Security Audit

What is it?

A detailed IT security audit that covers all your external threats.

What does this cover?

We will look for the most common website and infrastructure vulnerabilities. This includes exploits like; Injection vulnerabilities, Cross site scripting and unsupported or outdated services.

What is the benefit of this?

Discover and fix the same vulnerabilities a hacker would exploit to steal or manipulate your database, redirect people to malicious 3rd party content or a full defacement of your website.

How often will this take place?

One of the technical team will schedule in a test once a quarter. This will give you ongoing audits to cover any new threats.

What will get I get from this?

A clear report that highlights what impact this could have on your business alongside easy to manage fixes. A hassle-free service that requires no technical expertise.

iStock_000013067728Large

 

t  +44 (0) 333 200 1636

e    info@netshield.net

w    http://www.netshield.net

Advertisements

Maximising Data Availability

DATA AVAILABILITY has become paramount to the success of an organisation. Reliability as well as performance and manageability are critical to ensuring as much data up-time as possible.

The first step in maximising your data availability is to have a good backup in place that takes into account your whole infrastructure, Recovery Point Objective (RPO) and Recovery Time Objective (RTO). Think you’re protected with just one backup however?

Legacy approaches to data backup and recovery are simply outdated and ineffective. Gone are the days where a single on-premise backup would tick any compliance boxes. To ensure the security and availability of data, backing up to an offsite location as well as the first on-premise should be considered. This can be achieved through a replication job. This has two major benefits:

a) Helps work towards a disaster recovery scenario. Should the initial site be affected by a hardware failure, or complete site failure, the backup offsite will not be affected and could be restored to another location ensuring business continuity.

b) Should data be compromised (accidentally or maliciously, the offsite backup copy would ensure some security and not be affected. A restore could occur, giving peace of mind that a second unaffected copy is available to fall back on.

 

Veeam® Backup & Replication™

Veeam® Backup & Replication™ is straight forward, cost effective and increases service recovery SLA’s with Recovery Time Objectives (RTO) in seconds and minutes rather than outdated hours/days. High speed recovery allows instant file recovery and can fully recover a failed virtual machine in under 15 minutes, minimising the amount of working time lost.

Advanced replication can be used, with replication able to be set to occur as little as every 15 minutes. Essential if you cannot afford for your business to lose even an hour of work. Secure end-to-end encryption achieves security and confidentiality. Pretty straight forward!

 

Recover faster than ever, improve data protection and save money with the Veeam Backup and Replication product. To discuss your requirements or find out more information, please contact us today

Best Data Security Practices

PREVENTION IS ALWAYS BETTER THAN A CURE. Not only does this apply to hygiene to prevent illness, but also to data security. Preventing any breach, accidental data loss or cyber attack will always trump over attempting to mop up the pieces afterwards.

Take a look at our quick take on what you can do to bring your security up to scratch..

 

1.Securing Data

Protecting data is more critical than ever. According to the Ponemon Institute’s 2017 Study, data breaches cost UK businesses an average of £2.48 million. This number doesn’t just include fines that could have been imposed, but also includes legal expenses, reputation damage, loss of customers and job losses.

Having a backup policy in place is one of the most important considerations that should be made. Should data be accidentally deleted, or maliciously encrypted, you have the full data backup to prevent loss. An additional security layer would involve having this data replicated to a separate offsite location which can be used in a disaster recovery scenario.

Ensure your infrastructure security is as robust as possible by installing and maintaining firewalls, anti-virus software and breach/event monitoring. Physical controls such as access procedures should also be considered, with ID needed for authentication and fob access.

Make use of network monitoring software, so network administrators are alerted to new network connections, crashed or overloaded servers so the continuity of data can be ensured.

 

2. Securing Mobile Devices 

79% of respondents to a RingCentral survey stated their Smartphone as the phone that they used most to conduct business with. Add this to the rise in remote working (an estimate in 2016 placed the number at 1.5 million home-workers) and it makes it all the more difficult to secure all remote devices as well as the systems and data they access. Of course the advantages outweigh the negatives, and it is possible to manage the risks:

  • Locking up devices when not in use and keeping them in sight when in a public place to deter thieves.
  • Have a robust password policy in place to prevent unwanted access in the event of a theft, including the banning of auto-saving passwords. If possible, fingerprint verification should also be used.
  • Invest in two-step authentication to further strengthen credentials.
  • Advise against the use of public WiFi if at all possible. It’s pretty easy for hackers to compromise these unsecured networks, so ensure mobile devices are configured to connect via VPN. It’s also best practice to only allow employees to use public WiFi when accessing non-critical business work, or ban it altogether.
  • Implement a mobile device management platform, so patch and firmware updates can still be installed and monitoring still occur.
  • Encrypt data on smartphones and laptops, so if they are lost or stolen access to the data on the device will be scrambled.

Implementing and communicating a robust mobile device and remote working policy to all employees gives them guidelines to follow and also covers any HR implications.

 

3. Winning Against Malware 

Malware is the most common form of cyber crime impacting UK businesses, making up 18% of all cyber attacks. Always be sure to protect against any vulnerabilities.

Maintaining a patch management program across all network devices, browsers and software plasters over security vulnerabilities that have been discovered so they cannot be exploited. A good patch management program will also include remote devices and mobile phones.

Don’t fall victim to phishing. Emails may look like they are from banks, a member of management or CEO’s but always check the senders address to be sure. More details of how to protect against phishing can be found here.

USB’s are an easy way to introduce viruses onto IT networks. Restrict USB use, or if these are important for employees to use in their line of work have them checked by your IT team before use to ensure they are not infected.

Of course, using firewalls, anti-virus and anti-malware software will provide a multi-layered approach to help keep you protected from all the nasty fallout a malware attack can bring.

 

4. Password Security & Encryption

Having a good password policy in place is the start of ensuring access is only granted to the correct employees. However, you cannot rely purely on credentials alone.

Two-factor authentication requires users to have an extra token or code to add to the end of their usual credentials. There are many different products available that cover various software and applications such as OWA.

Regularly changing all passwords (every 60 – 90 days for AD accounts, consider every 30 for critical systems or those containing personal data) is so simple to build into a password policy, but can often be overlooked!

Encryption can be used when data is in transit on removable media such as external hard drives, but also for emails. Encryption scrambles the data so only the recipient can see it, so if devices are stolen data cannot be accessed.

 

5. Employee Awareness 

Employees are a businesses best assets, and are also the key that make or break infrastructure security. All employees should be aware of the risks their actions can have and what they can do during working practices to prevent security compromises.

All policies and procedures should be documented and regularly provided to all employees, especially to remote workers who may not be in the office much. It’s also a good idea to have these documents in a central location such as SharePoint so everyone can access the latest copies.

A structured training plan for all new starters and refresher courses for existing employees must occur to ensure all employees understand phishing attacks, scams and best practices when determining if an email is legitimate.

Is it especially important that IT staff are given time and training to keep up to date with the latest security threats and hacker strategies so they can in turn implement controls to deter such risks.

 

Netshield can provide an overview of your security including penetration testing, vulnerability assessments and provide recommendations based on backups, software and best IT practices. Contact us today for more information. 

Vulnerability Assessments vs Penetration Testing

Vulnerability scanning and penetration testing are important tools to secure and protect your IT infrastructure. Often, they get confused with each other but both play very different roles in overall network security.

So, what’s the difference and which should your business be using?

 

Vulnerability Assessments

Vulnerability assessments are automated reports that search for known vulnerabilities within software, such as missing patches and outdated configuration, protocols, certificates and services. The output of this report would show any known vulnerability that exist within the network. Reports can be lengthy as the assessments take quite a comprehensive look at the network and applications.

The assessments can be ran on any number of devices throughout a network and is wide in scope. The results can then be used to remove potential risks before they could be exploited.

It is recommended to perform scans quarterly and every new device once configured, or if a major configuration change has taken place.

 

Penetration Tests

In comparison, penetration testing actively exploits weaknesses within the environment. An experienced person would carry out the testing, acting as an attacker by exploiting weaknesses within the network or applications otherwise known as ‘ethical hacking’. As a tester is needed, this testing cannot be automated.

The main aim of penetration testing is to identify insecure and weak security settings and configuration that a business outsider would be able to use to access the data held behind the defences such as un-encrypted passwords. The tester would probe an open port and see how far it can be exploited. Large networks can take anywhere from days to weeks to complete a full test. It is therefore best practice to have the testing performed by a fully qualified 3rd party; this also ensures a fully unbiased, objective report being developed.

Penetration testing doesn’t need to be performed as regularly as vulnerability assessments, instead only once a year or if internet facing equipment has a large change made.

 

What Should My Business Use?

In summary, a vulnerability assessment is used to detect when an unlocked door could let a burglar enter your business. A penetration test would role play as the burglar and see how far he’s able to get before a locked door stops him in his tracks.

Both tools should be used in conjunction and work together to provide the best outcome. Vulnerability assessments are designed to act as a detective tool; penetration testing is built to be a preventative measure.

Penetration testing is a lot more costly compared to vulnerability by itself, but this is due to the in-depth nature of the scanning as the tester may discover a new vulnerability or a security flaw that is not very well known.

 

IT’s important to know the difference between each test as each are important in their own way. To find out if Netshield can be of assistance, please contact us here

The Rise of Email Compromise

THE TERM PHISHING is certainly becoming more prevalent in today’s cyber-security obsessed world. Cyber criminals pose as a CEO, finance director or other senior members of staff in a company and send fraudulent emails containing details of payments ‘that must be made immediately’ with bank details attached. The catch is usually the address that the email has been sent from; it will resemble very closely the email of the senior management figure, with this spoofing often duping unsuspecting employees into making the payments or disclosing financial/personal information as requested.

According to the Verizon Data Breach Investigations Report, phishing tactics were used in more than 90% of all security incidents and breaches in 2017. So why has there been such a rise in business email being targeted?

 

How does it work?

Phishing emails are very simple; target multiple users or one individual, in a company, convince them that the sender is a high ranking senior management member, extract sensitive information. The email will usually be labelled with high importance, eliciting a sense of urgency in the user (who wants to upset their CEO by delaying a task in an urgent email?) who then provides login credentials, credit card details or actually make the requested payment.

Some will contain a malicious attachment, so if users don’t fall for the money transfer requests they may still infect their PC and later the network with malware.

Links to sign-in forms (such as the Gmail scam that occurred at the start of 2017, affecting over 1 billion users) can also be included. The URL’s resemble the official one, so a glance at the address bar won’t raise any alarm bells unless you look closely, so even the most tech-savvy users can fall victim. Once credentials have been entered the attackers have full access to that account. This could obviously be disastrous if business banking credentials have been entered.

 

Believing your business is safe from an attack as ‘it hasn’t happened to us yet’ is not the way to be thinking anymore. So what can be done? 

  1. Improving User Awareness 

Training employees on how to spot phishing attempts, what to do if they are in receipt of one and how to defend against attacks.

According to the Verizon Data Breach Investigations Report:

30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or link.

It’s also important to encourage employees to report possible incidents or breaches as soon as they are discovered.  Clear and readable security policies should be implemented and distributed to all users regularly so employees are aware of their roles and responsibilities during such an incident.

Ongoing security awareness training should be considered for all IT team members on a regular basis to keep their knowledge of evolving scams up to date.

2. Management Involvement 

Assigning key responsibilities for cyber security at management level ensures all employees are aware that is is being taken seriously, and provides a great example for them to follow. Of course everyone within a company has a part to play in keeping the infrastructure secure, but it does need to start at senior management level to show the importance.

A tech-savvy staff member should be allowed time to keep informed about the latest phishing techniques, preferably a senior member of the IT team. By being aware of latest scams as early as possible, the management board can be informed and discuss the best way to prevent the business being affected.

3. Build your Battle Plan

Ensuring your IT infrastructure is as robust as possible must be a priority at all times. Although very important, gone are the days we could just rely on heavy duty firewalls to prevent malicious traffic reaching its target.

  • Two factor authentication can be used over a variety of applications and software, either built in or as an ‘add on’. With most people only having one layer of security (their password) to protect accounts, two-factor authentication adds a security code that must be entered on top of this. This can be directed towards your mobile or a security key. With 2FA enabled, should the bad guys gain control of passwords they still won’t be able to access what is behind without the users phone or security key.
  • Updates are released in response to loopholes that phishers can take advantage of. Ensuring all IT systems are up to date is often forgotten about. We’ve previously posted about how patching can help prevent major security vulnerabilities (read more here), this also reaches out to anti-virus and anti-malware. Should the worst happen, this is your first line of defense. Browsers should also be updated as soon as one is available. A good patch management schedule will ensure this is carried out regularly.
  • A quick check to verify site security of a site is not time consuming but does help give you peace of mind. Make sure the URL begins with ‘https’, and that a small, closed padlock icon is visible near the address bar.
  • Anti-virus should be installed across all devices, including remotely used ones. New security definitions are added all the time, which makes ensuring the software is up to date even more important. AV helps prevent damage to systems by scanning every file coming through the internet to your PC.
  • Scrutinize an email address or URL if you’re a little bit unsure. Sender of an email joe.bloggs@exampl3.com rather than the usual @example.com? Don’t trust it. It doesn’t hurt to reach out and double check with who you believe the email is from separately to check.

 

Unfortunately there is no fool-proof way to prevent attacks occurring; promoting a company culture of staying vigilant and being on guard is one of the best defenses you can have.

 

For information about how Netshield can assist with your anti-phishing policies and defenses, please feel free to contact us here.