Security Audit

What is it?

A detailed IT security audit that covers all your external threats.

What does this cover?

We will look for the most common website and infrastructure vulnerabilities. This includes exploits like; Injection vulnerabilities, Cross site scripting and unsupported or outdated services.

What is the benefit of this?

Discover and fix the same vulnerabilities a hacker would exploit to steal or manipulate your database, redirect people to malicious 3rd party content or a full defacement of your website.

How often will this take place?

One of the technical team will schedule in a test once a quarter. This will give you ongoing audits to cover any new threats.

What will get I get from this?

A clear report that highlights what impact this could have on your business alongside easy to manage fixes. A hassle-free service that requires no technical expertise.

iStock_000013067728Large

 

t  +44 (0) 333 200 1636

e    info@netshield.net

w    http://www.netshield.net

Advertisements

Best Data Security Practices

PREVENTION IS ALWAYS BETTER THAN A CURE. Not only does this apply to hygiene to prevent illness, but also to data security. Preventing any breach, accidental data loss or cyber attack will always trump over attempting to mop up the pieces afterwards.

Take a look at our quick take on what you can do to bring your security up to scratch..

 

1.Securing Data

Protecting data is more critical than ever. According to the Ponemon Institute’s 2017 Study, data breaches cost UK businesses an average of £2.48 million. This number doesn’t just include fines that could have been imposed, but also includes legal expenses, reputation damage, loss of customers and job losses.

Having a backup policy in place is one of the most important considerations that should be made. Should data be accidentally deleted, or maliciously encrypted, you have the full data backup to prevent loss. An additional security layer would involve having this data replicated to a separate offsite location which can be used in a disaster recovery scenario.

Ensure your infrastructure security is as robust as possible by installing and maintaining firewalls, anti-virus software and breach/event monitoring. Physical controls such as access procedures should also be considered, with ID needed for authentication and fob access.

Make use of network monitoring software, so network administrators are alerted to new network connections, crashed or overloaded servers so the continuity of data can be ensured.

 

2. Securing Mobile Devices 

79% of respondents to a RingCentral survey stated their Smartphone as the phone that they used most to conduct business with. Add this to the rise in remote working (an estimate in 2016 placed the number at 1.5 million home-workers) and it makes it all the more difficult to secure all remote devices as well as the systems and data they access. Of course the advantages outweigh the negatives, and it is possible to manage the risks:

  • Locking up devices when not in use and keeping them in sight when in a public place to deter thieves.
  • Have a robust password policy in place to prevent unwanted access in the event of a theft, including the banning of auto-saving passwords. If possible, fingerprint verification should also be used.
  • Invest in two-step authentication to further strengthen credentials.
  • Advise against the use of public WiFi if at all possible. It’s pretty easy for hackers to compromise these unsecured networks, so ensure mobile devices are configured to connect via VPN. It’s also best practice to only allow employees to use public WiFi when accessing non-critical business work, or ban it altogether.
  • Implement a mobile device management platform, so patch and firmware updates can still be installed and monitoring still occur.
  • Encrypt data on smartphones and laptops, so if they are lost or stolen access to the data on the device will be scrambled.

Implementing and communicating a robust mobile device and remote working policy to all employees gives them guidelines to follow and also covers any HR implications.

 

3. Winning Against Malware 

Malware is the most common form of cyber crime impacting UK businesses, making up 18% of all cyber attacks. Always be sure to protect against any vulnerabilities.

Maintaining a patch management program across all network devices, browsers and software plasters over security vulnerabilities that have been discovered so they cannot be exploited. A good patch management program will also include remote devices and mobile phones.

Don’t fall victim to phishing. Emails may look like they are from banks, a member of management or CEO’s but always check the senders address to be sure. More details of how to protect against phishing can be found here.

USB’s are an easy way to introduce viruses onto IT networks. Restrict USB use, or if these are important for employees to use in their line of work have them checked by your IT team before use to ensure they are not infected.

Of course, using firewalls, anti-virus and anti-malware software will provide a multi-layered approach to help keep you protected from all the nasty fallout a malware attack can bring.

 

4. Password Security & Encryption

Having a good password policy in place is the start of ensuring access is only granted to the correct employees. However, you cannot rely purely on credentials alone.

Two-factor authentication requires users to have an extra token or code to add to the end of their usual credentials. There are many different products available that cover various software and applications such as OWA.

Regularly changing all passwords (every 60 – 90 days for AD accounts, consider every 30 for critical systems or those containing personal data) is so simple to build into a password policy, but can often be overlooked!

Encryption can be used when data is in transit on removable media such as external hard drives, but also for emails. Encryption scrambles the data so only the recipient can see it, so if devices are stolen data cannot be accessed.

 

5. Employee Awareness 

Employees are a businesses best assets, and are also the key that make or break infrastructure security. All employees should be aware of the risks their actions can have and what they can do during working practices to prevent security compromises.

All policies and procedures should be documented and regularly provided to all employees, especially to remote workers who may not be in the office much. It’s also a good idea to have these documents in a central location such as SharePoint so everyone can access the latest copies.

A structured training plan for all new starters and refresher courses for existing employees must occur to ensure all employees understand phishing attacks, scams and best practices when determining if an email is legitimate.

Is it especially important that IT staff are given time and training to keep up to date with the latest security threats and hacker strategies so they can in turn implement controls to deter such risks.

 

Netshield can provide an overview of your security including penetration testing, vulnerability assessments and provide recommendations based on backups, software and best IT practices. Contact us today for more information. 

Anti-Virus – Do we still need it or is it doomed?

With the advancements in technology the threat landscape is evolving too.

Malicious software is becoming harder to detect and remove – it is also starting to affect a wider range of devices because of the ‘Internet of Things’. There has been some cases that advance malicious software can even bypass the anti-virus software by changing its code!

In some ways there is truth behind what Brian Dye, senior vice president of Symantec famously said a few months ago ‘Antivirus is dead’ and it is ‘doomed to failure’ because Anti-Virus relies on a signature database to block out malicious behaviours so, if a particular piece of malicious code has never been seen before – you will probably be a victim to it.

However AV is not completely doomed as Eugene Kaspersky quite rightly said, it is still ‘very much alive and kicking’ because as threats evolved so has the traditional AV. It is about choosing a product that has a database that is continuously updated and have a good feature set.

Many vendors are now reinventing AV and changing it to ‘Endpoint Security’ which offers a wider range of features from your standard things like Anti-Virus, Anti-Spyware and Anti-Malware but, include features like application control, mobile device security, encryption and rule-based system behaviour blocking.

However security has become more complex and just because AV or ‘Endpoint Security’ has more features, we cannot just relying on it to be the sole system defences, it is not viable anymore. It will not provide an adequate level of protection for a modern day complex network.

Networks have developed into complex environments with multiple layers and a range of devices connected so, a layered approach to network security is key because it helps protect the different level within the infrastructure.

AV should just be seen as the first line of defence only, its aim is to protect users from things like spam emails, malicious attachments and websites. Occasionally some will get through but this approach is more secure and safer. Always keep in mind there is no 100% defence against the malicious cyber-attacks because the variables are always changing. Continuously network monitoring is also key to catching any abnormal behaviour.

For more information on network security please feel free to contact us on 0845 603 5552 or info@netshield.eu

Netshield Anti-Virus service – powered by BitDefender

Anti-Virus software is a necessary evil – it can take valuable time and energy to deploy, update and manage and they are not all the same! Netshield Anti-Virus is a comprehensive solution that acts as your first line of defence against malicious software.

Check out the video below for a quick summary…