We are inundated with accounts of computer systems being hacked; of cryptoviruses infecting files; of personal data being released on the Internet etc. These risks are real and relevant and generate well-grounded anxieties
- Are we doing enough to prevent our systems being attacked?
- What more can we do?
- Should we employ the services of data security experts?
- Who can help me?
- Can I afford it?
- Can I not afford it?
Trend Micro, purveyors of computer and related security software, have researched the issue. They set up a sophisticated ‘honeypot’ that mimicked the computer and related systems of a small specialist manufacturing company. They also made the company easy to find on the internet – something every business wants.
It was clear from their experience that even basic security measures kept attackers from infiltrating the honeypot.
To lure attackers, they then left various external access ‘ports’ open. Only then was the system infected with a cryptovirus. This attack, as well as the many others subsequently received, were not from fiendishly clever criminals, but from mundane opportunist exploiters.
The conclusion we draw is that that SME’s can protect themselves, by and large, by following a number of standard rules:
- Keeping operating systems up to date
- Keeping routers, firewalls and web browsers and other software up to date including anti-virus software
- Ensuring that passwords are not default, common or simple
- Ensuring that routers only allow authorised connections in (and out)
- Safe browsing
- Not opening attachments that don’t come from someone you know and that you don’t expect
- Not clicking on email or website urls without checking that the address matches the reason for the click
- Not allowing/opening ‘stranger’ memory sticks
- Being careful to check (and double check) who you share credentials with – the default is no-one!
If you have any issue implementing these protection mechanisms in your organisation – particularly in keeping up to date – please don’t hesitate to phone us at DataSafe Services.