Managed IT security is far more than just having Anti-Virus and Malware detection, its more than having a firewall.
What, if anything, are you doing when all those things fail you? When one of your staff have clicked on that dodgy email link. When rogue software has access to your computer. Of course its your call, look what happens below to the unwary and you decide if what you have now, which I’m sure was good enough in the past, is going to save you today?
Malware, its insidious, its destructive and its everywhere probing, testing for weaknesses and exploiting the gaps to gain access to your data, your logins and your personal information. Worse its looking for the data of other you may hold so it can fool the unwary with subtle tricks of impersonation to lead to further breaches and leaks and its getting worse.
92% of malware is now born from emails. What if anything are you doing to filter out known bad sources of compromised emails, fake mail servers, impersonation attacks? Professional email security can easily be added to any business grade email platform such as Exchange, Office 365 and may other commercial email services. They not only drastically improve the security of your email service the help filter out a lot of the noise and wasted time of junk mail, SPAM that eat into the valuable time you and your staff waste every day processing unwanted emails. For as little as 7p a day per mailbox that time and peace of mind can be yours so the return on investment is pretty much instantaneous.
“That will never happen to me. It’s a risk I’m willing to take.”…really, you’d risk your business on that view?
Small and medium sized enterprises (SMEs) are the prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. Think about burglars that go after houses where they know no one is home. With more cyber-crime automation and the rise of hacking kits, the cost and time it takes to launch a successful attack have decreased, increasing the amount of cyber-attacks executed.
If that’s not frightening enough we now need to contend with the implications of the GDPR legislation. The key take away here is if you can’t prove you were protected its assumed you were not, so make sure you can produce evidence of anti-virus, staff security awareness training, encryption, mobile device management and all those other safeguards you need in place.
Have you implemented ongoing end user security training, with metrics and testing?
Are you capturing security logs also known as SIEMs?
Does your current security software implement profiling to identify normal user behaviour and consequently abhorrent behaviour likely to be a threat?
Are your password policies set to expire regularly? Are old user accounts deleted to prevent unauthorised access?
Do you have a robust password management solution? When a member of staff leaves under any condition do you know what passwords they had access to. Do you know what passwords they used or set, or have you just lost control and possibly access to some of your business systems?
Can you prove all of this in an audit? GDPR now has much sharper teeth!