The recent news coverage following the hack of Sony by Guardians of Peace is just the latest in a long line of high-profile companies falling foul to the nefarious activities of cybercriminals.
However, anyone familiar with the story will know that this was hardly a piece of sophisticated cyber warfare. Allegedly, the original payload was delivered via a relatively simple phishing email.
The reverberations from this story continue to rattle on. The most recent of which being the lawsuits from former employees against the company. If this settles in favour of the employees, it will have major implications for companies concerning their duty of care to protect their employees.
It’s time to shore up the defences. All indications suggest that the situation in cyber space will not improve until organisations take tangible steps to safeguard their networks.
So what are these “tangible” steps?
One of the key things to realise is that good security is not about one thing or another it’s about a combination of things all working in harmony.
1/ Patch Management
Patches correct security and functionality problems in software. Applying patches to eliminate these vulnerabilities significantly reduces the opportunities for exploitation.
The importance of antivirus software cannot be underestimated. It protects the workstation or server from being compromised. New viruses are coming out all the time and it’s the job of the antivirus software to keep up with the latest threats.
3/ Robust Email Filters
Email attachments are among the most popular channels for spreading malware. The best way to safeguard against them is to have your email solution detect suspicious packages and remove them before they get to your mailboxes.
4/ Web Protection
Most malware uses web-based http or https to contact Command and Control servers located around the world. Web Protection constantly updates a list of known Command and Control websites and prevents access to them.
Many people overlook the role backup has to play in cyber defences. The ability to go swiftly back the time before the infection took place can be a life-saver, particularly for those that have been struck by the likes of CryptoLocker.
6/ Know Your Network
Even in the best-run business, it’s possible that something will slip through your defences; so install a monitoring system and review network logs regularly to detect strange behaviour. Is someone from outside your network making inbound connections at odd times? Are files being transferred outside your network? This type of activity can be an early warning sign of a network compromise.
7/ Educate Employees
Employees are often the weak link in IT security. It’s up to businesses to ensure staff understand the importance of complex passwords, for example, and the implications and dangers of phishing emails.
Ensuring strong IT security is a big responsibility. The above security solutions form a robust defense, and will go a long way to ensuring your business doesn’t become the next case study or story on cybercrime.
ControlNow provides multi-layered IT security from a single online console. That’s key to helping you achieve powerful protection for your business.
Ian Trump is ControlNow Security Lead at LogicNow.