Site icon Micro Pro IT Support

What is your IT security strategy?

As a business the last thing you should have to worry about is your IT security strategy and if you have the right IT team behind you, then it shouldn’t be a concern. But what if you don’t have that confidence in your team or you haven’t taken the first steps to securing your network. What do businesses need to do to protect their clients and any intellectual property?

Well let’s see if we can shed some light on the approach. Here is a list of some of the most common attack vectors and a few quick wins that you can implement as an action plan, to help manage those vulnerabilities and protect your business.

Spoofing

The use of electronic communication to disguise oneself. The attacker’s objective is to trick their target into to providing sensitive information.

Phishing

A fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details. This is typically carried out by email, instant messaging, and text messaging. Users are often encouraged to enter personal information at a fake website which matches the look and feel of a legitimate site.

Man-in-the-middle-attack

This is an attack where the perpetrator secretly eavesdrops, relays and possibly alters digital communications between two parties.

Viruses

The infection of a device to perform localized attacks or to spread across multiple devices using an application that performs malicious instructions. The virus is usually downloaded from the internet, rogue USB devices and can even be pushed over remote connections using Bluetooth or  networks depending on the level of access the virus has at the point of infection. There are many ways to be infected by a virus.

Ransomware

Usually deployed as a secondary payload to malware or a virus. Ransomware encrypts your data and then holds the encryption key for ransom until you pay to have it decrypted by the attacker.  Not even offsite backups are at safe from ransomware so make sure your IT provider has secured them. Common attack vectors used to remotely encrypt server data includes the use of RDP (remote desktop) and UNC network shares. Scary stuff right.

Data theft

Each mobile device, be that a company phone or laptop that is taken outside of a controlled and secure company network, is a risk to the business. All it takes is one stolen laptop that is not properly secured. Best case is access to the data on the laptop. Worst case is access to the entire company network. Furthermore, with the wide adoption of BYOD (bring your own device), businesses face the difficulty and complexity of adhering to compliance within the scope of an IT security strategy and policy. All while not restricting the free use of said devices in a personal capacity.

Quick wins

Failing to act

Having a client experience phishing attacks from within your own business creates a negative perception.  If that is the way a business treats its own data, then what does that say about the attitude to a client’s intellectually property? Costs are exponentially more to fix a problem or security breach retroactively and in some cases the damage is irreparable. As opposed to a proactive and strategic approach to your security. As the saying goes, prevention is better than the cure. Think about the cost of decrypting your backups due to ransomware because you did not apply the correct measures to address the vulnerability before it happened.

Honestly, it is not worth the risk when you truly understand the impact.

Final Thoughts

Obviously, there is more to it, but the ‘quick wins’ in this article should help to prepare most businesses for the next level of their IT security strategy.  Once you have achieved the fundamentals, start focusing on building an IT security policy that you can use as a framework to adhere to and revise as the business grows in the future.

Don’t be the person that thinks it is not going to happen to them. It inevitably will and when it does happen, you will wish you acted sooner. And most importantly, never be ashamed to ask for advice. Your preferred IT provider is a phone call away. So reach out and ask for help with your IT security strategy!

About Shaun Groenewald

As a highly skilled professional with over 20 years’ experience in information technology, Shaun has worked both in-house and with various managed IT service providers to deliver IT services to SMEs and larger organizations. He consults and engages senior members at the stakeholder level to deliver solutions that improve operational efficiency and provide value to the business in line with strategic objectives.

To date, he has actively managed and technically contributed to over 300 projects in the last 10 years. With a focus on reducing operational costs through organizational optimisation, improving functionality, infrastructure resilience and making IT services easier to maintain. Whether it’s by facilitating the introduction of ITSM service tools, introducing business continuity, developing internal processes, reviewing IT policies or managing the delivery of infrastructure from the ground up.

Shaun is passionate about what he does and enjoys being able to make a positive impact to the way IT delivers solutions to scaling businesses, based on a framework of best practice.

Exit mobile version