Want to avoid your business data being St.Nicked this Christmas?
As Christmas approaches, many of you will be winding down and preparing for the festivities – unfortunately, cyber criminals notoriously take advantage of the holiday season, coercing their way into our digital spaces and cashing in on the season of giving.
With this in mind, here are our cloud and security experts 12 top-tips, to ensure that your business and workforce, stay one step ahead of the hackers.
1. Avoid getting phished…
The shift towards remote work has resulted in an unprecedented rise in email compromise based attacks, with phishing making up 70% of all data breaches. These attacks are particularly prevalent during the holiday season and our Senior Cyber Security Analyst Sam, shares his advice…
“Phishing emails advertising the latest ‘Christmas Deals’ or spoofing well known parcel delivery service providers are very common tactics used by malicious actors.
Never trust an email and always check the wording of carefully, and then check it again! Also remember to check the sender, was it really sent from Amazon…? By putting a bit of thought into how we respond to our digital correspondence we can avoid providing digital criminals with the information and access they are trying so hard to gain.”
2. If in doubt, don’t click it!
In addition to vigorously checking the wording, grammar and sender of a suspicious email, Sam also, warns about clicking risky links –
“The biggest threat our clients face is phishing and social engineering: always check the sender’s address and any links included. Hovering over a link will show you where it’s taking you; if in any doubt don’t click it! The safer option is always to open a new browser and navigate to a specific website yourself without clicking any risky links.”
3. Enforce a Password Policy
“Everyone knows that strong passwords are annoying to remember, however the dangers associated with being compromised far outweigh the pain it takes to remember! For example, an 8-character password takes roughly 5 hours to crack when it’s all in lowercase text. The key is to use a password which contains a minimum of 12 characters that include numbers, symbols, capital letters mixed with lower-case letters. To protect your employees that step further we also recommend MFA is enforced on all user accounts for that extra piece of mind!”
This tip comes from our Cyber Security Architect, Austen, which leads nicely on to…
4. Use a Password Manager
Generating, storing, managing and remembering multiple passwords can seem daunting, which is why our Director Tom’s, top-tip is to ensure that your companywide password policy includes utilising a password manager:
“Use a password management tool to ensure that each password for each service is different – their memory is better than yours! Password managers generate uniquely strong passwords that you don’t need to remember.”
5. Enable MFA
In addition to having a strong password policy, you should ensure your users enable Multi-Factor Authentication on all devices containing company data. As our Senior Cloud Engineer Rob states;
“Sadly passwords get stolen, leaked or disclosed to people who shouldn’t have them, almost no matter what safeguards you might use. So having a strategy to stay ahead of anyone who would try to use your accounts is key to success. Enabling Multi-Factor Authentication (aka MFA/2FA) on EVERYTHING can improve your online security immeasurably.
MFA will challenge anyone who uses your password to provide a secondary authentication factor such as a code, phone call or push notification in a mobile app. Even when a malicious actor has your password, without your second factor they still can’t breach your account in most cases.”
6. Beware of Public WiFi
“When out and about enjoying your company Christmas meals, never connect to public wifi! You never know who is listening…”
This top tip comes from Lex our Information Security Manager. As tempting as it is to connect to these public hotspots and share a picture of your mulled wine, you leave yourself at risk from man-in-the-middle attacks, unencrypted networks and malware distribution…
7. Look at the logs
This top tip comes from our Technical Director Alex, and no, he’s not talking about a Christmas Yule log…
“Ensure you employ someone to look at the alerts from anti-virus software and monitoring agents – it’s all well and good having managed devices, but without someone watching the logs you can’t react in time!”
8. Backup, and then backup again!
Where would your business be without it’s data? As the building blocks of any organisation, data is unquestionably integral, leading to our Senior Project Engineer, John, stating:
“Restoring and protecting your data go hand in hand. I would recommend running onsite and offsite backup simultaneously to protect against all eventualities, in addition to having a disaster recovery plan in place to ensure the fasted revival time. When a crucial system goes down, knowing what to do, who will do it and where the backup data is stored means your business will be up and running again in the fastest possible time.
9. Train your staff from the offset
With over 50% of all cyber security breaches occurring from human error, anti-virus software and artificial intelligence can only get you so far… In order to be truly prepared for a security breach, you should roll out user education and awareness training. As our Head of Cyber Security, Ryan, states;
‘Over 28,000 people fell victim to fraud during last year’s Christmas shopping period. To successfully fight against malicious actors this year, it is critical that businesses foster a cyber-security culture through education and security best practices. I’d recommend starting awareness training during employee onboarding and follow an official cyber security training plan.’
10. Adopt a zero-trust framework
The term zero trust does not refer to specific technology but is rather associated with an overarching approach to network security. It is a security framework centralising around the belief that no one should ever be automatically granted access to a network – instead stringent identity verification is required for every user and every device, regardless of where they sit in relation to the network perimeter.
Ryan again suggests:
“This model essentially acts under the impression that all users and devices trying to access the network are threats. Make sure your network users use robust authentication measure, make sure you segment your network, and definitely adopt a least privileged access model.”
11. Invest in a SIEM tool
Managing and monitoring data throughout your infrastructure can be an expensive and time consuming task, which is why our Cyber Security Engineer, Liam recommends that everyone should be asking for a SIEM tool for Christmas…
“SIEM tools allow security analysts to investigate security alerts in real-time, which reduces the average time to identify and respond to breaches. IBM say the average time to respond to a breach in 2020 was 207 days – which is why a SIEM tool should be at the top of everyone’s Christmas list this year!”
12. Work proactively, not reactively
At Stripe OLT, we offer CREST certified Penetration Testing services, so of course our SOC Manager, Mark, couldn’t not highlight the importance of actively testing your network and systems…
“Work proactively, not reactively! Don’t wait until malicious actors find a network vulnerability to exploit and actively test your infrastructure and applications with a Penetration Test to uncover any weaknesses ahead of time.”