How Secure is your Data?

By Colin Turnbull, BIC IT Manager

Colin TurnbullWith Ransomware attacks affecting hundreds of organisations, it’s vital you take steps now to secure your data. 

Take a look at our safety checklist to see just how secure your data is.

The following is by no means a definitive checklist but it’ll get you a long way in keeping your data safe.

1. Is your password strong?

The majority of passwords that people use are weak. They include names, dates and have obvious number letter substitutions. You may use the same password for everything so if it is hacked once you are compromised everywhere. Dropbox had 60 million accounts hacked so that’s a lot of passwords hackers can try out using brute force attacks. Brute force attacks are where a hacker will try millions of passwords to get into your data, until they are successful.

Here’s how long it typically takes different strength passwords to be hacked using brute force:

password – 1 sec
John9 – 2 mins
Jennifer1980 – 3 mins
Th0m@s76 – 3 mins
pQ3269%3&0AU – 400 years

When it comes to passwords, stay strong! And install a decent firewall that can detect and block brute force attacks.

2. Is your firewall configured correctly?

Having a firewall is one thing but is it correctly configured? If you have ports open for incoming traffic your systems could be hacked. To check which ports are open you can run a port scanner.

https://mxtoolbox.com/PortScan.aspx

Some ports may need to be open, but if you’re not sure get expert advice. Ransomware attacks can encrypt your data via an open SMB port (such as 445). Don’t let it be you!

3. Are you using secure VPN?

Remote access to office data is typically done via a VPN connection (Virtual Private Networking). Built into Windows is a VPN connection option called PPTP, this isn’t very secure. If you connect remotely to your office file server ensure you are using SSL VPN (Secure Sockets Layer).

4. Is your software up to date?

Hackers and malware (viruses etc.) attack data via known vulnerabilities in software. If you are using Windows software your data is particularly vulnerable from attack, especially if you have this software running your server. A leak from the US Government exposed a large number of vulnerabilities in Microsoft software that are now being exploited. Microsoft updates look to plug these vulnerabilities so ensure you have the latest software updates.

5. Is your data backed up?

If the worst happens and your data is destroyed or lost then how do you recover your data? If you have a recent backup from last night then you can breathe a sigh of relief. If not you are up the creek! Remember when you are backing up your main servers, what about your laptop? Ideally you shouldn’t keep data on your personal computers, it should be on a central server that is secure and backed up. If you have more than a couple of staff then you should consider a proper file server with enhanced security.

6. Do you know who has access to your data and email?

Unless you have a physical server and know where it is, you may have your data and email scattered across the world in various data centres. This is often the case if you are using cloud servers. It is next to impossible to nail down where your data is and who can look at it, and who might manipulate and mine it for commercial or malicious purposes.

Your data is your crown jewels so keep it under lock and key under your control.

7. How aware are members of staff of email and other Internet scams?

Your financial manager receives an email from your bank asking to verify account details, only it’s not from your bank. Would they know how to spot it was a forged email? Would your email filtering software identify it as a forgery?

A member of staff gets a call from IT support asking for their Team viewer details to do a software update. They give out the details and a scammer logs in, accesses your accounts system and empties your bank account.

Make sure staff are aware of the dangers.

8. Do you have a disaster recovery plan?

You get a phone call to say that your office has been reduced to rubble. How quickly can you get your business back up and running? Have a plan, and an offsite backup of your data!

9. Your computer/server has ‘died’. How quickly can you get it fixed?

If you have an on-premise server then you should be able to get back up and running quickly as you are in control alongside your support company. If your data is out in the cloud that’s just been hit by a worldwide cyber attack then you will have to call a very busy support desk. Check what is in place if critical systems are not available and consider how much control you have to resolve things as and when they go wrong, which they will. If your data is in the cloud, where’s your backup?

10. Can staff access anything they want on the Internet?

There’s lots of malicious software on the Internet so you might want to control what computers and users can access online. You might not want executable files (programs) being downloaded from the Internet.

Ensure you have systems in place that will monitor and control what can be accessed from within your office. This is especially critical if an infected computer comes into your office that has a virus that can then send out millions of emails through your office broadband. This would likely result in your connection and domain becoming blacklisted so you will then be unable to send or receive any emails, and your broadband provider may cut you off. Take control!

For peace of mind contact me to arrange a free security check or to discuss any concerns you have.

colin.turnbull@ne-bic.co.uk 0191 516 6200

Find out more about the BIC’s IT Services here

Sign up to our newsletter