83% of breaches come
from human errors
Your systems are targeted 24/7,
even when you sleep
Always be prepared
In case of disaster, have
a plan to recover quickly
IT Security when and where it is needed
You are in the line of fire, constantly!
Every day your employees receive hundreds of emails and amongst them,
of CEO are worried about
their IT Security and risks
Expect to be covered by their in-house IT Team
of IT managers lack budget, knowledge, expertise
of Ransomware victims had up-to-date antivirus
People are your greatest risk
Your staff has never been trained to handle security threats, however, you expect them to react appropriately if an incident happens, and you certainly don't think they could be the cause of it.
83% of security breaches are due to human error, and most of the time, with the employee not even being aware of the incident.
Training your people should be your first line of defense
Give your staff a SafeComs certificate of IT Security awareness
You would never expect your staff to drive on a busy highway without a license and a proper training.
However, in IT, data and computer security we let employees exchange files, receive messages and respond to requests and solicitations, and we give them access to our network which contains the most valuable part of our company.
Most of the time, all of this happens without any clearly defined procedures, verified rules and processes, tested knowledge or pre-training.
The odds are not on your side
IT security is not a fair game.
You need security monitoring but often your in-house teams are too busy fixing desktops, server issues, and network problems. At the same time, you must lock every single way to protect your perimeter, you cannot leave any gate unattended, and you must be aware 24/7, 365 days.
You also have dramatically
On the other side of the field are the hackers, who are extremely bright, with the most sophisticated tools, well hidden, and they have all the time on their hands, as they are patient. They are also very motivated as they know that this exercise will when it succeeds, pay very well
Build a culture of transparency
Reward the disclosure of mistakes
When an incident happens, the normal reaction for staff is to cover it up and try to hide it, fearing the consequences. Avoid cultivating blame for incidents and foster a culture of disclosure when something suspicious happens.
Employees will learn from their peers if they are able to talk about the incident and if they can have first-hand information on how it happened. The cost of recovery, when ill-prepared can be substantial, but this negative experience can become something positive for all your staff to learn from. Ensure everyone in your
Efficiently Protecting your Data,
Network and Systems
Efficiently protecting your data, network and systems
Disaster Recovery Plan (DRP)
When the worse gets to worst...
When there’s a fire, you don’t start running a drill – by then it’s too late. To limit the damage, everybody must already be on the ball and know exactly what to do.
You can only limit the damage if you are prepared and if everyone knows what is expected, but this requires preparation and training.
Lets briefly review the steps you should go through:
Identify and prioritize critical IT systems and components.
Identify critical assets
Identify length of time after which disruption becomes critical
Identify preventive controls to reduce the effects of system disruptions
Develop recovery strategies.
Design your IT contingency plan to restore a damaged system
Testing the plan to identify gaps.
Plan maintenance of the plan, as it should be a living document.
FAQs for IT Security
What are the biggest risks today?
today you have 3 main potentially lethal attacks:
The first one is Identity theft where a hacker accesses your email, files and other documents bypassing security and pretending to be you. This can lead to forging documents to trigger payments, redirecting bank transfers to other accounts, and other malicious acts.
The second one, Ransomware, is like a virus or worm that will land on your computer, sits there quietly and then after a few days, hoping you do not have a recent backup, will encrypt your data and ask a ransom to give you a decryption key. It is never guaranteed if your data returns, but it’s certain that your money will not come back.
The third one is the DDOS (distributed denial-of-service) attack on larger organisation where they block the full use of a server and request a payment to stop the attack. In this scenario, many unprotected and infected home computers are used in a botnet, and this is why it is important to lock even non-important computers or any device connected to the internet.
Am I safe with a good, up-to-date antivirus?
Definitely not. An antivirus will protect you against known virus definitions, but it will miss zero-day attacks, and it will miss many of the phishing exploits that are taking you to an external site to commit their act. Also, we have seen recently ransomware being delivered via PDF where the payload was extremely small and the activation was happening in multiple steps to avoid detection. This exploit can only be blocked by analyzing the behavior of the malware, and to stop it immediately when it reaches to download further elements of the attack, like the encryption key.
I get some really badly written phishing exploits, how can they expect to trick people with this junk?
This type of phishing is actually designed to catch people who are really not fully aware of the security reality of IT life.
This type of phishing is actually aimed at them and if they fall for this very poorly written email, it means they are ready for the rest... It is in fact a way for them to select the typical person who will believe anything and then they have a second step crafted to maintain their trickery.
I have more questions, can I ask?
Sure, we'd love to hear from you. Tell us what worries you and we will make sure to publish your question if of general interest with a comprehensive answer and add it here.