How To prevent a Cyber Attack

If you're one of those people who think that Microsoft's Windows Defender provides adequate security to protect your business, then let me tell you now, you're wrong. 

Despite defender having improved over the years, it still lacks basic functionality, such as outlook and web-based email scanning, which unfortunately leaves users vulnerable to phishing attacks. Not only this, rather than automatically blocking and deleting found threats, it instead prompts the end user asking the question "run anyway?" which is a huge security risk, especially on larger networks. The purpose of such software is to take the guesswork out of what's legitimate and what may potentially cause damage to your IT systems.

SysFix is a UK partner of eSet cybersecurity, and from just a mere £5.78 per device per month, not only do you receive a highly dependable security suite, but it also comes fully managed too. That means we're alerted when a user downloads a virus and can take action on your behalf. We can spot trends so you can focus on training staff to prevent them from putting your systems at risk. We also manage all necessary updates and block and wipe any mobile devices which may have been lost. The eset antivirus renewal price is the same each month.

This service is available for PC, Laptop, Mac, Server and Mobile Devices.

I should also mention that Apple Macs are not exempt from cyber threats. Sure, most viruses and malware are specifically targeted towards the Microsoft Windows market, however, ransomware and phishing attempts affect us all. Gone are the days where a simple virus causes mayhem, but today, such events have greater financial implications for both home and business users alike. 

Whilst it's true that it's much harder to infect a mac, due to the fact it is built on UNIX ( a type of operating system ), it's equally true that a Mac user can be sent phishing emails asking them to reset a password account only instead, providing it to the hacker.

A business grade router has a much wider feature set compared to the free devices supplied by your internet service provider. Truth be told, those bundled routers cost less than £30 compared to an entry level business router costing £300 or more.

These enhanced features allow you to lock down your network to further prevent unauthorised access. We provide Draytek routers for small to medium businesses including full installation and configuration.

The most feature rich is the new 2862, which also incorporates 4G and external antennae, which can take over should your broadband connection drop or fail. These routers can form part of your disaster recovery plan as discussed below. The majority of companies cannot operate without an internet connection, and this business router provides a fail-over system to ensure that you're always online. 

The black antennae shown in the image connects to the mobile phone signal to the 4G network, whilst the white antennae provide wireless internet on your normal FTTC (fibre) or ADSL2+ (broadband) connection.

So what else can these mighty devices do for you?

1. Multiple Wi-Fi Networks  - Separate your business from free public access or staff use on BYOD (bring your own devices)
   
2. Restrict access to authorised devices only via mac address
3. Restrict your employees accessing web content such as torrents, online chat, and adult sites.
4. Allow you to separate your network by the use of VLANs (virtual Lans) (local area networks)
   For example - Your Apple Mac devices may never need to send traffic to PCs so split them off and minimise the risk
5. DoS Protection  - Denial of Service protection instantly blocks repeated attempts to take your device offline.
6. SMS Notification of security alerts, line dropouts, device access etc.

SysFix IT Support are a UK partner for Draytek and can supply and install devices such as these in your business, together with full expert support and technical backing from Draytek themselves. Call us on 020 3095 7740 for more information.

This is, in my opinion, one of the most useful additions to your cybersecurity arsenal.

In short, when we log in to a service, Gmail for example, we use a password. Passwords can be easily guessed by using software and a list of words called a dictionary attack. Each word will be tried in turn until successful, so this is why we techs suggest mixing up your passwords a little with Capitals, Numbers, and Symbols. 

Dual factor authentication simply means that you need to complete 2 items of security to gain access to a system. A common method is to send a pin code to your mobile phone which you also have to enter to gain access.

Accessing your network via VPN gives you full access to all computers within your organisation, printers, servers and any other network-connected device that you have permission to use. Most businesses that use VPN simply connect to their workplace by a password but by using dual-factor authentication, a connection is only granted when you have met two security tests instead of just one. The router above, for example, supports this method of authentication when using VPN, however, there are other methods to achieve this, such as eSet dual-factor authentication, which we also supply and support.

No matter how good your defenses are, from time to time, you're going to need to rely on a backup. Ensuring you can recover your data is another important step to avoid paying ransom demands when you've been infected with ransomware. The NHS was recently attacked in this way and each machine had to be wiped and reinstalled from scratch, causing significant downtime and distress for all involved.

Whether you choose to back up on-site or in the cloud, ensuring you have a data backup plan in place is an important step in protecting your business from a cyber attack. This forms an integral part of your disaster recovery plan.

Your disaster recovery plan is made up of a number of steps that should be performed in order of importance, to resurrect your business in the event of a disaster. This could be the result of a targeted cyber attack, a critical power outage or a natural disaster such as a flood or fire.

Understanding how Information Technology affects your business is a critical part of creating a plan and identifying the specific needs of your disaster recovery plan. Most businesses cannot function for instance without E-Mail and Internet connectivity. In the event of a disaster, do you have a plan in place to ensure you can swiftly resurrect your critical services in another location?

Equally, having a finely tuned plan is all well and good, but unless you set time to test its effectiveness by actually performing a test run, you're never going to be 100% certain that it works! 

Part of your recovery plan should also cover the fundamentals, such as a list of all your critical suppliers contact names and numbers, insurance plans and other emergency contacts or passwords.

Laptops, Phones, IPads and other transportable devices are at risk of being lost, misplaced or stolen. Without the need of a sophisticated attack, a rogue individual could access your companies information quite easily. Sure it may need a password to log on, but did you know that you can easily download a program from the internet that can reset passwords, and it's easily obtainable and packaged with many IT tech recovery CDs. 

By encrypting your devices, a little like dual-factor authentication, the end user is required to enter a second password or PIN to gain access to a system. All information on the machine is jumbled up and makes no sense to anyone until the 2 keys are entered, allowing the system to boot (start up).

This should form part of your GDPR plan (EU Data Protection Law), and this aspect does not need to be expensive. If you have Windows Professional, you can use bitlocker drive encryption on laptops and desktops or download VeraCrypt for free. If you're looking for a more advanced solution or wish for an IT company to centrally manage your devices then that's also possible.

We all see junk emails in our inbox, probably every day, but there are many ways to significantly reduce the amount we receive. SPF, Domain-Key and spam subscription services all play a part in reducing risk and by risk, I'm not necessarily talking about reducing the annoyance factor, but the reduction of risk in respect of receiving a phishing email. 

A Phishing email is an attempt to convince the end user that the email sent is legitimate but asks the user to provide some confidential information. This is usually in the form of a "click here to reset your password" or "please confirm your details" but all is not as it seems. These emails are formed to look as if they have been sent by your bank or another legitimate source, however, when you do take action (entering a password), all you're doing is sending the attacker your password. 

An anti-spam solution costs on average around £8 per user per month so it's something that should be considered to reduce your risk. At SysFix, we have been performing a lot of office 365 migrations for our clients, which not only results in improved email availability but also introduces anti-spam tools that can be used to minimise your risk.