Skip Ribbon Commands
Skip to main content

How To Stop a Hacker

Limiting business exposure to cyber crime

Andrew Walman

09/03/2017

More than half of UK businesses suffered from some form of cybercrime attack in 2016.

With the rise of ransomware as a way for criminals to make money from viruses, and more connected devices being used in business than ever, the likelihood of your business suffering due to cybercrime is higher every day. If you haven’t been hacked already – you will be soon.

 

Encounter rates for significant malware categories

Trojans are the most encountered malware through 2015, the exploits through which ransomware is then planted.

From 2016 Trends in Cybersecurity – Microsoft

Thankfully, there's some easy steps you can take to ensure your business never gets hacked:

  • ​Turn off all your PCs, laptops, servers and phones
  • Move your business to a cabin in the woods

You may find customers are reluctant to visit your cabin, particularly in the winter months. And the bank may not accept smoke signals as a means of communication. So how do you secure your business against hackers without going off-grid?

 

​1: Prepare To Be Hacked​​

It's inevitable. At some point in the future, even with the best cyber-security in the world, your company will be hacked. Virtually every large corporation in the world – including those whose business it is to combat hackers – has been hacked, and chances are, if you haven't been hacked already, you will be soon. Make sure you minimise potential losses be being prepared:

  • Check your backups: make sure you are backing up all your business data, and that these backups are kept separate from your regular data – either physically (such as removable media) or virtually (using a cloud backup system). Retain multiple backup points, and ensure critical data is backed up several times a day. If you do get hacked, the simplest way to recover is simply restore from backup, than to try and cleanup corrupted files or work out what's missing. With a ransomware attack, restoring from backup is often the only option – other than paying up.
  • Have a disaster recovery plan: with a good backup regime in place, work out how you would respond to an attack – which systems to recover first, which employees need to take action, how to communicate with your customers and staff. Rehearse the plan regularly, and improve it as systems change.
  • Know your data: work out where you have vulnerable/sensitive data, and what can be done to reduce its vulnerability. Delete old records and files – you don't want to be securing anything you don't need, nor explaining to customers that last bought from you 10 years ago, why their personal data has been compromised. Compartmentalise your data so it can't all be accessed using the same method or username. Ensure the most sensitive data is harder to access, is encrypted, and access is audited.
 

2: Reduce Your Exposure

Hackers go for the easy targets. Make things hard for them, by reducing your "attack surface" and actively looking for vulnerable spots that could be exploited - then remove them.  

  • Outsource your utility IT: Email is the primary source of malware within any organisation. Your company gains no competitive advantage by maintaining and securing its own email infrastructure, its just a sinkhole for IT resources and money. By outsourcing your email system to a specialist provider, you benefit from an email system that is constantly updated to be secured against the latest threats, is designed to be highly available – and will be more economical than trying to achieve the same features in-house. The same goes for other "utility" systems, such as backup, telephony, and archiving.
  • Secure your endpoints: PCs, mobiles, laptops, Macs – they all connect to your company infrastructure, and increasingly, they don't fall under company control as people bring their devices into the workplace, work from home, or use their mobile for business emails and apps. Make sure every device that connects to your network is patched, has the latest anti-virus signatures, uses encrypted storage, and only allows authorised people to use it – if not, don't let it connect. Consumer devices (non-domain) are twice as likely to encounter threats as enterprise machines (2016 Trends in Cybersecurity – Microsoft).
  • Don't forget the backdoor: or more usually, the front door, as people walk into your reception, and attach whatever they like to an open network port, USB slot, or just slurp your WiFi. It's easy to concentrate on the online threats, and forget the physical security – often a hacker can steal far more, with less effort, by walking into a business than they can sat at home. And hackers don't have to be strangers – the biggest threats can come from within your own staff, who know where your most valuable data is.​
 
 
Malware and unwanted software encounter rates for domain-based and non-domain computers

Consumer devices are more than twice as likely to encounter malware than enterprise devices​.

From 2016 Trends in Cybersecurity – Microsoft

3: ​Take Advice

By reading this far, you’ve already shown you’re open to new ideas about how to protect your business. The next step is to engage an IT consultancy to further improve your cyber security. As consultants, we’ve seen many types of business, many threats, and many attacks. We can bring our experience of securing against hackers, recovering from attacks, and reducing threats to your company.

Fuse can implement the technologies needed to reduce your exposure to threats, and to recover quickly from a successful attack – often for far less than recovering from an attack without these technologies in place.

 

You can never stop every hacker. You can prevent your business suffering from hacking.

Contact us today to discuss how.

​​​
​​

 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

Common Misconceptions About ROT (Redundant, Obsolete and Trivial) Data327<p><strong>​​1.</strong>&#160;&#160;&#160;&#160;&#160;&#160; <strong>My company has no ROT! </strong><br><strong>&#160;</strong><br>You know that your compliance manager has put in endless policies to ensure that all employees are informed of what is relevant and when they should be saving documents. You think you have ticked the box and all your staff are following the process.&#160; The reality is that employees are hoarders.&#160; It includes everything from anything to emails, photos and HR records. They worry that they won't be able to find something instantly so they save it to their desktop. They then set up a new folder on their &quot;O&quot; drive for all their personal photos and articles that they want to keep; just in case they might need it one day. Multiply this by the number of employees you have and you suddenly have a big problem. There are lots of horrifying statistics that you can find on the net with case studies of companies finding up to 70-80% of their stored data is ROT.&#160;&#160; </p><p>&#160;</p><p><strong>2.</strong>&#160;&#160;&#160;&#160;&#160;&#160; <strong>&#160;</strong><strong>I have invested in special hardware that detects duplicates!</strong><br><strong>&#160;</strong><br>Whilst this is in part true, this type of hardware will only solve part of the problem.&#160; It won't handle documents that are earlier versions, trivial items, or policy documents that are out of date. </p><p>&#160;</p><p><strong>3.</strong>&#160;&#160;&#160;&#160;&#160;&#160; <strong>My organisation has been operating well for years without having to think about ROT!</strong><br><strong>&#160;</strong><br>This may be the case but just because you haven't thought about it before today doesn't mean it's a good business decision to not starting thinking about it. Why wouldn't you want to make your business more productive and operate more smoothly? Excess ROT means you are paying more for your data storage. Your employees spend more time searching for important data reducing their productivity and it fills up search results and data libraries. If an employee leaves they leave their ROT too, putting obstacles in the way of retrieving data for the employees they have left behind. Whose responsibility is it in your organisation to delete all unnecessary data when an employee leaves? </p><p><strong>4.</strong>&#160;&#160;&#160;&#160;&#160;&#160; <strong>Data storage costs are part of our running costs and there's no point worrying about it!</strong><br><strong>&#160;</strong><br>Data storage costs are an unavoidable running cost as most organisations can't live without it. The costs don't stop with just the storage of the data but include managing it, backing it up and if your servers are on premise you have added cooling costs and electricity bills to think about. There are some amazing statistics on the net that show that when IT companies have gone in to &quot;sort out&quot; unmanageable systems that up to 80% of data has been ROT. Slashing your running costs by 80% suddenly becomes a bit more attractive. </p><p>&#160;</p><p><strong>5.</strong>&#160;&#160;&#160;&#160;&#160;&#160; <strong>It's too difficult and time consuming to get rid of the ROT!</strong></p><p>In most organisations, it's down to the end user to get rid of their ROT. Unfortunately, the reason the ROT exists in the first place is down to the end user so it is unlikely they will be able to rectify it. Don't forget, as already mentioned in the first paragraph, they are hoarders. Tackling ROT is easy; all you need is key decision makers that can identify the ROT and then use the correct technology to identify, process and remove it. </p><p>&#160;</p><p><strong>6.</strong>&#160;&#160;&#160;&#160;&#160;&#160; <strong>I don't need to worry about ROT till the new GDPR comes in next year!</strong><br><strong>&#160;</strong><br>It might seem like ages away but at the time of writing this it's only 304 days away! Take out the weekends and it's 218 days away and this isn't including bank holidays and closure of businesses at time like Christmas. The GDPR is an excellent incentive to get your data house in order. The excellent news is that many customers who have already moved their data to the cloud are already on the way to addressing the problem of non-essential data. This is due to them addressing the problem already when migrating their data to the cloud. IT consultancies ensure that the data is analysed prior to migration and reports are then given to key decision makers to generate policies to delete the ROT. Data can be analysed according to age of the document, author, type, health references and many more.</p><p>&#160;<img align="absMiddle" src="/SharePoint/PublishingImages/Blog%20picture.jpg?Width=380&amp;Height=259" alt="" style="border-width&#58;0px;border-style&#58;solid;margin&#58;5px;" />​</p><p><strong>7.</strong>&#160;&#160;&#160;&#160;&#160;&#160; <strong>How do I know if I will ever need that piece of data again! Getting rid of ROT makes me nervous!</strong><br><strong>&#160;</strong><br>This is where senior management need to make decisions in line with their policies. Policies not there? Put them in place. Deleting data makes people nervous but if you have robust policies in place you can be confident that the data can be searched using metadata against the parameters you choose. Do you really need past employee HR records? Do you need the earlier versions of every document that is produced? Do you want your databases clogged up with your staff's personal photos and music downloads? Do you want to keep marketing lists that are ten years old? Or 7 years old? Do you need old branding logos and documentation? The list goes on and on. Once you start thinking about it in smaller manageable chunks, the decisions become obvious and less nerve racking. Be confident in your policies and you will become confident in the documents and records that are managed by your organisation. <br>&#160;</p><p>If you have any further questions on this article or the subject of ROT call Fuse on 01604 797979 or email fuse@fusecollaboration.com</p><p>​</p>l.ozier@fusecollaboration.com | Louise Ozier | 693A30232E777C6675736563735C6C2E6F7A696572 i:0#.w|fusecs\l.ozier<img align="absMiddle" alt="" src="/SharePoint/PublishingImages/Blog%20picture.jpg?Width=380&amp;Height=259" style="BORDER&#58;0px solid;" />02/08/2017 23:00:002017-08-02T23:00:00ZFurther to our previous blog discussing the benefits of clearing out your ROT and explaining why it’s important to start thinking about it, this article is answering some of the common misconceptions surrounding the issue03/08/2017 14:22:5894https://www.fusecollaboration.com/ourblog/Pages/Forms/AllItems.aspxhtmlFalseaspx

 Contact us

Our address
12-14 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us