Cloud Hosting

How can you stay safe on the internet?

The internet is a fickle beast. On the one hand, we now have access to the sum total of human knowledge (and human opinion) at our fingertips across an incredible range of devices. On the other, its opened us up to a whole new world of crime, where scammers are waiting seemingly round every corner.

But just because a threat is out there, doesnt mean you must inevitably be vulnerable to it.

Here are some simple steps to ensure both you and your business remain safe on the internet.

Running internet security software on your endpoints (computers, mobile devices, tablets, etc) is the simplest place to start with a project like this.

Most of the well-known antivirus firms, such as Kaspersky Lab, Symantec and AVG, have dedicated internet security products for both individuals and small to medium businesses (SMBs). They include features such as warning you if a page isnt secure, which is particularly important if youre going to be entering sensitive personal data, or if a page is trying to redirect you, as well as protection againstmalwaredownloads, includingransomware.

This type of software should ideally be used in conjunction with other on-deviceanti-malware programs.

Large enterprises will likely have dedicated security resources - either in the form of an individual or team - which should be leading internet security efforts and monitoring. For these businesses, an off-the-shelf solution is unlikely to be suitable. Instead, they should liaise with vendors and/or security-focused managed service providers to develop a system thats suitable for them.

Security appliances are a must, particularly for businesses with a large corporate network. The most fundamental of these is the firewall, which filters web traffic to try and prevent malware or malicious actors gaining access to the internal network. There are also email protection systems, and secure web gateway solutions that also offer protection for other internet-connected systems, such as instant messaging programmes.

If your organisation has IoT devices that are connected to the public internet, you should be paying particular attention to finding systems that can protect these end points as well, as their built-in security may not be as strong as those on PCs, laptops or mobile devices.

Educating the rest of the business is a key component of the internet security process for businesses.

The entire business should be encouraged to take a sceptical better safe than sorry approach, particularly as workers are one of the most common ways malicious actors gain entry to corporate systems.

For example, genuine-looking messages can be laden with hidden traps, like documents or PDFs containing malicious payloads or links to infected websites a technique commonly known asphishingor, when someone like the CEO or CFO is targeted, whaling.

Users should be told that if they receive an email from the finance department asking to double check this invoice, for example, they shouldnt be afraid to ask for more details about the contents before opening it. Even better, if your company uses an instant message platform, such asSkype for Business,Slackor Yammer, users should be encouraged to contact the sender directly there to double check. Similarly, the entire organisation must be trained to be receptive to this belt and braces approach and not become irritated with colleagues who are doing the best thing for the security of the business.

Similarly, if the email comes from a supplier or customer and includes an attachment or link, its better for the recipient to call them up for clarification or details than to blindly click the link out of a sense of typical dont make a fuss sentiment.

Users should also be aware of potential phone scams, particularly if the caller claims to be from Microsoft Support or similar, or the bank.

The IT department, perhaps in collaboration with HR, should be responsible keeping users up to date with the latest policies and best practices and encouraging individuals to come forward with any questions or concerns.

Everyone is confident in their own ability to create an infallible system, but theres really only one way to be sure your defences hold up under stress get someone to attack them. This will test any technical measures youve put in place, like security software, fire breaks and so on, as well as the efficacy of any training thats been put in place.

There are businesses and individuals that specialise in penetration testing who can be brought in as independent consultants. Alternatively, many security vendors also offer this service, but it may be more useful to use them before you roll out their software than after.

This kind of activity shouldnt be a one-off, however. The security landscape is ever-evolving, with new threats and methods of attack appearing all the time. This kind of drill should be carried out at least once a year to identify any areas of weakness you need to improve upon.

Sometimes, the worst happens and your business should be prepared for this eventuality. Nobody wants to be left trying to figure out whos responsible for notifying the CEO that an attack is taking place once its already underway.

A data breach response plan should include the names and contact details of the people who will be involved in responding to a breach, whether its an attack in progress or one thats over by the time its discovered. This will include members of the IT team and the CTO, who should all have defined roles, as well as the data protection officer (DPO).

In a larger business, this will also include a dedicated person (for example, the CTOs PA), who is responsible for contacting the companys legal team and, if appropriate, PR agency/crisis comms team.

Finally, make sure you keep yourself up to date with the latest security news and best practices fromreliable sources.

See the original post here:
How to: Your essential guide to internet security - PC Authority