Story image

Not long now: Cyber attacks to target local businesses

27 Jul 16

Cyber attacks are on the rise and it won’t be long before local businesses are targeted.

That was the dire warning from a report published last week from security software firm Symantec.

Echoing these warnings is Rob McEwan, Staples Rodway Taranaki IT director, who says no matter what type of business you're in, security within your IT system is crucial to maintain your reputation and avoid any major information breaches within your organisation.

Symantec reported that criminals were increasingly targeting businesses and other organisations through ransomware by exploiting security vulnerabilities in computers. The criminals would then hold the business up for ransom in order to restore their computer files. The level of these ‘fees’ has increased dramatically over recent years.

In response to this report and the growing need for New Zealand businesses to improve their cyber security, McEwan is sharing his tips to avoid the potential damage faced by many businesses.

Don’t operate your computer as an ‘Administrator’. The number one reason for not running as an administrator is to limit your exposure to malware. As an administrator, every program you run has unlimited access to your computer. If malware is able to take hold through one of those programs it is equally able to access all parts of your computer or potentially your network.

Update your software, patches and updates as soon as they come out. Not just Windows, but all third party products. It is widely recognised that as soon as patches are released hackers reverse engineer the patches to identify the problems that are being addressed. They then immediately set about writing exploit code that will attack un-patched computers. The quicker you can apply patches following their release, the less likely you will be exposed to these hackers. Also keep in mind that it's not just Microsoft patches that need to be applied but patches for all products you have installed on your computer.

Remove software from your computer that you do not need. The rule of thumb is that if you don't need it, it shouldn't be installed. The more applications you can remove from your PC the smaller the footprint for exploitation becomes. As mentioned above all third party applications must be updated to maintain a secure computer. But if you don't need to use the software; removing it means you no longer have to maintain it.

Have a reputable anti-malware (malicious software) solution installed and use its advanced features. We often find people spending a significant amount of money on antivirus software, installing it, but not configuring it to provide the protection that it is capable of. Make sure you have a good quality antivirus solution that has a robust reputation in the market and it has been installed correctly and configured to provide you with the best protection possible against modern malware threats.

Backups. The ultimate protection against a malware infection is your ability to completely restore your system from a backup. As a rule of thumb data should not be considered backed up until there are three copies, two of which are backups of the first, and one of those backups must be off-site.

Staples Rodway’s IT department has launched a cost-effective service that businesses can utilise to help avoid any imminent cyber attacks. The process involves a firewall demo unit being installed behind a businesses current firewall for a week in order to create a risk and threat analysis report.

The firewall will collect a set of data which will be analysed to determine the cyber-security risk profile and the recommendations to reduce the risk.

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Kiwis concerned about being scammed – survey
This unease is warranted given the growing sophistication of scammers and their activities, and numbers of attempted fraud.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Interview: Aruba’s NZ country manager talks channel strategy
“What we're taking to market is that message around simplification and having everything in one place.”
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.