This content is courtesy of our friends at SkyPoint Technologies.
With the recent cyber-attacks including at the Waikato DHB in 2021, and the associated media coverage, cyber security has become front of mind for both large and small organisations here in the Waikato and throughout New Zealand.
Attacks on organisations are increasing and becoming more sophisticated. If an organisation falls victim to a cyber-attack, it can cause significant business impacts including damaged reputation, sensitive information including intellectual property being leaked, and financial loss.
SkyPoint considers security to be of paramount importance for all customers and works hard to ensure there are good systems in place to protect all customer networks.
This is an important discussion for every business and we would be more than happy to meet with you to talk it through.
The importance of a response plan
Having a well-documented plan around cyber security is an important consideration for any organisation. This plan will answer common ‘what if’ scenarios to identify risks, safeguards & procedures that need putting in place.
Communicating these procedures so that all staff in an organisation are aware of what’s expected of them in a security event is equally as vital and can help reduce stress.
Five key areas to keep your systems secure:
1. Endpoint Protection (Antivirus and Antiransomware)
Every workstation including laptops and desktops should have endpoint protection installed and kept up to date.
2. Strong Passwords and 2-Factor Authentication
Long, complex passwords with a combination of letters, numbers and symbols are ideal. These passwords should be unique for each service. In order to make the management of these passwords easy, we recommend using a password manager. A password manager securely stores all of your unique passwords and you just need to remember the 'master password'.
2-factor authentication should be implemented for all key applications including email (Microsoft 365), accounting (Xero, MYOB etc) and CRM. Securing Remote Desktop Services and VPN connections with 2-factor authentication is recommended. If a password becomes compromised, 2-factor authentication acts as an extra identity check and verification.
Multiple onsite and offsite backup systems which are regularly tested and verified. With a good robust backup system in place, information can be recovered from multiple locations if the primary source is ever compromised. SkyPoint recommend cloud-hosted (offsite) backups for all key systems. This protects against attacks and also events, such as building fires, floods and physical theft.
4. Security Awareness Training
The most common method attackers use is 'social engineering'. This is when an attacker tricks someone into handing over sensitive access or information by posing as a trusted third party.
Security awareness training can be run with your team to educate them on common threats and methods. This includes running a 'fake phishing' email campaign to test your team's ability to identify threats. A report will be made available to highlight any staff that could benefit from extra cyber security training. The staff can then work through automated online training modules and tests to educate themselves on the risks.
5. Security Updates
All commonly used software should be updated regularly so that the latest security patches are implemented. This includes updates for the Windows operating system, Antivirus products and any other business applications. SkyPoint recommend automating the update processes for servers and workstations.
If you’d like to find out more, get in touch with the SkyPoint team.