As businesses place more reliance on technology for their day-to-day operations, the risks associated with data breach or compromise and their potential impact on business operations are also increasing. Threats are diverse and fast-changing; ranging from simple ‘phishing’ e-mails to full scale network breaches which gain access to business critical and sensitive data.
At Stephens IT, we support and engage with a wide and varied customer base, from standalone single networks to multi-national corporate WANs. Each customer setup is different and therefore we are constantly advising and consulting our customers on their individual security approaches, all of which are bespoke to each individual business.
Services we offer
The Cyber Essentials Certificate
The Cyber Essentials scheme addresses the most common internet-based threats including hacking, phishing and password guessing, helping organisations protect data stored on devices that connect to the internet such as desktops, laptops, tablets, smartphones and all types of server and networking equipment.
The certificate verifies that we have met the appropriate standards set by Cyber Essentials to demonstrate the security of our IT systems. These include the following:
- Secure configuration
- User access control
- Malware protection
- Patch management
With cyber threats on the increase, we are helping our customers understand and modify their systems to mitigate the risk of any attacks or breaches.
Here are a few key points to note:
- User education is key. End-users are often unaware of the level of threat that even clicking a link on a phishing e-mail can subsequently lead to, so enhancing user knowledge of different types of attacks and strategies can help to reduce the risks of compromise.
- Implementing basic security policies. We often find that many business and corporate networks attempt to deal with security by installing firewalls, which are typically un-monitored. Simple policies can have a drastic impact in improving the security and vulnerability of an IT network – some commonly un-used policies include:
- Local administrator rights revoked from standard users
- Ensuring shared drive/data permissions and controls are up-to-date
- Implementing a procedure for reviewing/actioning Anti-Virus scan results/errors
- Re-direction and security of user profiles and user data
- Implementing Ctrl+Alt+Del start up requirement
- Login policies and scripts to specifically control user / network data
- Firewall protection and active and monitoring / reviewing threats
- Assigning roles and responsibilities to either internal teams or external, outsourced consultants is another area we find isn’t evaluated by customers until threats are realised. Clearly identifying various security roles within an IT infrastructure can be complex, as this requires different providers, systems and experts to work coherently across all areas of the infrastructure to perform a clear security strategy and procedure. Often internal teams assume that external consultants are actively monitoring firewall traffic and investigating anti-virus logs, when this isn’t the case. Often, consultants will provide re-active services on a break/fix model rather than preventative monitoring solutions aimed at discovering threats before they arise.
To find out more about our security services, please contact us.