Essential Recommendations for Business IT Security

One of the key factors that effects almost every business with a digital profile is IT security. It’s a constant challenge to get right whether you are a small start-up or a large corporation.

Unfortunately, there are organised criminal gangs in this world who are fixed on trying to do us harm. It’s something that has been with us since the birth of the internet.

The biggest question we get asked at Cyan Solutions, is what best practice can be employed to ensure better business IT security.

Here’s a list of things you can do right now to help protect your business:

1. Don’t Assume It Won’t Happen to You

This is something we find with many SMEs. They think they’re too small for hackers to worry about. It’s simply not true.

Most attacks come through automated delivery such as Phishing email. The hackers and malware developers are looking for someone, anyone whose system they can get into. Whether you are just a one-person outfit or have many staff, treat cybersecurity with the same level of seriousness as you do other aspects of your business.

According to a recent report by Verizon, 71% of cyberattacks happen to smaller companies with less than 100 staff on the payroll. That is in part because there are more of them but the clear message is to be aware and have robust cybersecurity policies in place.

2. Use a Firewall

The first line of defence against cyberattacks is an effective business-grade firewall. Think of this as a barrier that repels common attacks and prevents malicious threats getting to your network. Companies often neglect to invest in this area as they don’t understand the importance of good perimeter security. They assume a generic router does the same job, it doesn’t. You need to improve network security measures if you want to remain safe online.

And, it’s not just external firewalls that are important – if you have sections of your network that contain sensitive data, for example, you may want to protect these with additional cybersecurity measures.

3. The Challenge of BYOD

Bring Your Own Device (BYOD) has largely been accepted in the business world over the last decade after some initial reticence by employers. It can often be easier for an employee to use their own smartphone or tablet or even laptop to do their work.

The trouble is that these are not generally as secure as the hardware and software that you have for your business. Staff can download the wrong apps or visit the wrong sites that open them (and your business) to potential cyberattack.

This is something that is unlikely to change in the future. BYOD offers too many benefits. The challenge is to make sure that mobile devices are updated with the right security and that staff understand their obligations.

4. Having Comprehensive Cybersecurity Policies

This brings us to the strategy for your cybersecurity protection. All businesses, whatever their size, need to have a robust set of policies that staff can adhere to. Many smaller companies do this in an ad-hoc manner which can mean their business IT security is missing vital core components. Ensure that you document your policies and make them readily available to all members of staff – including senior managers and executive teams.

5. Password Protection

It might seem like a simple thing to include in a best practice list but passwords are a real issue for businesses. Enforcing a robust policy in this area is important and could well protect your business from cyberattack. Passwords should ideally include upper- and lower-case letters, symbols and numbers. For more sensitive areas of your business, you also want to consider multi-factor identification.

It might seem like a simple thing to include in a best practice list but passwords are a real issue for businesses. Enforcing a robust policy in this area is important and could well protect your business from cyberattack.

Passwords – when implemented correctly – are an easy and effective way to prevent unauthorised access to systems. Always change the default password that comes with a new device.
If two-factor authentication is available, make sure it is enabled and use it. A common and effective example of this involves a code sent to your smartphone which you must enter in addition to your password.

6. Educating Staff

One failing, particularly for smaller businesses, is not educating their staff on the right IT security protocols. There’s plenty of evidence to suggest that, even if a company has a password policy in place, in the majority of cases it is not enforced.

You have to bring your staff into the loop and make sure they are well educated with regards to cybersecurity risks. For example, User Awareness Training is a great way to educate staff to the dangers of email threats, such as Phishing attacks, which are not always easy to identify.

7. Regularly Update Your Devices and Software

It’s quite worrying the number of small and midsize businesses that do not make the effort to patch their systems, devices and software. Manufacturers release regular updates which not only add new features, but also fix security vulnerabilities that have been discovered. Applying these updates (a process known as patching) is one of the most important things you can do to improve security.

8. The Right Level of Protection

Finally, the fight against cyberattacks is a never-ending battle and you should have the appropriate virus and anti-malware software in place which is regularly updated. One big mistake businesses make is to assume that standard anti-virus software alone is adequate protection for their needs. How security should be tailored to better protect your organisation is something you need to discuss with your IT provider. Understanding what threats are targeting and putting additional layers of security in place to protect against them is an essential part to any cybersecurity strategy.

At Cyan Solutions, we deliver cutting edge IT services and support. If you want access to the best cybersecurity expertise for your business, tailored to your needs, contact our team today.

Things to consider before choosing a cloud platform

Cloud based working has become the norm for many business over the past few years for a number of reasons. The implications for simplicity, enhanced productivity and accessibility are a given. But with such a range of providers and services, deciding on where to invest is no mean feat.

Opting to move your business operations to the cloud can do wonders for an organisation. It can help significantly reduce costs, remove the need for in-house IT experts and substantial hardware, and improve security. It can also dramatically enhance workflow due to better accessibility and collaboration between teams..

There is also the added benefit that it actually compliments remote working. In an era when geographical flexibility is become more and more feasible (and attractive), technology that facilitates it is a must. Cloud-based technology empowers remote workers. Cloud platforms allow for remote accessibility of key information and helps enable collaboration.

Why use a Cloud platform?

What makes cloud platforms so attractive for medium sized businesses is that they work to enable growth within an organisation by eliminating the need to focus on time consuming and potentially stressful concerns such as security, maintenance and backup. Cloud computing means that professionals can rest easy and concentrate on what matters, knowing that  IT support is ready and on hand when it is needed.

If you’re in the market for a cloud platform, there are a few things you should consider before investing:

Which cloud services are you likely to require in the long term?

Understanding which types of cloud services that they provide will obviously be important. But you shouldn’t just look at these services from the point of view of what you need right now. Consider what services you are likely to need further down the line when growth permits. You may be able to find a provider who offers these services as add-ons. For example, basic data storage is great but is there a chance you may require cloud computing services such as virtual networking infrastructure in the future?

How easy is setup for your needs and what level of customer service can be expected?

An easy setup process should be desirable for any cloud service. The ability to easily configure your account for your organisation is essential. Customer support should be first rate as you will be trusting a substantial amount of your data with the platform. Be sure to understand and acknowledge the level of technical support alongside the average response time for customer service.

Do they have a poor history of downtime?

Cloud outages are not only disruptive but they can also be very expensive. Cloud providers that repeatedly experience periods of inaccessibility should be avoided, so be sure you know the downtime history of each cloud provider you consider.

How is security monitored and measured?

Clearly security should be top priority for you, as it should also be for the cloud provider. Be sure you know where the data centre is and how safe and protected it is. Take time to read and understand the supplier’s security standards for customer access and privacy.

How do the company address potential data losses?

This is a worst case scenario, but you need to know how the issue of data losses will be rectified. What systems/agreements do they have in place that mitigate the risks of data loss and how would they compensate for data losses? Ensure you ask questions about what provisions are in place to mitigate against potential data loss as this has major implications for the ability of your business to continue trading should such a loss be incurred.

Just how secure is the cloud? (Spoiler: Very.)

One of the most important considerations for all businesses is security of information and networks. With the revolution in cloud technologies and services, there has been much discussion about security in comparison to traditional IT networks and server technology.

Cloud based technologies have had their share of press particularly in relation to security aspects. What is important is to weigh up the facts and fiction relating to security. Maybe some concerns in the past have been justified. But as cloud technology has developed many of these issues have been rectified.

It would now seem that data and apps held in the cloud could actually be more secure than traditional local server and network technology. Security and privacy issues have always been a major concern for many organisations. They’re also the greatest worries blocking cloud technology adoption. Many organisations feel that if they do not control their data and tech themselves it leaves their systems open to security breaches.

Read on to see if these fears are still well founded and find out why the cloud is actually more secure now than ever!

Data storage and security

Security wise, the physical location of where data is stored is much less important than how it is accessed. The same principle applies to cloud based and traditional storage systems. Whilst web application attacks are targeted at both Cloud and on-site environments, the on-site systems have been shown to suffer far more incidents and attacks than the cloud. So the argument that these systems leads to security breaches because you don’t own them is simply a myth.

Cloud based platforms actually perform better in avoiding attacks.  They are constructed to be more robust and secure to ensue they work effectively and securely for their clients.  Traditional systems don’t have that same focus. They are likely to be administered by network technicians who have less knowledge, expertise and up to date resources. On-site systems are simply not as secure and are therefore more vulnerable to more frequent and more catastrophic attacks.

Attackers exploit weaknesses

It has been well reported that attackers know and will exploit the systems with the weakest security. On site environments serving one organisation are less likely to upgrade their firewall security or invest in the latest technology. However, cloud providers must do so for all their clients as they serve a wider number of businesses and operate vastly larger systems.

How can you ensure cloud security for your business?

You should really focus less on the geographical location of data and systems and more on how easy it is to access them. You need to know what data and systems could be vulnerable and the level of security required to safeguard them.

Cloud based computing is often more secure than traditional systems. You should still ensure you understand how a system works in relation to location and data access prior to investing. However, cloud based systems do provide additional security layers against attacks and vulnerabilities than traditional local based technology.