Freethought have a wealth of experiance dealing with SME information technology issues. I thought it would be good to put together a list of the top ten common issues we see to help you navigate away from them!
Users running as privileged accounts
Normal staff should never run as 'administrator' level accounts. Any breach will get full control if the user is already admin and the damage can be signifcantly worse!
Backups are key for bringing data back in the event of an incident. The lack of checking, testing, and verification is the primary reason we see for issues but another key issue is when the backups are taken out by an attack. Have you ensured your backups will work? Are the backups themselves protected?
Out of Date Software
Vulerabilities in software are one of the most common ways the bad guys get in. Is your Adobe and Chrome up to date? Are you ignoring those prompts to update a critical piece of software whilst you finish what you are doing?
Windows Patches not applied
Similarly Windows needs regular patching to keep secure. Do you have a way to report and ensure your company is fully up to date and secure? Are you or your users repeatedly clicking the button to update later, not now, another day?
Lack of Training
Staff not really knowing how to spot a threat is a huge issue. The 'human risk' is amongst the biggest threat vectors and by simply not training your staff you are potentially opening up a big risk. Staff need to be trained how to recognise a phishing email, or how to spot a fake invoice scam email, or even how to verify a request from an apparently internal email.
Lack of Logging Reviews
You have your security all in place, you have your patching done, your anti-virus is up to date; but do you check the logs? Not knowing which staff are most at risk with behaviour or which devices are being attacked leaves a lot of risk. Simply reviewing and acting on that logging data will help ensure you are kept as secure as possible.
Misconfigured Security Products
Anti-virus turned off or allowing things through? Firewalls turned off? Web filtering being bypassed by staff? All these allow massive holes in your security posture. It's great having the products in place but you need to ensure they are configured correctly and not easily bypassed when deemend an inconvenience to be effective!
No multi-factor authentication
The simple act of enabling multi-factor authentication, or MFA, is one of the biggest improvements in security you can make and best of all it adds very little friction in the staffs day to day work. MFA just means that occasionally when they authenticate they need to put a 6 digit, time limited code in too. Very easy to do, and very secure! Plus most users are already used to some form of MFA with their social media accounts.
No Incident Response Plan
An incident response plan is crucial to recover in the least disruptive way possible, if the worst happens what do you do? Knowing exactly what the plan is allows you to rapidly follow your chosen steps, know who to inform, where to get the backups from, where to restore to, who to inform and whole lot more. This plan wont stop you getting affected but greatly reduces the actual impact should it happen, and means if it does you can begin recovery quicker.
If you would like Freethought to help keep your business safe why not get in touch, the first consultation is free!
This guide was originally sent to our email subscribers along with 5 more tips! To make sure you catch all the news, guides, security tips and help with your business IT simply drop your details here: