Insights

April 16, 2019

Seven IT Security Gaps You Need To Plug

Posted by

To Keep Out the Scammers & Hackers

There is an ever-increasing onslaught of scams and hacks – after two things: your data and your money. IT security gaps can let them in.

The number of people caught out continues to increase, with some estimates suggesting the value of authorised fraud (where the genuine customer processes the payment) reached over £354million in 2018 . The cost of ransomware attacks is estimated at $75billion in the US alone.

To combat this, you have to do two things:

  1. Educate and train your teams to look out for these scams
  2. Ensure your IT security stack will protect your network and your business

Here are seven IT security gaps that make your network vulnerable to attack from hackers. With the right training for your team and the right set of IT security products (the IT Security Stack), the threat from these can be dramatically reduced.

Your Teams

Unfortunately, the weakest link in any IT network is the user. It is critical that you educate and train your teams on what to look out for and what to do if they spot something they believe could be a scam or attempted hack. Our previous blog covered more on this topic and can be read here.

Where Are The Weakpoints in Your IT Security?

1. Emails

The first of the IT security gaps is email. The way criminals are trying to get to your data and your money is changing, so your IT security has to too. If you go back a few years, it was all about viruses. Viruses were released to cause chaos and to impact your business. So you had to invest in anti-virus protection from suppliers that worked to identify viruses and then update their software to protect you. Now the criminals want more.

Ransomware and Impersonation emails are the current order of the day. Let’s quickly look at what these are, so you can recognise them.

Ransomware

Ransomware looks to hold your data hostage, so you pay a ransom for its release. Exactly how it works varies by attacker, but they make it almost impossible for you to work. They either copy your data then delete it (including backups available on your network) and ask for payment to return it. Either that or they lock down your network, denying you access. Payment demands are usually in the form of bitcoin so that it is untraceable.

Impersonation Emails

Impersonation emails look like they come from a senior director within your business or from a supplier. Senior director emails are usually along the lines of.. ”I need to pay {insert excuse}, please send me £XX,000 to this bank account”. Often sent to larger businesses with many levels of management, so there will be a fear factor at lower levels about “disturbing” the director, so people don’t check. Supplier impersonation can be in the form of “We’ve changed our bank details. Please pay your invoices to this account”.

The really clever ones have been able to join a conversation and divert it, so you need to be vigilant.

2. Your Desktops

39% of all PCs are still running Windows 7, with less than 12 months before Microsoft stops providing security updates for the operating system. The 14th January 2020 is the cutoff date.

By that time, you need to be running Windows 10. Now you could simply replace the OS, but the specifications of older machines will mean you’re spending time and money updating, but then not getting the performance enhancements, even if it will run. You’re far better off buying a new desktop or laptop and getting a more secure, and faster, machine.

3. Your Firewall

Your firewall is the gateway to your office network, whether simply your desktops and laptops, or to your local servers. It is an integral part of your security stack. Unfortunately we still see some smaller businesses with just their internet router standing guard.

Firewalls with Unified Threat Management added are our usual recommendations, providing a real barrier to entry. Never be tempted to skip this one!

4. Your WiFi

As your business grows and more people visit your office, you may be tempted to simply give visitors access to your WiFi. STOP.

If you do this, you’re allowing them access to your entire network. You’re giving them the ability to access your data and to introduce malware or ransomware. You will have to invest in hardware to provide a separate guest network, but is the saving worth the risk?

5. Your Website

You will, no doubt, be aware that Google is encouraging people to add SSL certificates to website. Securing your website ensures data cannot easily be gathered from there, particularly if your clients can buy directly through the site.

6. Your Mobile devices

What is there of interest on your phone? Apart from all your email, documents attached to those emails, access to your network, copies of any documents you’ve worked remotely on, your website history and login data and then all those phone numbers and personal pictures. So apart from all that…. (sorry about the poor Monty Python parody…)

The same, and more, will go for your laptop. If these are lost, how are you going to prevent all this information being accessed? Our next blog talks in more detail about mobile security, but in the meantime, let’s look at your options within your security stack.

7. Your staff leaving

When a member of staff leaves, and you’ve had a BYOD policy, do you wipe their phones and other mobile devices? These devices may have a huge amount of your company data on them. Once that person is no longer a member of staff, isn’t that a data breach? What happens if they are going to a competitor? Even if they aren’t, you are responsible for looking after that data and you no longer have control.

Does that help?

We’ve gone through 7 key IT security gaps and provided a few tips on how to plug them. Of course, if you need some assistance, please click the button below.