Story image

Not long now: Cyber attacks to target local businesses

27 Jul 2016

Cyber attacks are on the rise and it won’t be long before local businesses are targeted.

That was the dire warning from a report published last week from security software firm Symantec.

Echoing these warnings is Rob McEwan, Staples Rodway Taranaki IT director, who says no matter what type of business you're in, security within your IT system is crucial to maintain your reputation and avoid any major information breaches within your organisation.

Symantec reported that criminals were increasingly targeting businesses and other organisations through ransomware by exploiting security vulnerabilities in computers. The criminals would then hold the business up for ransom in order to restore their computer files. The level of these ‘fees’ has increased dramatically over recent years.

In response to this report and the growing need for New Zealand businesses to improve their cyber security, McEwan is sharing his tips to avoid the potential damage faced by many businesses.

Don’t operate your computer as an ‘Administrator’. The number one reason for not running as an administrator is to limit your exposure to malware. As an administrator, every program you run has unlimited access to your computer. If malware is able to take hold through one of those programs it is equally able to access all parts of your computer or potentially your network.

Update your software, patches and updates as soon as they come out. Not just Windows, but all third party products. It is widely recognised that as soon as patches are released hackers reverse engineer the patches to identify the problems that are being addressed. They then immediately set about writing exploit code that will attack un-patched computers. The quicker you can apply patches following their release, the less likely you will be exposed to these hackers. Also keep in mind that it's not just Microsoft patches that need to be applied but patches for all products you have installed on your computer.

Remove software from your computer that you do not need. The rule of thumb is that if you don't need it, it shouldn't be installed. The more applications you can remove from your PC the smaller the footprint for exploitation becomes. As mentioned above all third party applications must be updated to maintain a secure computer. But if you don't need to use the software; removing it means you no longer have to maintain it.

Have a reputable anti-malware (malicious software) solution installed and use its advanced features. We often find people spending a significant amount of money on antivirus software, installing it, but not configuring it to provide the protection that it is capable of. Make sure you have a good quality antivirus solution that has a robust reputation in the market and it has been installed correctly and configured to provide you with the best protection possible against modern malware threats.

Backups. The ultimate protection against a malware infection is your ability to completely restore your system from a backup. As a rule of thumb data should not be considered backed up until there are three copies, two of which are backups of the first, and one of those backups must be off-site.

Staples Rodway’s IT department has launched a cost-effective service that businesses can utilise to help avoid any imminent cyber attacks. The process involves a firewall demo unit being installed behind a businesses current firewall for a week in order to create a risk and threat analysis report.

The firewall will collect a set of data which will be analysed to determine the cyber-security risk profile and the recommendations to reduce the risk.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.