Cyber-security has become a buzz word in the SME community over the last few years. Most business owners and senior leadership teams have heard stories of local businesses who have suffered significant losses after suffering a breach in their cybersecurity. So, what are the key points SME business leaders need to know about cyber-security?
Defence In Depth
Defence In Depth is a term coined by security professions in 2006 and primarily refers to taking a layered approach to prevent malicious software and viruses disrupting your IT system.
Malware (like viruses) is specifically designed to prevent IT disasters and breaches from occurring by detecting vulnerabilities in the system before they become a threat.
However, directed targeting, (where fraudsters trick employees into releasing information possibly through social media, or threatening emails) can bypass these technical controls altogether, seeking out usernames and passwords without the recipient’s knowledge.
Consequently, the idea behind Defence In Depth is about compensating controls: some technical, some inter-personnel. If one control fails, a secondary control will maintain the system reliability.
One of the most common attack vectors is the trojan horse email; “Please review the attached CV” is a common approach. The unsuspecting user opens the file, thereby giving the attacker full control of the recipient’s IT system.
Of course, antivirus software should catch this, but ultimately, it’s a game of cat-and-mouse and unfortunately ‘zero-day’ threats do get through.
When choosing an antivirus it’s important to consider:
• Who has access to what? Company-wide file shares with everyone having read and write access are an open-door to any malware. The entire data set could potentially be damaged (and this we have seen, time and time again).
• Controlled share access is likewise ineffective if passwords are standard and not unique.
• What firewall functionality is protecting the network? Moreover, is there a better alternative?
Furthermore, it’s also vital that all employees are trained to recognise possible cyber threats. Since your staff are the primary line of defence and that your staff are likely to be the initial targets, awareness of how these viruses’ may come to play – from fraudulent email as well as social engineering – is critical.
Help is at Hand
At Allteks, our low-cost technical solutions are in place to help prevent the worst. We provide, Office 365 hosted email, managed desktop and laptop antivirus, and managed online backup, to ensure we can recover data should the worst happens.
When an Alltek customer suffered a CryptoLocker attack, we were able to call on their backups. Within one business day, we had restored the entire file server and the infected machines re-imaged;
“Allteks has provided our backups for years, but the value of the service has never been more apparent. The virus literally wiped out our entire file server”, commented their CIO.
As a WatchGuard One partner, we also offer the complete range of WatchGuard firewalls, providing much more than Internet access and hiding internal machines. With Unified Threat Management, these devices provide both the first and last lines in technical defence.
For user awareness training, we’ve partnered with SANS, the leading provider of security training, to provide low-cost, on-demand computer-based training, making it easy to educate all staff to a basic level and monitor who is yet to complete the course.
We can also help with web infrastructure security design and hardening services and offer business-driven cyber risk analysis services to ensure we keep your business as secure as possible.
“Allteks has been instrumental in strengthening our website security. With a multi-layered design, we’re realising better performance as well as a reduced attack surface. This gives us confidence in our go-to-market strategy, enabling us to launch more aggressively and realise shorter RoI as a result” –
Chris Millward, British Marine Federation.
Allteks is a full service IT service and support company, based in Maidstone Kent. We have clients across the United Kingdom, and our head office is within an hour of central London.