Saturday, 9 November 2013

It’s Not Paranoia. People REALLY Are Out To Get You



Definitely one you won’t want to miss!

Sourced from our recent research activity, this is a MUST read for all businesses of all shapes and sizes.  We have summarised the key points of the article and you can find the whole piece here:   http://www.theregister.co.uk/2013/10/21/data_security/

Your business, your users, your systems and your data all have value to someone.

You could be targeted because you have something that someone specifically wants, or because attackers are hoping to find bank account details or email addresses to spam, or because they want your computer power for a botnet.

Few companies have the luxury of being able to dedicate one or more members of staff to security, but there are some easy layers of defence that everyone should have in place.

Microsoft Windows 7 and below have this covered fairly well with Microsoft Security Essentials for anti-virus needs and Windows Defender for spyware. Windows 8 has Windows Defender built in and does both anti-virus and anti-spam ware.

One of the most common methods of getting something unwanted is via an infected USB. Blocking USB devices is of course is a great line of defence which needs to be well managed with your staff. 

Fear of phones

Mobile malware is the latest threat. Android phones are the worst culprits. iPhones, Windows phones and BlackBerrys are much safer.  Enforcing PINs or password on devices is the most basic level of protection and should be employed wherever possible.

Avoiding using free services such as DropBox – hacking is easy.  The rogue user is another danger area – the member of staff who leaves the company to work for a competitor and still has arrangements in place for company-sensitive information to be emailed to him. Similarly, the person who left but knew another person's password. Weeks after leaving the company he logged in via webmail and began abusing staff.

Flashing red lights and sirens should be going off by now!  Policies prohibiting sharing passwords with other staff members and a regular forced change of password help to prevent these situations.

Beware the mafia

Ensuring user- accounts are disabled as people walk out the door for the last time is a very small price to pay to avoid a potential high risk of damage.

It is also worth educating users with reminders and tips. It is obvious to us, but a random email asking for their login details will often have users happily clicking a link that goes to "http://yourcompany.russianmafia.com" and entering their company username and password.

An attacker who has targeted a staff member or company can do huge amounts of damage and companies of all sizes are at risk."

These are just some of the basic approaches you should consider to protect everyone. You want to be thinking about them now rather than when it is too late. ®

Sysadmin blog

No comments:

Post a Comment