Quick I.T. Security Wins

By Suzie Cowling|23rd March 2021

Ransomware protection, ransomware contracts
This month marks the anniversary of when we started Lockdown and as we stated in our Spring newsletter, the cyberthreats and cybersecurity incidents just keep increasing. I had a chat with Chris Lord, our technical director, and he pointed out a few quick IT security wins that people can adopt very easily and could make a huge difference to on-line security.

Our work lives are busy and can be stressful with our email inboxes filling on a daily basis with a variety of requests. One of which may ask you to enter your O365 details, only for you to realise  afterwards that you have just become another victim of a cyberattack and when you actually look at it properly, the logo isn’t as sharp as it should be and the grammar and punctuation are obviously shocking…what do they say about hindsight…? 

A company, with the help of their IT provider or in-house team, can install a myriad of technological solutions to minimise the risk and these will provide protection but at the end of the day, the biggest vulnerability is the end-user.  

It is still a common occurrence to see very weak passwords being used. Chris Lord, our technical director, wrote about this very subject over two years ago – where he recommended using 12 characters, easy to remember but hard to guess passphrases instead of passwords  – https://www.deansplc.co.uk/forget-passwords/. A company-wide directive requesting that all staff adopt this route would make such a difference, taking little effort to implement and also at little or no cost. 

We all have those moments when we need to get some work finished or place an order for something urgent and we cannot remember our password and then panic sets in. Again, Chris Lord recommends a couple of easy to implement actions. Firstly, storing all passwords in a ‘note’ on a modern iPhone or Android device with a 6 digit PIN that is very secure (as long as no one knows your pin!) and secondly storing all passwords in a password protected Excel or Word document which gives AES 256-bit encryption.  

Another quick win solution is to check for all Microsoft updates, we all know that it can be a pain when the reminder message comes up and we are in the middle of something, so we press ignore and continue to ignore. However, there is a very good reason behind those updates – SECURITY! Security updates work to protect against new and ongoing threats. These cyber criminals do not sit back, they are developing new and more sophisticated threats all the time. New malware is released every day and without these security patches from windows updates your whole network is more at risk. – there are also other benefits to updating – read about them here – https://www.deansplc.co.uk/microsoft-updates/

There are many organisations publishing helpful advice that you can get for free – for example, the National Cyber Security Centre has information for individuals, families, and companies. Their infographic on Phishing is well worth a read – https://www.ncsc.gov.uk/files/Phishing-attacks-dealing-suspicious-emails-infographic.pdf and should be circulated to all members of the team. Regular memos to staff reminding them to stay vigilant could save money and heartache.