We had a great day out at the TES Customer Day Event recently, held at Cavendish Square in the heart of London’s West End.
The all-day event hosted some great speakers from TES along with Microsoft and QBS Group. The day was to update everyone on what is available, particularly for non-profits and how you can leverage it to your benefit. It was also a pleasure to be invited to speak at this event and we hope everyone gained value from our presentation. For those that could not make it, allow me to catch you up on what we covered.
We took the audience through an analysis of a ransomware cyber-attack on a UK business. The main points covered the investigation to discover how and when did the attackers gain entry, along with the steps in a lengthy recovery process to get the business fully back up and running. Data had been extracted by the threat actors and then the attackers encrypted everything from files, databases, operating systems and much more. System damage was extreme and the cyber insurers wanted full forensics done, meaning the production environment needed to be isolated and kept online for analysis and investigation.
This case is one of many on the rise in recent times which highlights the importance of not only your security protocols and procedures working and being up to date, but the need for the human firewall to be at the forefront of any organisation’s security considerations – your users can be the weakest link.
We went on to explain how and why the human factor can be catastrophic for your organisation if not managed well. The analysis of the cyber-attack highlighted some key lessons for which other organisation’s can take away and build upon their own security layers.
- Good lifecycle and patch management
- Is your technology near it’s end of life? Do you still have Vendor Support enabling you to receive the support from the partner or vendor and to cover important security patches and updates to ensure your tech works as it should?
- Multifactor Authentication (MFA)
- Does everyone in your organisation use MFA? Do you have Multifactor Authentication as an extra layer of security for your users? MFA increases your security layer per user by 40-50% as its no longer just the credentials that give access, it’s what device your users hold too..
- Do you regularly review your IT Environment?
- Ensuring the products and services in use, and their configurations, are current and reflective of the needs of the organisation.
- User discipline and awareness
- Many organisations train their users on how to use email or a business app but not how to be more security aware, or risk adverse. The minimalistic once a year, hourly security training workshop is not sufficient in ensuring your users are aware, trained what to look for and compliant with the next steps. Your users are part of your security layer – educate and advise them to be effective! Consider a Cyber Training Platform.
- Do you have a password policy?
- As simple as it may seem, a staggering 81% of people use the same password for everything. Attackers can mine for potential passwords and once it works once, they can typically use it for other apps and services initernally and externally. This can be extremely frightening for an organisation if your executive leadership team are part of the 81% due to a lack of awareness of the consequences of poor password discipline.
The list above are just a few of the areas we covered and you should consider to ensure you have a robust security approach and minimise potential threats to your organisation whenever possible. We have a plethora of software, infrastructure and training recommendations that can be tailored to your organisation’s needs as well as specialists that can advise and guide you in your current risk position and how to improve it.
If you would like some more information on who we are and how we can help your organisation, please have a browse of our website and fill in the Contact Us page to receive a free 30 minute consultation with one of our Specialists.
Thanks for reading and have a great rest of the week.