IT Security constantly evolves to help protect client’s data and systems from unwanted access. For most businesses, the IT systems used will include file storage, email & database. Typically word, excel, PowerPoint to create documents and store client information in databases (often called a CRM – Customer Relationship Manager). What the business might not see is layers of protection which help prevent the data being corrupted, stolen or held to ransom. Even if an attacker gets through one layer, there are more layers which help protect your systems.
When we setup our clients’ systems, we will setup multiple layers of protection. Connecting the business to the internet, by proving a router which is designed to share the Internet connection between the staff on the site.
The router will act as a firewall to help prevent intrusion. The firewall is just one of the security layers to help protect the client. Rules on the firewall allow and deny both external and internal traffic. Allowing Internal users access to external websites or email servers. External access to the businesses server. The firewall may also provide VPN services for the users. The firewall cannot stop a user from inserting an USB stick with malware or block spam. It is worth noting that some advanced firewall devices will offer more protection services than a basic firewall, including web filtering and deep packet inspection. These services are additional layers which can be used to protect network users.
Most of our clients will have email provided via Microsoft 365. The email service itself has multiple layers to help protect your email from spammers or malicious attachments.
Microsoft’s 365 uses multiple data centres in strategic locations around the world. On the Microsoft platform, not all your data is held on a single server or in a single location. Emails can be transmitted through multiple servers each with their own tasks. Some of the servers will be providing spam filters and blocking viruses or malware and storage of your email data. You can add 3rd party spam filters who have more layers of security which can spot more spam.
End Pont Protection
All devices that are connected to the Internet should be protected using an End Point Protection software (AKA Antivirus). Many companies provide solutions for protecting against Viruses, Malware, Ransomware, Key loggers and Trojans. They can provide a high level of protection against known threats. As new threats are released, the antivirus software is only good for protecting threats which its update has in its database. Some Antivirus software will run additional services which send the files back to the supplier for further investigation. This may prevent you working but it is often safer to wait while the file is investigated.
Backing up data provides a number of protection layers. The backup is a point in time (ie 10pm daily) capture of the data.
- Accidental deletion, file corruption, hardware failure & file encryption you can restore the data from the last backup.
- Input error has been made, then restoring it back to a earlier backup maybe required.
Testing your backups by restoring some data at regular intervals is essential as this tests to ensure the correct data can be restored and that the backup process is working.
We recommend multiple backups:
- snapshots throughout the day
- offsite out of hours.
The time it takes to restore data is often a critical factor. Internet based backups can be restored however it can still be faster to restore from tape or external disk if you have a slow Internet connection.
Additional layers which we can provide include:
- Power – surge protection and UPS to maintain power during outages.
- Network failover – providing a second connection to the internet via 4g or DSL.
- Least privilege access – setting access rights for users to only the systems the need
Security Awareness Training
The final and most important layer is the user. Protecting your data is not just the responsibility of the IT department. Training for your staff is critical, helping them spot spam or emails which pretend to be a director asking them to transfer £5000 to an account which is unusual practice could save a lot of money and embarrassed staff. Ensuring they do not provide their email account passwords to 3rd parties and follow good password practice and don’t use the same passwords on business systems as home systems can prevent your data being encrypted.
The number of layers of protection you need will depend upon the systems you have in place. If you would like to know more or discuss how we can help protect your business, please call or contact our IT consultants on 0333 332 6600.