When we talk about computer security we are talking about data security be it online or local. Since the implementation of GDPR and the potentially very heavy fines involved being secure in 2019 is more important than ever. Here are our top tips on what you can do to keep your data safe and out of the hands of would b e crooks.
We at The Red Penguin Group have spent many years in the trade so we are perfectly placed to offer advice and solutions to your security needs, To get a free on-site audit get in touch
Secure your network!
By network we mean your local network and by local network we mean everything in your office that connects to the outside world be it a computer , laptop, phone, iPad or printer. All of these devices talk to the outside world (internet) and as such can be used as a door to your network.
The first and arguably the most important part of securing your local network and being data safe in 2019 is using a decent firewall. Almost all internet routers come with built in firewalls these days but more often than not the default status of these firewalls is ‘allow everything’. Goes without saying that this is not a good practice! Its also worth mentioning that almost all consumer routers/firewalls and those that you get free with your supplier are not fit for business use in almost all circumstances.
As a first step getting a decent enterprise grade router that is designed with SME’s in mind. These enterprise routers will have all the advanced security features required as well as rock solid reliability and robust warranties.
If have a enterprise grade router make sure that your router firewall is firstly turned on and secondly make sure its ports are locked down to only allow certain acceptable traffic. For example do you use a VPN for remoting in from home? If not then make sure port 1723 is locked down – Its only used for VPN so can be closed off it you don’t use VPN. Similarly if you use cloud hosted email (like our excellent Office 365 packages) then you do not need port 25 open.
This is only the tip of the iceberg when it comes to firewall management and port management is a very basic approach that all SME’s should be taking. Additional steps such as turning off WPS / removing default passwords / enabling strong WiFi encryption etc are all best practice and should be employed. Get in touch to get more info about being data safe in 2019 and to arrange a free on-site audit.
Use 3rd party Anti Virus & update everything!
By using old un-supported operating systems and internet browsers you are opening yourself up to a massive risk on ransomware, virus infection and data mining. Keeping your equipment current and on-point means you get the latest security updates & can remain data safe in 2019 and crucially you keep in line with GDPR guidelines. Check out our reasons to invest blog to find out more about why you should invest.
Updates do not just apply to your computer operating system though. Keeping your web browser, mobile device, printer firmware, router firmware, switch firmware, virus definitions etc up to date are all critical steps that you should be looking at. We suggest documenting the process to keep track of what was updated and when.
You should also ensure you are using enterprise grade managed Anti Virus to ensure online threat protection. Built in security has come along way within operating systems like Windows 10 but they are still a far cry from enterprise grade managed systems. A enterprise grade system will allow granular control of policies and devices as well as advanced threat protection. Our system also offers advanced cloud based spam filtering to further secure your systems from threats and remain data safe in 2019.
Educate your staff / yourself
With 59% of businesses allowing BYOD (Bring Your Own Device) its more important than ever that your staff are aware of how to keep things secure. An -uneducated staff member bringing a device into your network can be very risky. Ensure your staff understand your companies security policies and make sure they read this blog!
Simple steps that your staff need to know can make a big difference. Ensure your staff understand the importance of strong passwords (8 characters min inc letters/numbers/symbols), ensure they understand the importance of using valid and up to date software that is correctly licensed.
Ensure your staff are aware of the importance of intellectual property and data rights – If they are taking company data offsite is this data secured and encrypted on their device? Bear in mind if you suffered a data breach and it came from a staff members old un-licensed Windows 7 computer then you would be in the firing line.
Its common practice to ensure that you have your BYOD employees sign a document in which they declare that they have read your security policies documentation and have confirmed that they would be held responsible for using devices that are not in line with this documentation.
Also remember the principle of least privilege (POLP), In short this is giving access to only those that need it for as little time as possible with the lowest required permissions (read/Write/Full Access). For example having your main network drive on your server shared with EVERYONE is probably not ideal especially if it contains sensitive folders like HR or Staff Medical Notes etc.
Encryption & 2FA
Being data safe in 2019 is not just about securing your network its also about securing your data in an ever evolving outside world. The best way to do this is encrypt your data. What do we mean by encryption, In short making changes so that data can only be read by the entering of a encryption key. This can be done via password or smart card or app but the key is to keep it locked down.
A simple example would be to enable the BitLocker system that comes included with Pro and Enterprise versions of Windows 10. By enabling this you are ensuring that a password is required to access the data on the hard drive. Even if someone took the hard drive out of the computer and plugged into another computer they would still need a password.
Remember a Windows Password is NOT good enough – By removing the hard drive and using on another computer its VERY EASY to access data.
For a simple guide on encryption examples check this page out
Also consider enabling two factor authentication (2FA for short). This in essence is the implementation of a system that requires an additional step to access data, Think of those old war movies where 2 keys were required to arm the missile – That sort of thing.
As an example Google’s drive cloud storage has the ability to enable 2FA. When enabled anyone accessing drive.google.com and signing in would require the acceptance from a second device before access is granted. In practice this usually means when accessing drive.google.com on a computer the user has to press ‘YES’ to a prompt on their smartphone to allow access. 2FA can be annoying at times but often you can mark devices as ‘trusted’ which enables these devices to sign in as normal.
2FA counteracts many security breaches, if someone worked out your password they would still need you to give the ‘green light’ before access is granted. Most popular applications offer 2FA (Office 365 / Google Drive / Dropbox etc). 2FA is another great tool in the fight to stay data safe in 2019.
Backup!
Despite the best systems in the world ransomware and viruses still happen. Take the NHS for example, despite their huge ICT infrastructure they still suffered a Wannacry infection that cost them £92m to resolve. That particular attack was based on ransomware, this type of infection encrypts your data and requires a credit card to gain access again. The best resolution to this is to simply restore data from a time before your became infected.
A good backup system will take incremental as well as complete backups. By this we mean taking daily complete system backups with shorter backups that just backup data that has changed every 15 or 30 mins (known as incremental backups). By utilising a enterprise grade backup system you can ensure you have backup data from as little as 15 minutes prior to any infection thus limiting downtime in the event of data loss from viruses or accidental deletion etc.
Its worth also bearing in mind that a good backup strategy not only builds on a robust regular backup but also relies on regular backup testing – How do you know if your backup data is not corrupt? Our systems can validate and backup automatically without fuss. We also suggest businesses follow the 3-2-1 backup principle.
3 – Keep 3 copies of your data
2 – Keep your data in 2 places at any one time
1 – Always have a recent backup offsite (USB backup drive / Cloud storage)
By following these guidelines you can help ensure you remain data safe in 2019.
As always if you feel our hints and blogs have helped then give us a like on Facebook , twitter , LinkedIn or Google or check out our website to see what we do and how we can help