In a recent blog post, I wrote about the MGM hack and how it was potentially conceived via a phone call from a hacker who posed as an MGM user, called the IT helpdesk and asked for a password reset ...
There are so many processes and procedures that we must now implement to minimise the chances and opportunities for a threat actor to plant malicious software or a ransomware program into systems, not forgetting your cloud-based application servers.
Don't be fooled into thinking that just because your systems are on AWS, Azure, HP Cloud, or Google they are safe from being encrypted by hackers. If you let people into your local systems, somewhere in your configuration will be the links and access details to your cloud-based data. If you do not lock these down with encrypted storage and decent passwords, then it is as good as not locking your doors at night.
Phishing, Vishing and Text Messages are now so commonplace in terms of threat actors trying to gain access to data and bank accounts that I cannot stress enough caution to you all. Your people need to have constant training and your IT provider may not have the skill set to deliver the messages as they may be too busy fire-fighting on a practical level to lock down your systems.
Also, from a cyber essentials point of view, your IT provider cannot be allowed to 'mark their own homework'. At least once a year you should have a network review by an external body and get penetration and phishing tests applied to your networks!
The third test that needs to be checked on a regular basis is that your backup files are actually backed up and that you can run from these in the event of a disaster. If your main database does get hacked and encrypted by a Ransomware attack, can your backup systems run without the risk of being infected with malware or ransomware?
With VoIP phones and, in the main, all other essential products moving to Internet Protocol (IP) based hardware, are you securing your networks and using some type of segregation such as VLANS?
Setting up networks is now more complex than ever and you need to ensure that your IT/Technology partner is up-to-date with the latest methods to minimise the risk of any threat actors gaining access to your company's in-house or cloud-based systems.
Over 70% of businesses fold within two years of a major disaster as data is not backed up effectively and very often, non-existent as the back-ups have not been completed nor tested on a regular basis.
Find a good independent consultant who knows the market place and they will be able to advise you as to who the movers and shakers are in the IT arena.
If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.