“I’m really concerned about data breaches resulting from these kinds of inadvertent clicks. I’m usually very vigilant and I still get a ton of these kinds of solicitations but most are more obvious. It’s clear that someone has access to my contacts because most of these attempts come under someone’s name that I know. In this case, he often sends me little links and videos and stuff that he thinks I’d be interested in so I was caught off-guard. My concern is if it can fool me, surely we have others clicking on things they shouldn’t. I asked a few years ago about staff training for internet security. I think we should circle back around on this. Can you do some research and see if there is anything available in the way of a power point presentation that we could put all our employees with access to a computer through? This is an area of grave concern to me. “
I got an email from a very smart president of a company who’s email perfect explains the concerns of the current state of security in small business. He outlines that the main problem is that it only takes one click from someone in his organization that could possibly have dire consequences.
One moment of weakness is all it takes.
The sad realization is that with phishing emails, ransomware, bots, Microsoft macro viruses and everything else is that with say 40 users, it’s not if someone clicks on something the shouldn’t it’s when. Most small businesses have users with varying levels of computer competency and all of them should be protected by your IT department. When someone clicks on something, they shouldn’t it doesn’t have to be the end of the world. Here at Dataforge we insure it’s not.
The best defense is a good offense
When I say offense, I mean effectively implementing security standards in your organization that will put different security benchmarks in place that will help defend you and your employees. We have put together a basic list of solutions that can help you raise your level of protection.
Email Security
One of the most common questions I get is the old “is this email legitimate?” and the answer is usually no. There are spam and phishing emails trying to sell products and services and or trying to get your usernames and password, or even worse – your credit card number.
One of the most common questions I get is the old “is this email legitimate?” and the answer is usually no. There are spam and phishing emails trying to sell products and services and or trying to get your usernames and password, or even worse – your credit card number.
Our customers have seen success with our spam, phishing and virus filtering. We have also recently started implementing solutions where we reject the top spam and virus sending countries. This will limit the amount of emails coming in and if a small business doesn’t do business outside of Canada, there usually isn’t a need for email from Russia, Brazil, China and others.
Here is a quick list of the top spam creating countries.
#1 China
(9.8%)
#2 Brazil
(8.5%)
#3 United
States (6.9%)
#4 Russia
(6.7%)
#5 India
(5.8%)
#6 Germany
(5.3%)
#7 Turkey
(4.3%)
#8 Italy
(3.6%)
#9 South
Korea (3.4%)
#10 Vietnam
(3.3%)
#11 Great
Britain (3.3%)
#12 Spain
(2.9%)
#13 Poland
(2.8%)
#14 Argentina
(2.2%)
#15 Colombia
(2.1%)
#16 Taiwan
(1.9%)
#17 Ukraine
(1.8%)
#18 France
(1.7%)
#19 Mexico
(1.5%)
#20 Saudi
Arabia (1.4%)
#21 Chile
(1.4%)
#22 Thailand
(1.2%)
#23 Indonesia
(1.1%)
#24 Israel
(1.1%)
#25 Romania
(1.1%)
Credit to Project Honey Pot
As you can see, rejecting these countries on your spam filter can drastically lower your spam and infection rates. Of course, we can white-list any organizations in these countries if you do business with them. As an IT provider we never want our solutions to get in the way of you doing business.
Active website filtering
It isn’t humanly possible to know what sites are bad or malicious. In some cases, a small business needs a filter for their computers to protect them from clicking on links by rejecting the user’s ability to visit known sites that spread malware, popups, etc. With these solutions we also have the benefit of user groups based on rolls.
We can allow public terminals to have limited access to the internet – think lunch rooms, public terminals, etc. The filter can also block the default non business related topics like gambling, firearms, pornography, social media and all the other topics that your employees don’t really need access too.
When it comes to user tracking, we have found that most employers really don’t mind if one of their users uses their work computer to check Facebook on their lunchbreaks. They would, however like to know if one of their employees is spending four hours a day on Facebook. Having the ability to check up on user’s web usage while at work is something that we have gotten positive feedback about.
Really, it usually comes down to just having the visibility. Once the infrastructure is in place organizations can start implementing their own web usage police to fit their needs.
User education
Another solution that can help is user training. There are solutions out there that will send your users emails that encourage them to click on links. When a user clicks on one, they will get a notification that they shouldn’t have and then mark them for training or send them information related to what they clicked on to help raise your employee’s security focused learning. This in the long run will help your users get better at identifying bogus emails that are sent to them and thus reduce your organizations security exposure.
Endpoint protection
If all else fails, you need an endpoint protection over basic antivirus. It is a little more expensive but gives you much better coverage. You get all the benefits of antivirus with the bonus of data control, centralized management, reporting, notifications, data encryption and others. Endpoint protection really takes protecting your business to the next level. If a user gets an infection on your computer Dataforge will know about it and look over the machine. You won’t have ransomware encrypting your files endlessly while no one is aware of it.
Even if one of your users somehow gets to a shady site that isn’t blocked by the spam or web filter, the likelihood of the machine being infected – or your network is drastically reduced.
Using a password policy
Changing our password and not using the same one for everything thing online is very helpful. With all the recent data leaks the people trying to hack you are getting a very large bank of commonly used passwords. If they can figure out what that is and someone is using the same password for different online service, then the attacker has found the key.
Changing your passwords every year or even better ever courter gives your business a much stronger security defense. If something gets on your machine or someone tries to guess your passwords – it’s much harder when the passwords are changing every so often.
Daily, reported and confirmed backups
If something does happen that’s not usually the end of world. You IT team has a responsibility to have proper backups in place to recover any infected or damaged data so your business can keep doing what it does best. We have a lot of backups that are either not working or not being checked properly. When it comes to backups, two is one and one is none. Trying to pull data from backups that simply isn’t there doesn’t work for anyone. That’s why here at Dataforge we have someone who checks and confirms nightly backups every day. That’s right, it’s done by a real person – and his name is Adam.
These are just a few of the solutions we use here at Dataforge. We have found that security is an on-going job and you must be reviewing your process and systems to ensure that your organizations security policy is being followed.
If you are convened about your business’s security, You can always give us a call at 905-632-9918 and we would love to start the conversation.
HI! I’m Dave – I am an old school / hardcore computer geek. I’m also the General Manager at Dataforge. I am big into IT and small business development with technology. I want your business to grow and in turn, let me support your business and implement cool IT solutions. Dataforge is a family owned and operated computer repair and IT Services Company that covers Burlington, Hamilton, Oakville, Milton and the Greater Toronto Area.
Dave Forsyth
T: 905-632-9918
E: davef@DataforgeCanada.com