The most fundamental aspect of cybersecurity is endpoint protection. That is, protecting the PCs and laptops which staff use to do their work.

This begins with Anti Virus software and ensuring that the latest operating system patches have been applied.

It can be enhanced further by making sure administrator access is restricted. Restricting an end user from installing unauthorized software is also a significant protection against external threats.

SPAM filtering and Web filtering are other ways to protect your users from accessing or being exposed to potentially harmful attachments, links or websites.

Every couple of months a new cyber threat emerges and businesses need to be in a position to prevent these threats affecting them. In recent months we have seen:

Ransom Worms:

  • Encrypts user data and demands a bitcoin ransom to decrypt
  • Ransom worm requires no user input to infect victims computers
  • Automatically spreads via open ports

 

Solution:

  • Patching servers and workstations to close vulnerabilities

Spear Phishing:

  • Phishing emails are only going to get more common.
  • Users are more willing to click on emails that uses their name in the body of the email.
  • Emotet is a virus that started as a credential stealing virus, but now has morphed and also scrapes users’ emails and contacts to use in a personalised phishing spam campaign.
  • The virus is polymorphic, leaving it very difficult to detect and remove by signature based anti-malware software.

 

Solution:

  • Train staff regularly to keep them vigilant when dealing with emails. Quarterly training sessions are recommended, twice yearly at minimum.

Crypto Jacking:

  • Anti-malware will remove known crypto miners. New crypto miners can remain on server for a considerable time, increasing the risk of data leak if the malware morphs.
  • Baselining servers is the best solution, monitoring can then be used to alert on high resource usage, process whitelisting and alerting on new uncategorised processes (CW Automate can do this).
  • Monitor the network for dataflows to alert on new flows to command and control centre’s or unusual internet destinations (SIEM tools can provide this).

File Less Malware:

  • Very difficult to detect; anti-malware is poor at detecting.
  • Server hardening, process monitoring, NetFlow monitoring – looking for command and control centre flows.
  • The EDR module of BitDefender is designed to detect these types of attacks.

All of these security measures are generally set out in an organisations’ Security Policies. There are some excellent technical solutions which can assist in terms of implementing the security policy.

  • EMS – Enterprise Mobility Management
  • Intune – Mobile Device and app management
  • Azure AD Premium – Identity and Access management for working with Office 365
  • Auditing of access to files

 

Certification

For some organisations, there is a requirement to demonstrate their data and IT Security. Cyber Essentials is a globally recognised cybersecurity certification that offers a sound foundation of basic IT security controls. Intuity is both ISO and Cyber Essentials certified and are approved providers of Cyber Essentials. We can help you gain your own Cyber Essentials Certification.

We take a multi-faceted approach to Data and IT Security. Click here for some straightforward advice on your IT and Data Security.

Call today and speak to one of our experts

Request a Call Back

  • This field is for validation purposes and should be left unchanged.

We also recommend the following services for a complete solution for your business