Once the realm of IT security professionals, cybersecurity is now an issue and concern for all business people. The scale and volume of cybersecurity threats to business has been steadily increasing. There are many examples of high-profile security breaches such as those at BA and the Marriott hotel Group which exposed millions of people’s personal details.
Nearer to home, the Luas tram operator’s website defaced and taken offline for almost a month. Ransomware has been a threat to many businesses and public sector agencies. An Garda Siochana has warned that fake invoice scams are costing Irish business €4.5 million per year. (This is very likely an underestimate, since Garda figures rely on reported crimes.) Back in 2016, the Central Bank of Ireland issued a stark warning: “Firms should assume that they will be subject to a successful cyber-attack or business interruption”.
Cybercriminals and their methods
Cybercrime is a big business and criminals are looking to steal information such as financial details, credit card information, personal details, or any other information which they can sell or trade. These criminals are becoming more and more sophisticated and employ many different methods of attacking companies’ computer networks.
One of the primary weapons in their arsenal is malware, or malicious software – what we used to call a computer virus. While email has been the main method for the spread of these recent computer viruses, it is not the only method. Malware can enter a network by USB device, internet download, visiting an infected website, instant messaging or messaging in social media platforms, file transfer and file sharing programs, or by remote users connecting directly to the corporate network with an infected PC.
Once malware gets into a network, it can spread from computer to computer in multiple ways. So, how can an organisation ensure that its network is protected? Here are 13 steps to help put better protection in place.
1 Install security software
Ensure that reputable security software – sometimes called anti-virus, or anti-malware – is installed on all computers. This should include all servers, PCs, laptops and tablets. If employees use computers at home for business use, or to remotely access the network, these devices should also run security software.
2 Ensure that the anti-virus software is up to date
Every day, new malware appears. That’s why it’s essential that businesses are protected from these viruses by keeping their security software up to date. If possible, companies should look at policies whereby computers that don’t have the most up-to-date anti-virus software installed don’t have permission to connect to the network.
3 Use a firewall to protect networks
As malware can spread by means other than email, it is important to block unwanted traffic from entering the network by using a firewall. For users that use computers for business away from the protection of the company’s network, such as home PCs or laptops, you should install a personal firewall to ensure the computer is protected.
4 Filter all email traffic
You should filter all incoming and outgoing email for computer viruses. This filter should ideally be at the perimeter of the network to prevent computer viruses. Emails with certain file attachments commonly used by computer viruses to spread themselves, such as .EXE, .COM and .SCR files, should also be prevented from entering the network.
5 Educate all users to be careful of suspicious emails
Ensure that all users know to never open an attachment or to click on a link in an email they are not expecting. Even when the email is from a known source, they should exercise caution when opening attachments or clicking on links in emails. Criminals use the trust placed in an email contact you know to trick you into clicking on a link or attachment. Here are our tips for businesses to help employees spot potential scam or spoofed emails.
6 Scan internet downloads
Scan all files downloaded from the Internet for viruses before being used. Ideally, this scanning should be done from one central point on the network to ensure that all files are properly scanned.
7 Don’t run programs of unknown origin
It is important that you use a trusted source for your software requirements. This ensures that all software installed can be accounted for and that its sources can be confirmed to be legitimate. Apart from ensuring that the correct licensing agreements are in place, using a trusted supplier can help reduce the risk of software infected with a virus compromising your business. All users should be educated to never run a computer program unless the source is known or has originated from a person or company that is trusted.
8 Implement a vulnerability management programme
Most computer viruses and worms try to exploit bugs and vulnerabilities within the operating system and applications that companies use. New vulnerabilities are introduced into networks every day, be that from installing new software and services, making changes to existing systems or simply from previously undiscovered vulnerabilities coming to light.
It is important to regularly review your network and the applications running on it for new vulnerabilities. Rate and prioritise any discovered vulnerabilities based on their criticality and the potential business impact they could have. Once you have done this, form a plan on how to manage those vulnerabilities, either by patching, upgrading, or managing the vulnerability using tools such as firewalls or Intrusion Detection Systems.
9 Make regular backups of critical data
It is important to ensure that regular copies of important files are kept either on removable media such as portable drives or tape to ensure you have a trusted source for data in the event that the network is infected with a computer virus. Not only will this ensure that important data is available in the event of a computer virus infecting the company’s network, backups will also enable the company to restore systems to software that is known to be free from computer virus infection. For added security, you should store these backups securely offsite. That way should a major disaster happen to the business, e.g. the building goes on fire, the data will remain safe in the secure offsite location and can be restored quickly in a new facility.
10 Develop an information security policy
Creating and publishing an Information Security Policy is key to ensuring that information security receives the profile it requires in the organisation. It is the first critical step in securing the company’s systems and data. It is important that senior management support the Information Security Policy and that all users are made aware of their roles and responsibilities under this policy.
11 Monitor logs and systems
Regular monitoring of network and system logs can assist in the early identification of a computer virus infecting the network or other attacks by criminals. Unusual traffic patterns or log entries could indicate that the network has been infected or that its security has been compromised. As well as monitoring for suspicious traffic and events, it is important that logs for other devices are checked regularly to ensure that the network remains protected. Log files for the backups should be checked regularly to ensure that the backups succeeded, likewise the log files for anti-virus software deployed should be regularly checked to ensure that all PCs are running the latest version of the anti-virus software.
12 Develop an incident response plan
Knowing what to do when a virus enters the network or when you suffer a security breach is critical to minimise the damage they may cause, both to the business and also to customers and suppliers. The incident response plan should outline the roles and responsibilities that people have in the event of a computer virus infecting the network or indeed any other type of security breach. This plan should be drawn up and agreed between all relevant parties before an incident occurs. Remember, the worst time to develop a security incident response plan is in the middle of such an incident. Here’s our blog with 10 tips for developing an incident response plan.
13 Restrict end user access to systems
Where possible, end users should not be given administrative privileges on their devices. Most malware can only run in the context of the user that is logged into the system, i.e. they only have the same permissions as the user running the program. If that user has their access restricted, then the virus will be similarly restricted. Unfortunately, many applications designed for the Windows platform require the end user to have such privileges; however these users should be the exception rather than the rule.
Fortunately, there are many resources to help businesses and organisations to protect themselves and their important data. The Data Protection Commission has a useful roundup of links to help review or set security policies. As well as our own blog, at BH Consulting we also like the UK National Cyber Security Centre for its very detailed and useful guidance for SMEs and large organisations. The equivalent agency in Ireland has also become more active recently. Earlier this year, it published a 12-step guide to better security.
If your organisation or business doesn’t have the resources to follow all of the steps we’ve outlined above, it may be helpful to work with a specialist security provider who can provide advice and may be able to carry out some of these steps for you.
Cybersecurity threats poses a very real and constant threat to every business. It is important that businesses recognise this threat and take the appropriate steps, such as those outlined above, to reduce the likelihood of an incident, and minimise its impact if it does.