With the rise of ransomware and cyber attacks becoming more common we wanted to highlight 3 areas which are easy to address but can help keep your systems secured.
Ensuring that all user accounts are secured with secure passwords. SplashData have compiled a list of the worst passwords to demonstrate what people are still using and how easy this makes life for hackers:
Not only is it important to avoid weak passwords, but also to use unique passwords for different accounts. We have seen many high profile security breaches over 2016 with Dropbox, Yahoo and Talktalk all having large breaches, one of the first things hackers will look for is to try a compromised password against other services and accounts. A helpful tool to look if your email account has been compromised is available on the website haveibeenpwned which is run by Troy Hunt from Microsoft to raise awareness on compromised accounts.
After password attacks the 2nd most popular attack is the Phishing attack, this is the method of pretending to be another individual or business and emailing a link to a malicious webpage or file. Phishing works by exploiting trust, as if a business which you correspond with via email sends a document through the assumption is often that the files and links are legitimate. Sadly this is often not the case and hackers are actively exploiting such trust and even internal emails using techniques such as email spoofing to compromise a computer. There is some good free training available across various the governments websites here. We also offer email filtering products and services which can help protect against such attacks, don’t hesitate to contact us to discuss this further
Letting people bring their own devices is seen as a great benefit in many companies, employee’s don’t want to carry multiple devices and allowing them to bring their own device can save on equipment costs. However without a suitable BYOD policy in place the employee’s device can open a huge security hole in the network. At the very least your BYOD policy needs to make clear the requirement for antivirus software and relevant authentication to ensure that company data is not exposed.