Keeping Your IT Available, Safe And Up To Date
This week we have collaborated with companies that we work with or provide a home to here at the Business Design Centre, who work within and alongside the tech sector. To celebrate London Tech Week we have a blog each day this week, featuring a member of our community and their view of the industry. Today we hear from Neil McCracken, Managing Director of ITSD, who shares some of his key knowledge on keeping your tech safe...
"Tech week is an exciting time, packed with wonderful events and lots of innovation and I am honoured to contribute. We have been working with the Business Design Centre since 2003 and have built a strong working partnership and mutual respect in that time. ITSD forms an integral part of the business, working at a strategic level with the board and providing helpdesk, server support and a number of other IT services to the venue.
I’m mindful that technology for many business owners can be a daunting subject. Software and hardware are an almost endless cycle of added features and functionality which can leave even tech-savvy business owners feeling lost. So, I think it’s timely that, during tech week I share some insights which will help you get the best from your technology and keep your business running smoothly.
BACKUP YOUR SYSTEMS
Most of us are aware we need to back up our data, but often it is performed as a manual process and it is so easy to forget, so having an automatic backup is crucial.
Have a minimum of two backups. One stored locally for fast data recovery and the other to a geographically different location, at least 5 miles away, so that if the worst were to happen, such as your building burnt down or your server and backup drive were stolen, your systems and data can still be recovered.
The cloud is perfect for your remote backup, this puts your business systems and data out of danger from physical disaster and still retrievable when needed. You will generally have to pay a monthly fee, but think of it as part of your insurance and business continuity.
Whatever backup solution you choose, it’s crucial you check, every day, that they work and that they backup everything they are supposed to – if an employee has deleted half your data, technically, the backup will still succeed, but you would end up with only half a backup!
It is essential that Anti-Virus Software is installed and up to date on all your computers and there are no exceptions to this.
There is a common misconception that Apple computers do not need Anti-Virus software, this is untrue and has never been claimed or agreed by Apple.
Without protection, ALL computers are vulnerable to virus attacks of all sorts, the most malicious of which encrypt company data, destroy or steal information.
Whilst Anti-Virus software is vital, we need to be equally aware that it does not stop everything, it provides one part of your IT systems defenses, not all of it.
Software manufacturers provide regular updates for their supported products. The updates fix issues with software and security vulnerabilities. There have been a number of high-profile examples of outdated software being the cause of system vulnerabilities, such as the well-documented WannaCry attack on the NHS in 2017. I can’t emphasise enough the importance of regular updates.
Keeping software updated, by promptly installing the manufacturer updates, should increase reliability, security and aid compatibility with Anti-Virus software, where relevant.
It is not always essential to have the latest version, as long as your software is under manufacturer support and does what you need, an upgrade can be planned for a later date and or version.
PEOPLE ARE A KEY PART OF THE BEST FIREWALL
Even if you take all the precautions outlined here, the sad fact is that you’re still not 100% safe.
No matter how good your systems are, hackers and virus creators are constantly finding ways around them.
One of the most common ways for a virus to get in to your business is by email, clicking a link, or opening an attachment, can instantly make your business vulnerable to attack.
Ensure your staff are trained to be vigilant and think before acting:
- Do you know the sender?
- Check the full email address, not just the sender name, is it correct?
- Is the email / attachment expected?
- Is the spelling / grammar a little off (often a clear sign something is amiss)
If your staff are in any doubt, alert IT support, do not click links or open any attachment.
Financial instructions, such as changing bank details or transferring money, should not be processed from an e-mail, always check verbally first, even when the e-mail is internal.
Email accounts are regularly hacked, then monitored for the ideal e-mail chain, the hacker will then insert their own e-mail, requesting a change, such as a new bank account. The email will come from the sender’s e-mail address and so appear very genuine.
Phone scams are also something to be aware of, Microsoft do not monitor your computer, neither does anybody else, other than possibly your company’s IT Support. Do not, under any circumstances, follow any instructions they give for your computer, refer them to IT support.
Obviously, your own IT support is an exception to this, but if you are unsure, ask to call them back, they will not mind. Never ask them for the phone number, if you don’t have it, look it up.
Vigilance is our friend, it may take a little longer, but recovering from a virus can take days, worse still, imagine recovering from a cleaned-out bank account.
If you are in ANY doubt, contact your IT support, trust me, they would much rather spend a few minutes investigating an e-mail, than days under pressure trying to recover your company’s IT.
PASSWORDS, IT'S ALL ABOUT LENGTH THESE DAYS
First the basics:
- Do not write your password down (unless you really have too)
- Never keep your password, near or with your system
- Make sure your password is not obvious or easily guessed
- Avoid using family, partner or sport team names on their own
- Change your password, at least every six months
Ideally, passwords should never be shared, but it happens. They should be changed immediately afterwards, especially when known by, for example, an ex-employee.
I’m sure you’ll have experienced being forced to use a combination of uppercase and lowercase letters, numbers and special characters in passwords, however, thinking has recently changed on this and its good news for users.
Modern hacking software cycles through every character as it builds your password. It is only a matter of time until it is cracked.
An 8-digit password will be cracked within 6 hours, regardless of the characters used. However, adding just 4 more digits to your password, will increase that time to 200 years.
If the system allows, why not use a password that is easier for you to remember, just remember to make it at least 10 characters, ideally 12 or more.
Password = $!d@12*8 – would be cracked within 6 Hours
Password = springislovely – would be cracked within 200 years
When security REALLY matters, use Two-factor authentication (also known as 2FA). This is an additional, one-time password, created by the system and normally sent to the user’s registered mobile or e-mail address to confirm their identity before giving access. This is a bit tedious, but makes hacking pretty much impossible, and is particularly worthwhile for banking applications in my opinion.
PROTECT YOUR DIGITAL SELF
When a hack is successful, it’s inevitable that any compromised usernames and passwords will soon be sold on – making your systems potentially more vulnerable to a second attack.
Worse still, if you have used the same username and password elsewhere, the hacker, and anybody that buys the list, will have access to your account on those systems too.
Ideally, use different passwords for every system you access, this is especially important for anything financial and your work.
Remembering lots of passwords is pretty much impossible. Using a password protected spreadsheet is one way of keeping tabs of them securely (as long you have a backup).
If this is impractical, I recommend memorising at least four, each very different from the others, and spread them across the following types of system: - Work, Financial, Paid for, Free. That way if one password does fall into the wrong hands, damage will at least be limited.
PROTECT YOUR SYSTEMS AND DATA
Outside of viruses and spyware, the most common incidents of hacking come from the inside, normally committed by a disgruntled previous or current employee.
In the hands of a competitor or malicious person, exposure of private or valuable company information can be devastating. But again, there are ways to mitigate against this:
- Make sure IT support are informed when an employee is leaving, so that system access can be removed at the appropriate time.
- Control access to confidential information restricting it only to people authorised to see it.
- Ensure confidential documents and spreadsheets are password protected.
WHAT TO DO IF YOU THINK YOU ARE BEING HACKED, OR HAVE A VIRUS
Stay calm and act fast:
- Close the internet (internet explorer, Edge, Chrome etc.)
- Shut down the Computer
- Call your IT Support
Modern virus attacks are generally very clever and people make mistakes. Train your staff, so that
IT support will understand that you might be embarrassed, I assure you they will be very grateful for your fast reaction. Never try to fix the situation yourself or hide it.
You won’t always know you have a virus, but if you think you may have clicked something suspicious, have a threatening message on your screen or notice file names changing, act fast.
SUPPORT AND INVEST IN IT
Great IT empowers your business and your employees, poor IT does the opposite and invariably increases the risk of your business being affected by many of the issues outlined in this blog.
To minimise these risks, create an IT strategy, aligned to the needs of your business. Ensure IT policies are defined for all areas that use IT, paying special attention to cyber security. Finally, the strategy should ensure appropriate levels of investment are always made in IT, for supporting, maintaining and improving your IT.
IT support forms a vital part of any IT strategy, ensure you have the right team, and / or partner, to provide the expertise needed, to keep your IT systems properly maintained and available."
Neil McCracken is Managing Director of ITSD, an enterprise level IT Support and Service provider for business customers.