The London urban area is home to thousands of businesses, and the great majority of them are in the small business category. Computer and network security are important to all of them, from Central London to the surrounding areas in North and East London. You're never too small to be a target. Criminals have their eyes on computer systems throughout the UK. Even if you think your site contains little valuable information, it can be hit by ransomware or become a jumping-off point for attacking other networks. London businesses need to understand the basics of security and have a plan for protecting data and IT system. This article offers you a high-level overview of what's necessary to judge the quality of your business cybersecurity and how to make it stronger.
To understand what's involved in security, you should be familiar with some central concepts. They include minimising exposure, managing authentication and authorisation, training employees in security awareness, maintaining software, and being able to recover data.
A network on the Internet is accessible to visitors in England and far away. This is useful, but it's also dangerous. The more services you expose to Internet access, the more opportunities there are for an attack. Sound security practices minimise what's accessible. The most important line of defence is the firewall. It determines what parts of your network are open to outside access. Your IT services department needs to configure it to expose only what's necessary. Your firewall should block unwanted and hostile traffic.
People seeking unauthorised access to accounts need to be kept out. Passwords are the main line of defence in most networks. Left to their own choices, people often choose easily guessed passwords like "password" and "12345678." Your company policy has to require strong passwords, and software can enforce the policy. A good password should be long — 10 characters is a good minimum, more is better — and it should be hard to guess. Dictionary words and the names of people and places are poor choices.
Accounts should have only the access they need. Only trusted administrators should have administrative privileges. Even high-ranking executives should have limited access. An intruder who breaks into an account with restricted privileges won't have the keys to everything.
Most security exploits involve human error. Email phishing is a leading attack method. Your users should know how to spot suspicious messages and treat them carefully. They shouldn't open questionable attachments, follow links to dubious sites, or override security warnings without getting independent confirmation. If they aren't sure, they should check with a tech support person.
Most software has bugs. Some bugs cause vulnerabilities and open up security holes. When software publishers learn about them, they fix the problem and issue an update. Once they do, criminals know about their weaknesses and exploit them. They know that not everyone will install the update right away. If your IT services department doesn't update installed software, it leaves your network open to threats.
To be safe, you have to install security updates for all your software soon after they become available. If possible, the updates should happen automatically. That saves the work of constantly checking if there's a new version available and installing it.
Sometimes, in spite of everything your people do, your systems get corrupted or lose data. Ransomware causes expensive damage if you can't recover the files, whether you pay or not. It's hit a number of public agencies in the UK, and the City of London has been reported as an especially popular target. Other types of malware can also alter or destroy data. The best protection is an up-to-date backup of all important files. The backup should be off the premises for maximum protection.
Doing all these things is a lot of work for a small or medium business with limited IT resources. Many London businesses find it helpful to engage a local IT support company to help with cybersecurity. It can provide you with additional services, such as these.
Starting with a security assessment helps you to identify problems and set priorities. When you know what the most pressing issues are, you can start by addressing them and then proceed to other matters as time allows. For instance, if you have software which is no longer supported (e.g., Windows 7), upgrading it should be one of your first concerns.
Periodic security audits will let your IT team track progress and catch any new problems. They take a little time, but they can save the need to reinstall systems and restore data.
Malware may infect a machine and communicate with systems run by criminals. Catching it in the act of communicating lets your IT staff remove it and repair the damage. There are two kinds of monitoring: external and internal. The first kind looks at all traffic going in and out of your network. The second looks at data movement inside the network, including attempts to infect other machines.
Data on your systems is safer if it's encrypted using a secret key. If someone steals the information but doesn't know how to decrypt it, it's useless to the thief. This technology is valuable with passwords, personal financial data, and protected health information.
Encryption protects data in motion as well. Information which is encrypted in transit is safe even if someone taps your communication line. All communication of sensitive data over the Internet should be encrypted.
A security incident can happen even with the best protection. Your business should have a plan for how to deal with it so that the response is quick and orderly. Designated people need to isolate the problem so it doesn't spread. They have to take remedial action to remove malware and recover lost data. Reporting to affected parties may be required. After the immediate problem is solved, you have to find out how it happened and prevent a recurrence.
For a business with limited IT staff, doing all this alone can be difficult.
We're an IT Support company in London working with medium-sized businesses. We offer risk assessment, tech security and much more. Contact us and we'll be glad to help.