Maximising Data Availability

DATA AVAILABILITY has become paramount to the success of an organisation. Reliability as well as performance and manageability are critical to ensuring as much data up-time as possible.

The first step in maximising your data availability is to have a good backup in place that takes into account your whole infrastructure, Recovery Point Objective (RPO) and Recovery Time Objective (RTO). Think you’re protected with just one backup however?

Legacy approaches to data backup and recovery are simply outdated and ineffective. Gone are the days where a single on-premise backup would tick any compliance boxes. To ensure the security and availability of data, backing up to an offsite location as well as the first on-premise should be considered. This can be achieved through a replication job. This has two major benefits:

a) Helps work towards a disaster recovery scenario. Should the initial site be affected by a hardware failure, or complete site failure, the backup offsite will not be affected and could be restored to another location ensuring business continuity.

b) Should data be compromised (accidentally or maliciously, the offsite backup copy would ensure some security and not be affected. A restore could occur, giving peace of mind that a second unaffected copy is available to fall back on.

 

Veeam® Backup & Replication™

Veeam® Backup & Replication™ is straight forward, cost effective and increases service recovery SLA’s with Recovery Time Objectives (RTO) in seconds and minutes rather than outdated hours/days. High speed recovery allows instant file recovery and can fully recover a failed virtual machine in under 15 minutes, minimising the amount of working time lost.

Advanced replication can be used, with replication able to be set to occur as little as every 15 minutes. Essential if you cannot afford for your business to lose even an hour of work. Secure end-to-end encryption achieves security and confidentiality. Pretty straight forward!

 

Recover faster than ever, improve data protection and save money with the Veeam Backup and Replication product. To discuss your requirements or find out more information, please contact us today

Advertisements

Best Data Security Practices

PREVENTION IS ALWAYS BETTER THAN A CURE. Not only does this apply to hygiene to prevent illness, but also to data security. Preventing any breach, accidental data loss or cyber attack will always trump over attempting to mop up the pieces afterwards.

Take a look at our quick take on what you can do to bring your security up to scratch..

 

1.Securing Data

Protecting data is more critical than ever. According to the Ponemon Institute’s 2017 Study, data breaches cost UK businesses an average of £2.48 million. This number doesn’t just include fines that could have been imposed, but also includes legal expenses, reputation damage, loss of customers and job losses.

Having a backup policy in place is one of the most important considerations that should be made. Should data be accidentally deleted, or maliciously encrypted, you have the full data backup to prevent loss. An additional security layer would involve having this data replicated to a separate offsite location which can be used in a disaster recovery scenario.

Ensure your infrastructure security is as robust as possible by installing and maintaining firewalls, anti-virus software and breach/event monitoring. Physical controls such as access procedures should also be considered, with ID needed for authentication and fob access.

Make use of network monitoring software, so network administrators are alerted to new network connections, crashed or overloaded servers so the continuity of data can be ensured.

 

2. Securing Mobile Devices 

79% of respondents to a RingCentral survey stated their Smartphone as the phone that they used most to conduct business with. Add this to the rise in remote working (an estimate in 2016 placed the number at 1.5 million home-workers) and it makes it all the more difficult to secure all remote devices as well as the systems and data they access. Of course the advantages outweigh the negatives, and it is possible to manage the risks:

  • Locking up devices when not in use and keeping them in sight when in a public place to deter thieves.
  • Have a robust password policy in place to prevent unwanted access in the event of a theft, including the banning of auto-saving passwords. If possible, fingerprint verification should also be used.
  • Invest in two-step authentication to further strengthen credentials.
  • Advise against the use of public WiFi if at all possible. It’s pretty easy for hackers to compromise these unsecured networks, so ensure mobile devices are configured to connect via VPN. It’s also best practice to only allow employees to use public WiFi when accessing non-critical business work, or ban it altogether.
  • Implement a mobile device management platform, so patch and firmware updates can still be installed and monitoring still occur.
  • Encrypt data on smartphones and laptops, so if they are lost or stolen access to the data on the device will be scrambled.

Implementing and communicating a robust mobile device and remote working policy to all employees gives them guidelines to follow and also covers any HR implications.

 

3. Winning Against Malware 

Malware is the most common form of cyber crime impacting UK businesses, making up 18% of all cyber attacks. Always be sure to protect against any vulnerabilities.

Maintaining a patch management program across all network devices, browsers and software plasters over security vulnerabilities that have been discovered so they cannot be exploited. A good patch management program will also include remote devices and mobile phones.

Don’t fall victim to phishing. Emails may look like they are from banks, a member of management or CEO’s but always check the senders address to be sure. More details of how to protect against phishing can be found here.

USB’s are an easy way to introduce viruses onto IT networks. Restrict USB use, or if these are important for employees to use in their line of work have them checked by your IT team before use to ensure they are not infected.

Of course, using firewalls, anti-virus and anti-malware software will provide a multi-layered approach to help keep you protected from all the nasty fallout a malware attack can bring.

 

4. Password Security & Encryption

Having a good password policy in place is the start of ensuring access is only granted to the correct employees. However, you cannot rely purely on credentials alone.

Two-factor authentication requires users to have an extra token or code to add to the end of their usual credentials. There are many different products available that cover various software and applications such as OWA.

Regularly changing all passwords (every 60 – 90 days for AD accounts, consider every 30 for critical systems or those containing personal data) is so simple to build into a password policy, but can often be overlooked!

Encryption can be used when data is in transit on removable media such as external hard drives, but also for emails. Encryption scrambles the data so only the recipient can see it, so if devices are stolen data cannot be accessed.

 

5. Employee Awareness 

Employees are a businesses best assets, and are also the key that make or break infrastructure security. All employees should be aware of the risks their actions can have and what they can do during working practices to prevent security compromises.

All policies and procedures should be documented and regularly provided to all employees, especially to remote workers who may not be in the office much. It’s also a good idea to have these documents in a central location such as SharePoint so everyone can access the latest copies.

A structured training plan for all new starters and refresher courses for existing employees must occur to ensure all employees understand phishing attacks, scams and best practices when determining if an email is legitimate.

Is it especially important that IT staff are given time and training to keep up to date with the latest security threats and hacker strategies so they can in turn implement controls to deter such risks.

 

Netshield can provide an overview of your security including penetration testing, vulnerability assessments and provide recommendations based on backups, software and best IT practices. Contact us today for more information. 

The Aftermath of the eBay Cyber-Attack and the Lessons to be Learnt…

In May it was announced on news sites such as the BBC and SkyNews that the popular e-commerce site eBay was breach late February and early March. The breached database contained phone numbers, addresses, date of birth, other personal data and encrypted passwords. The company never disclosed how many of the 148 million active accounts were affected but, has asked all active users to change their passwords. The hackers infiltrated the network by obtaining, a small number of employees’ login credentials. Luckily the hacker did not access eBay subsidiary, Paypal’s financial database because it was stored on a separate network.

The Aftermath

Since the news many customers have complained and criticised the way the situation was handled, Attorney Generals in at least 3 states in the US has begun investigating the cyber-attack incident. Users was also outraged that eBay waited 2 weeks before publishing the breach after they found out, their explanation was:-

“For a very long period of time we did not believe that there was any eBay customer data compromised,” commented the Global Marketplaces Chief Devin Wenig shortly after the news was announced.

After promising they will make password resets mandatory on the website, it was days before this was carried out and for users that wanted to change their passwords after the initial announcement, they were unable to because the site struggled with the abnormal number of reset requests. Both of these factors added to the negative feelings amongst eBay users.

In a bid to assure customers they released a statement saying they have seen no indication of increased fraudulent account activities on the site but, it would seem eBay has missed the point as the main concern is… what the cybercriminals can potentially do with the non-encrypted information they stole like the numbers, addresses, date of birth, etc. – so the question is, why wasn’t this personal data encrypted like the passwords?

Considering eBay is responsible for a vast amount of personal data, you would assume they have a better incident response and management, breach detection, network admin login protection, and communication practices.

The most important lessons to take from this data incident is that good IT security practices for networks is essential for all businesses, regular network security assessments are required, educate staff on security and have good crisis management.

Breaches can happen to any company and poor incident response and management can just be like rubbing more salt to the wound, with the potential to create more long-term brand reputation damage.

For more information on IT network security practices and services please feel free to contact us on 0845 603 5552

Considerations when Implementing Security on your IT Network: Business of Cybercrime Series – Part 3

The lack of adequate protection and defences on an IT network would make a business vulnerable to hacking and the implications can be damaging, often the damage is dependent on what mood the hacker is in and what devastation they would like to cause.

Effects from a hacking can disrupt business operations, causing downtime, corrupt data, affect brand perception and reputation. Being a victim of cybercrime can also mean the business breaches the data protection act or experience compliance breaches.

With technology moving so quickly within the IT market, there are a number of methods and products to choose from – the key is to choose what is right for your network.

You need to consider:-

  • What type of IT infrastructure does the business have? Virtual or Physical?
  • What are your data requirements?
  • What would you consider to be your critical data or programs?
  • What security is currently implemented on your network?

Rule of thumb is a full assessment of the current security situation and the condition of the infrastructure is necessary, in order to help determine what is the right solution for your business.  After the assessment, you can then decide on which method or security brand would be most suitable.

3 methods of protection:-

Anti-Virus

Is software to help defend you against viruses and other malware threats including Trojans, worms and sometimes spyware; however, the level of protection provided by the anti-virus is dependent on the one you choose.  Well-known brands include Sophos, Symantec and Kaspersky.

Firewall

A firewall helps to prevent unauthorized access to a computer or a network, there are two types ‘network firewall’ and ‘client firewall’.

A network firewall is installed on the boundary between two networks, normally located between the internet and a company network – it can be either a device or software running on a computer that acts as a gateway to the company network.  Whereas, a client firewall is when software is installed and runs on an end users computer, protecting only that particular computer.  Well-known network firewall brands include SonicWall and Watchguard.

Encryption

This secures your data by encrypting your desktops, laptops, emails, USB’s files and other devices; it prevents unauthorized access where the information can only be accessed by entering an encryption key or password.

For an IT network it is advisable to have at least Firewalls and Anti-Virus software installed. For businesses that uses mobile devices and have a mobile workforce who carry business data around, encryption is recommended. For example, 2-factor authentication can be implemented on business mobile phones, to ensure if the phone was lost or stolen it will help prevent others using it because it is a secure method that seeks to decrease the probability that the user is presenting false evidence of its identity. Well-known 2-factor authentication brands include Cryptocard and Vasco.

Other ways of encryption includes installing a type of software on a device where data is automatically encrypted, email encryption and manual encryption where the user chooses what data requires encoding.

So, regardless of the size of the organisation security is necessary for protection as data is a key asset and is also valuable in the wrong hands.

When it comes to cybercrime business should not think it ‘will never happen to me’, ‘My data isn’t worth the hassle’ but, the truth is, cybercrime criminals do not discriminate, if you have business data you can potentially be a target.

For more information on how to protect your business data please feel free to contact us.