dozen people or more. But a few simple precautions and the use of a plugin system monitoring device can go a long way towards mitigating the social engineering threat. Don’t let yourselves be caught out, or held to ransom, by cyber criminals.
Sonny Sehgal Head of Cyber Security Transputec
www.transputec.com
> 3
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36
