Cybercrime is now firmly at the top of the agenda for government and police, as well as all businesses and consumers that are switched on. But in an ever-changing landscape of online threats, how best to ensure that your IT security is fit for purpose? Here are some useful pointers…
Protecting your identity
We all know the risks of identity theft, but it’s not just your personal identity that you should be concerned about. Prudent UK domain name registration through your web hosting company can prevent devious operators from occupying web addresses similar to your own and either effectively holding them to ransom, or using them for purposes you might prefer them not to. What that means is that if you hold the .com address for your brand name, you would probably want to secure a series of other domains such as the .co.uk, the .biz, the .net, as well. These can all be redirected to your main address, allowing you to pick up more traffic.
Distributed Denial of Service (DDoS) attacks are becoming ever more prevalent, and the targets widespread. The TalkTalk attack in October 2015 was the latest high-profile case, but just recently the UK academic IT network Janet was hit by a massive DDoS assault that is still ongoing at the time of writing. You should be aware not just of the risks of DDoS attacks, techniques to prevent or mitigate their effects, and how to deal with customers and the media if you are affected, but also that a DDoS attack may not be the end of it. In fact, such invasions are often nothing more than a smokescreen for something more malicious, such as the theft of sensitive corporate data or customer credit card details, while your IT department has its hands full. Whatever the size of your business, whatever the nature of your industry, never assume you’re safe.
Whatever software your business uses, from Windows to Adobe, make sure that patches are installed whenever they become available, especially when they specifically relate to security issues. Software releases are often quite ‘buggy’ unfortunately, and there are hackers who will go through every line of code looking for a way in. Once they find it, it becomes a race against time. So assign an IT team-member to check that all devices are routinely patched.
You can consider storing your more sensitive files on an off-site server owned by a dedicated data centre. This gives you peace of mind that your most important data is safely backed up should the worst happen, and easily accessible. The other aspect to consider is that data centres often have a lot more resources to put behind IT security than your own company might.
With the spread of mobile devices, it’s easier than ever for hackers to get into company IT networks. If you’re in a public space such as a hotel or airport, don’t use the public WiFi, even if it’s free, because it may not be secure – in fact it probably isn’t. Never click any links or open any attachments in emails you’ve been sent if they look suspect, even if you are certain of the sender. And treat social media with caution, especially in the workplace, as this is not a common way for hackers to find a route into your network.
You should impress upon people that the responsibility for network security does not rest entirely with senior management, or the IT team, but on everyone involved with the business, including customers and suppliers. One of the simplest and most effective ways to keep online security tight is to insist on passwords being updated regularly, and for them to be set as combinations of numerals and upper/lower case letters.
Any suspicious incidents, or people on the premises, should be reported, and no devices of any kind should be connected to your network unless authorised and with effective antivirus software installed on them. You could even insist on this with clients visiting your offices – it may be inconvenient for them but it will certainly convince them that you take security seriously.