The IT security threats that can affect our companies’ data are bigger every day, and not only bigger but more sophisticated, it is no secret. Furthermore during this time of lockdowns, an increased amount of companies worldwide have opened their doors for their workers to be able to access the information remotely. Needless to say this has been done with no previous planning rather hastily.
Once most of the companies find the benefits of the so called “teleworking”, it is time to do some planning on this new working style.
Take into account the following; if there are vulnerabilities found in IT equipment located physically at the companies, imagine the security level a domestic use computer with an often doubtful operating system can have, and from where we will be accessing our companies information. Same system (most likely not updated) is being used by grandparents to video call their grandchildren, kids playing with software his uncle sent him, where we access different shopping sites and of course all this with our free anti-virus (in the best case scenario) that we have not updated since who knows when and valid for our smartphone, tablet and any other device we may use.
In light of this new reality, we should take several measures that can mitigate these actions that are taking place in our companies. These are some recommendations:
1. Perform security copies of the company’s data, especially the most relevant one. That Mickey Mouse video could be retrieved at any time.
2. In order to make those copies, weneed to do ananalysis that allows us to know which data is essential in our company and where it is located.
3. The security copies that we perform on mobile devices are always valid as long as they are additional copies and that comply with certain security measures such as the stored information encryption and that device can be only accessed with a password. Something else to consider, is not taking it in a jacket pocket when we go outside.
4. The NAS devices that are permanently connected to our company’s local network. Creating security copies against these devices is valid only if it is supported by another security copies system. We are detecting a constant vulnerability on these devices and there are companies basing their security copies system on the network security storage (NAS) and end up losing all their information. The NAS are not designed for data servers. We are also detecting that some companies are using NAS from the main servers and when there is an issue, they mentioned they had RAID 1, RAID 5 or RAID 10. RAID protocols are designed for electronic errors, meaning, hardware errors and we need to keep in mind that most of the cyber-attacks are on software and have a 95% chance of happening over a hardware error. Another added issue in the NAS technology is that in case of information loss, taking a RAID 5 to a lab for data recovery will always cost over 6.000 Euros.
5. The online security copies that comply with the encryption systems in transport and storage, in order to be able to access the latest copies and have available monthly, quarterly or annual copies. Having online access and with support in order to be able to recover totally or partially the information (from yesterday or 15 days prior). In addition, we have a local security copies system, an agenda planning and that it is only destined to make security copies managed by a technician.
In the following articles I will show you how we can keep making progress in basic security environments in order to be able to perform “telework” in an effective manner and that our companies can economically afford.
The SME and especially the micro SME and freelancers have more limitations one of them being economic, and we are well aware.