Basic Cyber Security

Many customers we see during our daily work (and rescues) don’t even have the most basic cyber security measures in place. The author intends this article for the non-technical business owner or manager, to assist and educate the need to protect their business and computer users against ever-evolving cyber threats.

Cyber security threats are continually evolving. Viruses, worms, Trojan horses, Spyware, Phishing, Adware and Scare-ware have all been around for a long time. Lately, one particular form of malware known as Ransomware has been creating havoc with businesses and organisations worldwide.

Ransomware, when detonated works by locking up your files using encryption. The cyber criminal then demands a ransom from the victim in bitcoins. In theory this ransom gets a code that allows the unlocking of your vital files. However some cyber criminals are not very honest in this respect. They just take your ransom and you don’t get a code.

Ransomware

In all cases we have seen, humans detonate the ransomware package at an endpoint in the network. Ransomware mostly arrives in email as either an attachment or as a link to a malicious or compromised website. Ransomware spreads also from software downloads, websites and advertising delivered over online ad networks.

What can you do?

Educating yourself and your employees are the #1 defense against cyber criminals.

  • Three years ago, in the olden days, we used to say don’t open an email or attachment from someone you don’t know. These days that rule still applies, however, we have seen cases of ransomware being “redistributed” to everybody in the victim’s email address book, so it’s not just people you don’t know that you can’t trust.
  • Think about that attachment or link you are about to open. Common sense applies. Were you really expecting an invoice from your mother? Were you really expecting that traffic ticket from the police? (Think – how did the Police ever get your email address?)
  • If in doubt about an email then phone the person up and ask if they just sent you that attachment. Better to be safe than sorry.

The most basic cyber security needed on your computers and network.

  • Every endpoint in your network (Cell-phones, Laptops, Desktops, Servers etc.) must have up to date and functional business grade Anti-Virus software.
  • Apply Operating System patches. Manufacturers like Apple, Microsoft and others regularly release patches and updates to fix vulnerabilities that have been discovered (mostly by cyber criminals) in their operating systems.
  • Apply application patches. Products like Office, Adobe, Chrome to name but a few, all have vulnerabilities and exploits. As these exploits get discovered patches are released by the manufacturers to remedy the situation.
  • Always use the latest version of the operating system available. Whilst Microsoft’s Windows 7 is still around and a good operating system, Windows 10 is inherently much more secure.
  • Restrict administrative privileges. Only log in as the administrator to perform administrative functions. Your regular login (and your employees) should only have standard user rights. Why? This makes it harder for malware to be installed, as installation usually requires administrative privileges.
  • Backup your data daily. This needs to be business grade and not to a shared drive on the network. Why? Most ransomware will spread to every “share” it can find – too bad if that is your backup. With regards to ransomware the phrase “Backup or Pay up” springs to mind.

Beyond basic – The next level of cyber security measures.

Once the basics are covered off, we can then talk topics like firewalls, VPN, cloud virus and spam pre-filtering of emails, changing settings in software, 2-factor authentication, and an application that detects and stops unauthorized encryption etc. These will give a much more comprehensive solution beyond basic, however “comprehensive” is probably beyond the scope of this document titled “Basic Cyber Security” and would make it rather long and too technical.

How can Computer Troubleshooters help?

  • Businesses without their own IT resource will often need assistance in implementing these basic cyber security measures. As an IT department for the small and medium-sized businesses, Computer Troubleshooters can be your IT resource.
  • We are able to deploy a management system to your computer(s) and network that keeps a track of your Anti-Virus, Patching, and Backups etc. This system reports to our service desk when things are going away.
  • We are able to assist with your staff training, with a presentation and booklets etc.

Technical Stuff/Further Reading

NZ Government Communications Security Bureau – NZ Information Security Manual Download Page

 

Comments for this post are closed.