On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin. This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege vulnerabilities within the Windows Installer.
Fast forward 2 weeks and a new threat exists that utilises the same section of code – and as a zero day exploit it doesn’t have a fix yet. This is the sort of threat that could be used to take over your systems and then encrypt data, steal information or set up a “man in the middle attack” allowing hackers to steal your hard earned cash.
As a business owner what do you do?
The number and severity of threats has increased over the last 2 years and shows no signs of slowing down anytime soon. It doesn’t matter if you use Microsoft, Apple, Linux or Google devices they all have regular threats that can be used against them. No matter how many fixes are released there is always another one waiting behind the scenes, so it is time to approach security proactively.
Most threats, including this one, require an initial “way in to your system” before they can be used. The most common way to attack a system is to use existing malware or to try to introduce malware using phishing emails. It stands to reason that protecting your systems generally means you are less vulnerable to many of the zero-day attacks.
Top 10 tips to secure your business IT systems
- Utilising a decent antivirus goes a long way to protecting you from existing threats. Beware, they are not all equal and which one you use depends on your requirements.
- Many threats are introduced onto systems by email. Using a good quality filter that removes threats and spam before it is delivered to your mailbox is an absolute must.
- Filters can still let occasional phishing emails through so training staff to recognise these is an excellent secondary defence
- A password manager will ensure all passwords are complex and unique for every application and website. Using multifactor authentication for all accounts ensures the chance of these being hacked is massively decreased.
- Using a good quality firewall (often called a router) and ensuring it is patched every month will also add another layer of security to your business.
- Patching your computers on a weekly basis will ensure the latest fixes are applied to close-down these threats.
- Having a documented access policy within your business and ensure people are limited to the data they need.
- It sounds obvious but removing ex-employees from your system is very important – we are always surprised when we take over new systems how many ex-employees are left active.
- If you and your staff remotely access computers it is worth adding an additional authentication method to prevent a hacker using a brute force attack.
- Finally, make sure your data is backed up into a cloud account and not accessible without passwords. Ultimately having a backup you can depend on may save the day if your system is compromised.
How much does Cyber Security cost?
You may be surprised to hear that many of these tips can be implemented very cost effectively – for instance many businesses we work with are able to implement tips 1 through 5 for less than £10 per user per month. Furthermore, you may find that your cyber insurance policy reduces in price if you get adequate systems in place.
Arrange a Free Cyber Security Consultation
Do you want to know more about securing your business from cyber attacks? Absolutely PC can support you with a range of cyber security solutions designed to suit your requirements and budget.
To get started on your journey to securing your business, contact us on 0117 975 9523 or book a 15 minute free consultation with one of our security experts today.
GUARANTEE: I promise that there is no hard sell and no complex geeky terms, just great advice to help keep your business operational.