Most IT conversations I have these days, with colleagues, clients or friends, involve security and cyber crime. It seems that during COVID lockdowns, people became more and more reliable on the Internet and connected services to get by and for everyday needs.
The more we rely on technology, the more we must be aware of the risks associated with online life. It has become clear that we cannot any longer rely on instincts and methods from before the pandemic. The methods and means used by cyber criminals are ever more sophisticated but ultimately typically happen because of one avoidable mistake.
Having carried out a number of security audits for clients, I observed that the basic rules of IT security are hardly followed. In order to help clients protect their identity, data, systems and avoid onerous costs after an incident, I offer a three-tier approach to reviewing and improving IT security:
- Write and implement IT security policies. Before spending any money on new equipment or security software, it is critical that all users within a business or even at home, follow basic rules. Usually the policies deal with website browsing, password management, identification methods, applications management and so on.
- Get serious about back-up and disaster recovery options. Relying on Windows backup or Mac Time Machine on an external USB drive does not cut it in case of a cyber attack. Cloud storage is a really good option but is not sufficient on its own.
- Invest in reliable cyber protection software. These are not necessary expensive and add a layer of safety that helps prevent most problems.
Hackers and ill intended people rely on human error. Through the three-tier approach, we aim to very substantially reduce the risk of a human error.
Here are some “horror stories” we have witnessed over the last 24 months (since Nov 2019):
- In a medium size business, an employee clicked on an attachment in an email that looked like it was sent by one of the employee’s family members. The attachment triggered a bit locker ransomware that affected dozens of other employees;
- a child wanted to play “cool games for 7 year old”, as found on an internet search, on the family PC. The game was loaded with a spyware and the family email account was hacked;
- In a small business, an employee, working from home, used a work computer to help a child with school work. A few days later the employee’s work email account was hacked and used to spam hundreds of giga bytes worth of emails around the world;
- a website host company had recently migrated hundreds of its clients to a new web server. Within a few months the server “mysteriously” crashed and all content was lost, including DNS entries, databases, user accounts and all backups. Dozens of their clients lost everything they had online and had to start from scratch.
Do not hesitate to get in touch there if you would like to discuss your IT security.