The issue of information security is trending in the news again with multiple instances of hacking and information breaches that have exposed the private details of tens of millions in countries around the globe, including South Africa.
Statistics collected by Fortinet shows that nine million South Africans fell prey to cybercrime in 2016, with up to 40% of ransomware victims that pay up. Businesses aren’t immune to this risk either: 33% of South African companies were impacted, with 15% experiencing an attack through their website, and they must take the necessary precautions to protect their networks and data.
With malicious intent often underlying these incidents, attacks are directed through multiple areas, including the network perimeter, websites and email, and an integrated security strategy is required to efficiently respond to these threats.
There are eight steps that companies can start off with to improve:
1. Ensure email security has targeted threat protection: statistics show that up to 90 percent of breaches come via email phishing, and proactively screening for potential threats of such nature helps minimise risk.
2. Use a reputable firewall: rather than relying on consumer equipment, businesses should turn to more robust firewall solutions that include advanced functionality including web and email filtering, data loss prevention, and management and reporting features.
3. Backup files regularly: all businesses should backup important information to ensure redundancy in case of data loss through equipment failure, accidental error, data corruption, natural disasters etc. Best practice also calls for data backups to be held offsite, and away from your main network, and turning to the cloud for backup and disaster recovery is one option.
4. Run scheduled tests: actively looking for weaknesses in your network means that you get to close vulnerabilities before they are exploited by hackers. Apart from running a battery of tests including network and port scans (manually or automated through software), companies are turning to hiring ‘white hat’ hackers or even offering the public rewards for finding bugs.
5. Change passwords regularly: A joint study by Google and the University of California that monitored stolen credentials shows that nearly two billion usernames and passwords exposed through breaches are available on the blackmarket. Regularly changing passwords ensures that the integrity of your network and/or data is not compromised.
6. Check policies and procedures: depending on the size of your business, this can range all the way from a single sheet to a comprehensive document that deals with systems and processes around ICT infrastructure, regulatory compliance, and employee awareness and training. This policy needs to be regularly updated to keep up with changes to the business, the technology uses, and new threats emerging.
7. Be cautious about opening unsolicited emails: employees are increasingly being targeted, with hackers using ever more sophisticated methods including ‘whaling attacks’, which are a highly personalised form of phishing that are directed at senior management, aimed at getting them to part with confidential company information.
8. Train your staff: as much as companies can rely on technology to improve data and network security, training employees to be digitally vigilant is vital to ensure that endpoints do not turn into the weakest link the the cybersecurity chain. This is especially important as work concepts such as enterprise mobility and Bring Your Own Device gain in momentum.