A Few IT Security Basics
All of the organisations we work with have some degree of awareness and concern regarding IT security. In most cases, the perceived level of risk is low, as they are unlikely to be considered a major target. Countering this however, is the unfortunate reality that it is easier than ever to access and utilise tools such as malware and ransomware. In many cases hackers will cast a very wide net in order to find a vulnerable organisation or unsuspecting team member, while in others your organisation may not have been targeted at all but simply caught out as an unintended consequence.
The good news is that a few key steps can help to reduce your security risk almost immediately.
- Backup, backup, backup! If you do end up infected with ransomware this may be your only recourse.
- Update your operating systems and software regularly - “patch early and patch often”.
- Run antivirus software, and if you are on a corporate network use a dedicated firewall and keep it up to date.
- Educate your team - make sure everyone knows how to look out for phishing emails and other common security risks.
- Use different credentials for different services, a password management tool to manage them, and 2 Factor Authentication (2FA) like Google Authenticator wherever possible.
When setting up Google Authenticator or other 2FA services, make sure you print the backup codes provided and understand how to gain or reset access if your authentication device (most commonly your phone) is lost.
Don’t forget about common sense internal controls either. Work on the principal of least privileged access - restrict sharing of sensitive data, and only give escalated privileges e.g. admin rights - to those who really need that level of access. This can help reduce the impact of both phishing or virus attacks and disgruntled employees.
If you know that you should be doing more in this area but are having difficulty with resource or determining where to get started, get in touch and we can discuss how MyTechies can help.