2014 has been cited by several security firms as being a record year for malware, with projections for 2015 not looking any better. This, among other reasons, is why Plummer Slade, Inc. makes security our number one priority. It is important to install the appropriate hardware and software to guard against unwanted intruders, but it is just as important to educate employees about risks and implement strict policies in order to really protect your company.

It seems like a normal day until one of your staff members gets an email from what appears to be a legitimate source, asking them to follow a link or open an attachment. The employee clicks it and almost immediately their computer slows down to molasses speeds as packages of malicious software are being unloaded onto the PC.  In this particular case, the employee has no clue their computer has been breached until they try to access certain files that have been encrypted by the hacker who is now demanding payment in Bitcoins in order to release the files. Fixing the damage takes valuable time away from the user and money away from the company, all of which could be avoided if users are trained to recognize threats.

 Patch Management

Patches are updates, or modifications to existing program codes. Patches can be applied to fix program bugs, performance issues or fix security vulnerabilities. For example, Microsoft just released an update that addresses an issue with their encryption protocol that leaves users’ communications open to interception. Not only did Microsoft release a patch for the FREAK encryption problem, but also updated a fix for a worm that was patched five years ago, a testament to the constant evolution of threats.

Patches should be applied monthly on file servers and weekly on PCs to ensure both maximum security and optimization. Users must also make sure that their operating systems and programs are up to date and versions that are still supported by the manufacturer. For example, Windows has released version 8.1 and no longer supports version 8.0. This means users still running 8.0 will no longer receive updates until they upgrade to the latest version and can be at risk until they do.

 Policies

Some of the most important security measures are also some of the simplest.  Implementing strict password policies requiring users to change their passwords regularly and adhere to a standard of password sophistication is the first step to data security. There are websites that will rate passwords by the time it would take a hacker to decode a bad password, the times are usually expressed in milliseconds.

It may also be time to reevaluate your firm’s “bring your own device” policies, as a large number of breaches are caused by lost or stolen equipment. Devices owned by employees should be treated as if they are owned by your company, requiring strict password policies and regular patches and updates. You may also consider encrypting these devices for an added layer of protection against potential thieves and cyber criminals.

Internet policies that limit a user’s access to specific sites or sites of certain content will greatly reduce the risk of malware infection. This includes what is deemed as appropriate use of official company email. Again, these safeguards are as simple as writing rules for users and using software to lock down and monitor internet usage.

Education

Even with sophisticated safeguards in place, a network is only as strong as its weakest link, or in this case, user. Not all hackers and malware take the big bad wolf approach by huffing and puffing, trying to blow your security away. Some malware can be better described as vampires, as they use tricks and disguises in order to be invited into a user’s computer where they then cause havoc. By educating yourself and your staff to identify suspicious material and avoid risky activity.

Incoming threats from the internet are only becoming greater in numbers and sophistication, there is no denying it. Combating these threats are not as simple as installing one antivirus software and a spam filter and hope hackers are deterred by the sign in your virtual yard stating “this server is protected by____”. True protection comes from regular services, strict policies and users that have been educated in identifying and deterring incoming threats.  If you have any questions or would like assistance with implementing data security policies and safeguards at your firm, contact Plummer Slade at 412-261-5600.