Why IT security should be your top priority

    Failed IT security horror stories and the cost to organisations are common. From data breaches such as 100 million Facebook users being exposed to the internet, to outages and ransomware attacks, the threats and counter-attacks grow daily.

    Organisations affected face a huge bill to restore the damage. Last year, a Government survey revealed almost half of UK businesses had suffered cyber or security breaches, most costing thousands of pounds. Some businesses fail following a cyber-attack, especially when reputational damage cannot be restored.



    A sensible approach to prevention

    The Government’s Cyber Essentials scheme was started in 2014 to help companies of all sizes improve their cyber security. It’s claimed that fulfilling the basic steps will reduce the risk of an attack by 80 percent.

    Certification is given to businesses that complete the scheme, proving their commitment to protecting data from cyber threats; it’s one reason why ITRM will become Cyber Essentials certified, to reassure our clients that our treatment of their data is in safe hands.



    The new IT security risks

    Recently the Vectra 2019 Spotlight Report on Healthcare identified Internet of Things (IoT) devices, unpartitioned networks and outdated systems as more likely to be exploited by cybercriminals looking to steal personal information and disrupt organisations.

    This means that WannaCry style ransomware attacks which cost the NHS £92 million in 2017 are less prevalent as it’s easier for criminals to attack HTTPS tunnels, as these often look like service provider traffic. Having said that, organisations should still monitor for ransomware as well as spyware.



    Security and IoT

    However useful IoT might be, the security risk it poses is clear.

    According to Willis Towers Watson employee negligence is responsible for 66 percent of cyber breaches. And yet, it appears some are keener to access the convenience of these devices than consider the security risks.

    For businesses, using IoT on a network requires a totally different approach to security to the one required for laptops and smartphones. Mishandled, a failure to secure enterprise IoT could cause untold damage as one US casino found out, after hackers pinched its high-roller database via the smart thermostat of a fish tank in the lobby.



    Cloud requires better security

    Analyst Forrester predicts the global cloud computing market will grow by 20 percent this year to exceed $200 billion, while Citrix recently suggested that the term cloud will no longer be required as it becomes the everyday computing model.

    Businesses with on premise systems coming to the end of their life will inevitably want to switch to cloud hosting. But the most important issues will be, how best to store vast amounts of data, as well as remote access for staff, partners, suppliers and so on.

    While cloud providers have improved their own security protocols, the bigger danger to cloud security is the end user.



    Don’t overlook basic security requirements

    It might sound overly simplistic to talk about firewalls, anti-virus, software passwords and suchlike but actually, these more basic security features are still being overlooked and yet, are relatively easy to rectify.

    With the move towards cloud and more people requiring access, the need for basic security to be in place, is even greater.



    Strong passwords prevail

    Strong passwords feature highly if organisations are to have any chance of keeping sensitive data safe. This often means needing to train staff on the importance of only accessing such systems from secure locations and ensuring remote locations, such as home computers, meet certain security standards. So too, a bring your own device (BYOD) policy is critical to ensure hardware safety throughout your organisation.



    The importance of a backup plan

    While nobody wants to think about a worst case scenario it’s always best to be prepared, should the worst happen.

    Most companies will have a disaster plan but the IT version isn’t always up-to-date. Being able to immediately detect and respond to a threat is the best way to ensure damage is limited and data is recoverable. The simple fact is that, given the sheer number of attacks businesses are facing, it’s no longer a case of if but more a case of when.  

    Related Articles

    Managed IT services

    Why use a managed service provider?

    17th June 2019

    Multi-factor authentication

    Why multi-factor authentication is a no-brainer

    17th June 2019
    Visit our blog for more articles like these
    Find Out More

    Do you have any questions about our services?

    Loading...