The New Rules For IT Security – for SMEs

Presented by:Vic KimmelCEO, Bright

Introduction

SME’s are increasingly targets of cyberattacks

• 2015 saw its fair share of global cyber security concerns that SME’s should be aware of including phishing, malvertising, hidden malware in applications, ransomware and spam the threats to your IT systems that cannot be underestimated.

• In the past year 57% of UK businesses have suffered a cyber-attack with the average cost of these attacks reaching £330,000

• While these attacks have traditionally been aimed at larger businesses with >1,000 employees the landscape has shifted with cyber criminals attracted to SME’s who often lack the defenses of enterprise level IT systems

• According to the most recent Government Security Breaches Survey 74% of SME’s have reported a security breach or attack in the last year.

3Source: Symantec

Common threats facing SME’s are:• Human error – it should be no surprise that people are traditionally the weakest link in a

company’s IT security, with the majority of data breaches whether malicious (data theft when quitting or being fired) or in error (emailing sensitive to the wrong person)

• Denial of Service attack – when a company’s website is swamped by data being forced onto its servers resulting in employees/customers being unable to access the website

• Ransomware – when malicious software, typically transmitted via a phishing email, encrypts a company’s data with a ransom requested for its release

• Hack attack – when a hacker gains access to a company’s network in order to steal personally identifiable information (PII) on that company’s customers, most likely financial in nature

• CEO fraud – when a cyber attack impersonates someone in a senior position, often the CEO or CFO, within a company and convinces a senior employee in the finance department to authorise a money transfer or payment

4Source: Cyber Streetwise Campaign

How to address the Malware threat

How do I know if my computer is infected?

• Common signs that your computer has been infected by spyware include slower than normal computer speed, frequent crashes, and inability to access certain tools such as task manager or a virus scanner

• Further symptoms can include changes to your web browser’s home page that cannot be undone and a constant stream of unprompted pop-up windows

6

Import the necessary tools

• In some cases, spyware can prevent you from accessing the system tools necessary to remove the offending software

• If this is the case, you can import the solutions you need from a clean computer• If you are using a USB device to transfer the anti-malware tools to your computer,

ensure that autorun is disabled on both your computer and the computer you are using to download them

7

Perform an Uninstall

• Whilst many spyware programs burrow deep into the computer’s registry, making them impossible to remove with a traditional uninstall, some can be removed this way

• Before you try more complicated remedies, see if you can eliminate the spyware using Add/Remove Programs in the Windows Control Panel

• If the program is listed, select it and then reboot the computer once you’ve completed uninstalling to verify that the process was successful

8

Run a full system scan

• Use a full system scan performed by an antivirus solution to search for the spyware• Run the scan in Safe Mode when possible• If the antivirus software is able to identify the spyware, allow it to take the

necessary action to quarantine or delete the malicious software from your system• Programs such as Windows Defender can perform this function, as can antivirus

software such as Avast, Symantec Antivirus (SAV) or Symantec Endpoint Protection (SEP)

9

Isolate the problem

• If a system is heavily infected and performing a system scan in safe mode fails to solve the problem, another approach to try is to access your computer’s drive without giving the spyware a chance to load

• You can do this by accessing your drive via a boot-up CD• Once you’ve gained access to your system via the boot disk, use the file manager

to find the antivirus software installed on the system and perform another scan• You can also identify the malicious files so you can delete them manually

10

Use specialised anti-malware software

• A number of spyware programs use so-called Trojan downloaders to infiltrate a system

• Specialised anti-malware software such as MalwareBytes can be used to get rid of a variety of spyware of this type

• MalwareBytes is also effective at removing “scareware” from your system• This type of malicious software tries to scare you into buying “protection” by

hijacking your computer and spamming it with pop-up ads for the so-called protection

11

Why you should have a backup or business continuity plan

What is data back-up?

• This is the process of storing and saving your existing data on a different storage platform, and often at a different location, than your main system.

• Backup allows you to preserve important data for future access should your system crash or otherwise malfunction at some point – if it does, data can be restored from the backup platform.

• Whilst backing up data may seem tedious at times, the value of doing so becomes apparent when an IT system crisis occurs.

• By preventing such an event, data backup is well worth whatever time it takes to set up and perform the process.

• However it does not offer identical functionality to business continuity processes which focus not only on restoring your data but also on giving you access to your operating environment as a whole if your main system is unavailable.

13

What is Business Continuity?

• Business continuity (BC) software is also commonly referred to as disaster recovery and enables you to restore your complete operating system

• It does so by saving mirrored copies of your company’s disk drives and servers which can be used to restore your system on an alternate platform

• It enables a company to restore access to their IT system much more rapidly than by reinstalling an operating system software and copying backed up files

• It is most applicable in major instances of system failure that require the re-creation of your operating environment, not just restoration of your data

14

The value of Business Continuity solutions

Customers expect highly reliable, nearly 24/7 access to a company’s IT resources. A business continuity solution allows you to provide this type of access. Strictly relying on DB solutions typically does not allow you to provide this level of service. While maintaining a BC solution will generally cost more than simply using data backup, such a solution can ultimately prove to be well worth the cost from a return on investment standpoint when everything is said and done.

There are several reasons for this:

• Downtime can be extremely expensive to your company from a productivity standpoint:

• Downtime can also hurt your company from a reputational or customer perception standpoint:

• Lost sales during an outage:

• System outages can also result in significant opportunity costs

15

BC solutions can provide a number of other services beyond disaster recovery functionality

These include:● BC can, in some cases, double as your data backup system.● BC is helpful for testing upgrades, patches and new use cases to your main system.

These can be run on a “virtual” version of the system to make sure there are no flaws in an upgrade or new software solution before it is added to your main system.

● If your IT system is working fine, but you have experienced major data loss or corruption, it may be more efficient to move to a BC environment to help diagnose and solve the problem rather than re-importing massive amounts of potentially corrupted data to your main system.

● The DR environment can be used to temporarily host applications and services during planned maintenance, migrations or training sessions.

16

Business Continuity or Data Backup?

• In many cases it may be advisable to utilise both functions in one form or another, depending on the circumstances of your organisation’s operating environment

• With the reduced cost of modern data storage and imaging techniques many business continuity solutions are increasingly affordable for SMEs especially as there are different gradations of such services for all budgets

• The safest option is to combine the two functions, either in the same solution or by aligning their functionality across solutions, this allows you to benefit from the synergy of taking an integrated approach as well as the opportunity of dealing with a single service provider if you are outsourcing the process

17

The various types of BC servicesA broad description of the types of BC services available (with associated DB services, if available) follows below. Please note that

each of these approaches will have its own recovery time objectives (RTO) and recovery point objectives (RPO). Generally speaking, the closer to real time you get in terms of RPO and RTO, the higher the cost of the service.

● Cold: This approach preserves and backs your data up and replicates your systems via system images or VMs that can be stored either in a local or remote location. No population of the recovery servers with data is performed until necessary. When a request is made to do so, starting of the servers takes place and data is loaded. The process can take some time; the time it takes to load depends upon the extent of your IT environment and the amount of data associated with it. You can choose which data snapshot to load as a means of avoiding recent data which has experienced corruption.

● Warm: As with the cold process, your data is backed up and your systems are replicated; however, in this process the servers or VMs are loaded on recovery servers right away. When a request is made, it is only necessary to load the data and start up the servers. As a result, system availability is much more rapid with this method. Similar to the cold approach, you can choose which data snapshot to upload.

● Hot: This process keeps a redundant environment running alongside your primary IT system. Data is continuously synced between the systems. This approach may be associated with mission critical applications such as email or e-commerce ordering systems, as well as with entire IT operating environments. It offers the fastest method of recovery possible if your primary system fails.

18

Security Rules for SMEs

Identify your most valuable IT assets

• When formulating your data security policy, it is important to identify the assets (equipment and data) that are most valuable to your company and then determine which of these assets are most essential to the functioning of your business

• One way to do this is to ask yourself which IT assets would it be hardest to run your business without

• Once you’ve identified your most valuable IT assets you should analyse them for vulnerabilities to help you devise an overall IT security plan

21

Analyse your most important IT assets for vulnerabilities

• Run a series of tests to determine how vulnerable your most important IT assets are to being exploited

• If you need help performing the testing, automated programs for this purpose such as network vulnerability scanning applications are available online, or you can have your IT support firm perform the tests for you

• Any vulnerabilities discovered in the testing phase should be corrected to ensure maximum system security

22

Create a documented security policy

• The best security plans in the world are worth very little if your employees don’t follow them

• Crucial to this process, especially as employee count rises, is to create documentation explaining your security policy to your staff

• The documentation should cover all aspects of your security policy so that it is clear to employees what is expected of them

• Items to cover in the policy documentation include:– Device usage parameters, including company-provided devices and employee-owned

devices, if their use is allowed for business purposes– Password security policy– Email policies and procedures

23

Protect your email server system with anti-virus software

• The most common source of security breaches involving SMEs is email, typically via links clicked on by unwary employees

• Your email server should be protected by a commercial antivirus (AV) solution, either in the form of a hardware appliance or software installed on your equipment

• Multifunction appliances can be good for SMEs because of their reasonable cost, solid protection, and the ease with which they can be set up, configured and maintained

• However, they aren’t as scalable or easy to adjust when necessary as AV software. Companies with more complex networks will typically be better served by network AV software or high-end appliances. An IT consulting firm can help you install and provision your AV solution if your company lacks the in-house expertise to do so

24

Install a firewall and test it regularly

• A firewall is designed to prevent outsiders from accessing your private network. Enterprise connections should be shielded from cyber attack by a firewall that performs stateful packet filtering at minimum

• To keep costs reasonable, SMEs should consider utilising appliance-based firewalls or consulting with a managed services provider (MSP) about outsourcing their security needs

25

Follow security procedures when disposing of old technology

• To ensure that any confidential data kept on old computers, servers, or mobile devices is disposed of properly

• Make sure that destruction of the hard disk takes place rather than simply throwing a device away

26

Use robust password security procedures, especially when allowing remote access to your data

• To some degree, your enterprise security is only as good as your password security• Even the most robust of firewalls won’t help if outsiders are able to gain access to

your network via compromised passwords• Any remote access you provide should only be enabled via complex, difficult to

decipher passwords

27

Verify your website uses the latest intrusion detection solutions

• Publicly available websites are by nature exposed to a variety of threats, including DNS (denial of service) attacks and unwanted intrusions

• Every company website should at the least comply with vendor-provided security provisions to deter intrusion

28

Restrict access as appropriate and monitor employee behavior for potential security risks

• Your IT security policy should specify which employees have access to sensitive parts of your network as many data breaches

• Upon further investigation, are determined to have originated from employees who had access to the network

29

Use encryption for laptops/tablets

• The use of laptops/tablets presents inherent security risks, requiring a robust security policy to reduce the likelihood of a security breach

• One way of accomplishing this is to require employees using such devices for company business to use encryption

30

Establish help desk and anti-phishing security policies

• A source of a significant number of security breaches is “social engineering,” which refers to attempts by attackers to get company personnel to provide valuable data such as password information by pretending to be a customer or employee

• Establish identity verification procedures to make it as difficult as possible for this to occur.

• Another frequent source of security breaches are phishing emails, where attackers send emails which look legitimate to gain access to sensitive company data

• Your security policies should include measures to prevent such email phishing schemes from compromising vital information or costing your firm money

31

Enable remote wipe facilities for mobile phones

• If mobile phones or tablets fall into the possession of outsiders, remote wipe facilities are essential to prevent the data on those devices from becoming compromised

32

The human factor

• All companies experience employee turnover, they key to preventing data breaches is to manage their exit whilst ensuring the data remains protected.

• Some recommended steps:– Conduct an exit interview with their supervisor and IT team to discuss the transition period

and management of any sensitive data, access to systems etc– Take an inventory of their devices including laptops, backups, mobile devices, USB’s, flash

drives and ensure these are returned or wiped of sensitive data if they used their own device

– Deactivate their email address and cancel any remote access accounts– Update the passwords of any accounts they had access to such as social media platforms – Collect all access cards, pass keys, ID cards– Change the pins of any corporate credit cards they had access to and/or cancel their card

33Source: Centre for Internet Security

34

Wrap up• While you can’t always avoid it here are some general rules of the road that you should follow

– Back up your computers and servers regularly – Lock down mapped network drives – Deploy and enable

all Endpoint Protection technologies– Download the latest patches and plug-ins – Use an email security product to handle email safely

• And if you are affected by a ransomware attack remember these 5 tips1. Don’t pay the ransom 2. Isolate the infected computer 3. Restore damaged files from a known good backup 4. Alert your MSP5. Ensure you have endpoint protection installed

How can Bright help?

Establish a properly managed IT system

• To reduce the chances of your system becoming infected with spyware, and to make it easier to remove such software if the system does become infected, taking a proactive approach to maintaining and operating your system is highly recommended

• This can be done either by your company’s own IT staff or by contracting with a managed services provider (MSP) specialising in such efforts

• Bright can help optimise your system’s antivirus and firewall protection to defend against malware of all types as well as help you establish operational procedures to minimise the chance that it will suffer an infection

• We can also provide system monitoring services that allows us to benchmark your IT infrastructure’s operating characteristics, enabling rapid diagnosis and remediation of a spyware infection or any other system impediment

36

Thank you

Have further Questions? Get in touchVic Kimmel, CEO https://uk.linkedin.com/in/vickimmel

Our Partner Development Team;• Yemi Oyeleye https://uk.linkedin.com/in/yemi-oyeleye-b141a329• Billie Caufield https://uk.linkedin.com/in/billie-caufield-8600a4ba• Bryony Reid, https://uk.linkedin.com/in/bryony-reid-40777683 • James Stevenson https://uk.linkedin.com/in/james1stevenson

Find us at www.bright.co Email us at enquiries@bright.co Call us on 0203 301 9500

38