As businesses place more reliance on technology for their day-to-day operations, the risks associated with data breach or compromise and their potential impact on business operations are also increasing. Threats are diverse and fast-changing; ranging from simple ‘phishing’ e-mails to full scale network breaches gaining business critical and sensitive data.
At Stephens IT, we support and engage with a wide and varied customer base, from standalone single networks to multi-national corporate WANs. With notable differences in customer set-ups, we are constantly advising and consulting our customers on their individual security approach, all of which can take many different forms and are bespoke to each individual business.
Services we offer:
- Network Penetration Testing
- Anti-virus and Malware Protection
- Firewall Management
- Updates and Patching
With cyber threats on the increase, we are helping our customers understand and modify their systems to mitigate the risk of any attack or breach. Here are a few key points to note:
- User education is key. End-users are often unaware of the level of threat that even clicking a link on a phishing e-mail can subsequently lead to, so enhancing user knowledge of different types of attacks and strategies can be helpful to reduce the risks of compromise.
- Implementing basic security policies. We often find many business and corporate networks attempt to deal with security by installing firewalls, which are typically un-monitored. Simple policies can have a drastic impact in improving the security and vulnerability of an IT network – some commonly un-used policies include:
- Local administrator rights given to standard users
- Shared drive / data permissions and controls are up-to-date
- Procedure for reviewing / actioning Anti-Virus scan results / errors
- Re-direction and security of user profiles and user data
- Implementing Ctrl+Alt+Del start up requirement
- Login policies and scripts to specifically control user / network data
- Firewall protection and active and monitoring / reviewing threats
- Assigning roles and responsibilities to either internal teams or external, outsourced consultants is another area we find customers also do not evaluate until threats are realised. Clearly identifying the various roles of security within an IT infrastructure can be complex – with various providers, systems and experts needing to work coherently across all areas of the infrastructure to perform a clear security strategy and procedure. Often internal teams assume that external consultants are actively monitoring firewall traffic and investigating anti-virus logs, when this isn’t the case. Oftentimes, consultants will provide re-active services on a break / fix model rather than preventative monitoring solutions which are aimed at discovering threats before they arise.
To find out more about our security services, please contact us.