In light of high profile cyber security breaches that have occurred and the devastating effect this has on entire IT environments and phone systems across multiple sites, plus disruption to business as a whole, are you wondering whether your business is vulnerable? If so, please consider the following cyber security points and recommendations then contact us for more information:
If you already have a password policy in place, that’s great, you will be changing your passwords on a regular basis. This should be at least every 3 months. If you would like to review this with us, or you are not being prompted by your system to change your passwords, then let us know.
If you do not have a password policy in place, we strongly recommend that all staff should change their passwords now. Passwords should be:
- Nothing like your username or company name
- A minimum of 8 characters, preferably longer, with each additional character beyond 8, the password becomes significantly more difficult for a hacker to crack.
- Contain a mix of upper and lower case characters, numbers and special characters such as: !@#$%& etc.
- Unique to logging-in to your network (not used at other sites)
Perform a Google search “how to create a strong password” for ideas about creating passwords.
The password needs to be unique to the user’s access to your network. In other words, never use your work password on other sites such as social media, banking, shopping etc. Further to this, people should never use the same password for more than one site. A discussion point with your staff is to get them to understand that using the same password in multiple places is a very big risk. Hackers count on people doing this and there are massive dark web databases for sale online containing compromised password from a variety of previously breached environments.
If you do not have a password policy in place, one that is enforced by your network, we recommend you engage with us to set this up for you.
Unsolicited Email (spam)
If you have not recently had a discussion with your staff about the risks of opening and clicking on attachments and links in spam emails, please make it a priority to do so. The message needs to be; think and look twice before opening any email. Sometimes an email will appear to be from a known sender but in fact it is a spoofed email that has been sent by someone that is masquerading as the known sender.
If an email is from a sender that is not known to the recipient, it is either marketing or spam. Be very cautious and treat it as spam, do not open it, use the shift & delete keys together (press and hold shift then press delete) to permanently delete the message. If a genuine email gets deleted, the sender will eventually contact you again or by another method.
If your staff report receiving SPAM email on a regular basis, we should review why this is occurring so please let us know.
Multi-Factor Authentication (MFA)
Sometimes also called Two Factor Authentication. What is it? You may already be using this to add an additional layer of security to access your systems. If not at work, then possibly with your bank for example, where, in addition to a username and password you also require a unique one-time passcode generated by a token or sent to you as an SMS or email.
To put it another way; as well as your username you need an additional two “factors” (password AND one-time code) to access the service, as opposed to just one factor (a password).
MFA is rapidly becoming a standard for best practice. Customers that are concerned about security are adopting MFA on our recommendation so please talk to us to find out more.
All of the best security systems and practices in the world are sometime not enough. The goal posts keep shifting. Keeping reliable backups is absolutely critical. If a security breach occurs, it is likely that we will need to recover your systems from backup. If you have an Elite Managed Service (EMS) agreement with us, then you can rest assured we are looking after your backups. If you do not have an EMS agreement with us, please contact us so that we can review your backup processes and have a discussion about getting an agreement in place.
If a disaster occurs, we can use your backups to recover from. Depending on the nature of the disaster it could take several days before your systems are back to normal. What is the impact of this to your business and what is the cost of down-time? What are you prepared to accept as down-time? We can show you how to mitigate against this risk and reduce the downtime to a few hours. Get in touch with us to review your BCDR (Business Continuity and Disaster Recovery) processes and procedures.
Get in touch to discuss this in more detail.