What cyber security steps are you taking?

Discussion in 'IT & Internet' started by stugster, May 17, 2019.

  1. stugster

    stugster UKBF Legend Full Member

    9,344 2,074
    Interested to hear what SMEs are doing in the UK to up their game in the IT security field. Given the fast pace of change in the cyber landscape, it's no longer enough to have a laid-back attitude towards security (unless you know what you're doing in the first place!).

    Who's thinking about their cyber exposure?

    Anyone going to do Cyber Essentials, or already done it?

    Is anyone thinking about ISO 27001 or an alternative?

    What is your Disaster Recovery process?
     
    Posted: May 17, 2019 By: stugster Member since: Feb 1, 2007
    #1
  2. fisicx

    fisicx It's Major Clanger! Staff Member

    30,102 8,835
    It’s all on my server in an password protected folder. Got a USB SSD that gets plugged in once a week to do a backup.

    That’s about it.
     
    Posted: May 17, 2019 By: fisicx Member since: Sep 12, 2006
    #2
  3. billybob99

    billybob99 UKBF Regular Free Member

    893 166
    I have an external SSD that I keep in an underground basement, in a waterproof vault, at just the correct temperature.
     
    Posted: May 17, 2019 By: billybob99 Member since: Apr 23, 2013
    #3
  4. Mark Dodds

    Mark Dodds UKBF Newcomer Full Member

    13 2
    My experience is that no one really cares about their cyber exposure until something happens.

    Personally, the basic version of Cyber Essentials is substandard and would only advise the plus version and that's only due the 3rd party involvement.

    My 2 cents:

    - Enable 2-factor authentication on everything that allows it
    - Encrypt your laptops/computers
    - Use a password manager tool so you can have a different password for each service/website

    All of these cost nothing or very little in the grand scheme of things.
     
    Posted: May 17, 2019 By: Mark Dodds Member since: Mar 30, 2015
    #4
  5. fisicx

    fisicx It's Major Clanger! Staff Member

    30,102 8,835
    Posted: May 17, 2019 By: fisicx Member since: Sep 12, 2006
    #5
  6. Mark Dodds

    Mark Dodds UKBF Newcomer Full Member

    13 2
    I've read this before...

    "The report doesn't by any means suggest you should not be using a password manager. Even with the mild flaws ISE found, a password manager remains by far the best way to keep your login credentials secure"

    Would I still use a password manager?

    Yes, you bet i would

    Why?

    Cause i've seen what happens when someone uses the same credentials for multiple services
     
    Posted: May 17, 2019 By: Mark Dodds Member since: Mar 30, 2015
    #6
  7. Helpful Johnny

    Helpful Johnny UKBF Contributor Free Member

    81 14
    Nothing is ever 100% and spreading this content may make people stop using managers thinking it's not more secure. To give the balanced argument, the protection a password manager offers far outstrips the ability for a hacker to extract a password of an already compromised computer from memory after the master password has been typed...

    There are much easier ways for a hacker to get a password than this...
     
    Posted: May 17, 2019 By: Helpful Johnny Member since: Dec 28, 2018
    #7
  8. billybob99

    billybob99 UKBF Regular Free Member

    893 166
    I use a local one KeePass (I may or may not work for them).
     
    Posted: May 17, 2019 By: billybob99 Member since: Apr 23, 2013
    #8
  9. estwig

    estwig UKBF Legend Full Member

    12,126 4,217
    I use the same short easy to remember password for everything, no need for a passport wallet.

    They won't catch me out!
     
    Posted: May 17, 2019 By: estwig Member since: Sep 29, 2006
    #9
  10. Mr D

    Mr D UKBF Legend Free Member

    13,751 1,507
    A DS system with mirror functionality for starters. Backups stored off site.
    Use both commercial and more specialist software.
     
    Posted: May 17, 2019 By: Mr D Member since: Feb 12, 2017
    #10
  11. stugster

    stugster UKBF Legend Full Member

    9,344 2,074
    You still got that Windows 2003 Server running? :D
     
    Posted: May 17, 2019 By: stugster Member since: Feb 1, 2007
    #11
  12. EmC007

    EmC007 UKBF Contributor Free Member

    60 2
    Statistics show that over 80% of SMEs are not even doing the basics. I know some organisations that did not even have antivirus software. Crazy but true.
     
    Posted: May 18, 2019 at 12:40 AM By: EmC007 Member since: Jun 3, 2017
    #12
  13. fisicx

    fisicx It's Major Clanger! Staff Member

    30,102 8,835
    Anti virus isn’t that necessary if you have good IT discipline. I don’t have anti-virus software, never needed it.

    And our plumber does everything on his phone so he doesn’t need it either.
     
    Posted: May 18, 2019 at 6:59 AM By: fisicx Member since: Sep 12, 2006
    #13
  14. estwig

    estwig UKBF Legend Full Member

    12,126 4,217
    I've been a one man band for a while now, no need of those fancy trappings.
     
    Posted: May 18, 2019 at 7:27 AM By: estwig Member since: Sep 29, 2006
    #14
  15. EmC007

    EmC007 UKBF Contributor Free Member

    60 2

    You're kidding me right?
     
    Posted: May 18, 2019 at 9:02 AM By: EmC007 Member since: Jun 3, 2017
    #15
  16. billybob99

    billybob99 UKBF Regular Free Member

    893 166
    Yes, he does like to joke around a lot.
     
    Posted: May 18, 2019 at 2:30 PM By: billybob99 Member since: Apr 23, 2013
    #16
  17. ffox

    ffox UKBF Regular Free Member

    1,212 211
    Unless your one of the less than 10% (UK Gov stats 2017) of business' that have very poor Internet access the simple answer is - cloud services.

    One Drive Live (free), Google Docs (free) and Box all use versioning on the storage platform. Office 365 and G-Suite also use versioning on the platform. This means that for any file stored in the cloud and then updated at a later date, the latest version is live and the previous version is retained as a dated version.

    If a file is infected with a virus, or malware, or ransomware the infected version will become the live version, but there will be one or more good versions, all dated, stored behind it. These will only be visible to the account holder if the file store is viewed through an Internet browser. They do not appear on the replication drive on the local device.

    So, the rules are -
    • Store in the cloud
    • View and edit in the cloud via an Internet browser whenever possible and avoid editing local replicated versions of files.
    • Where possible use SaaS (software as a service) applications to create and modify files.
    • Always replicate critical files back to a local device and copy/store offsite against the possibility of loss of Internet.
    If the need to store files locally is reduced and the need for local software is reduced then so is the need for large storage capacity on local devices. This results in lower cost PCs.

    If the operating system of one of these becomes compromised by virus or malware, simple wipe it and rebuild it. Whilst this is being done, move to another machine, log on to your cloud resource and continue working. The same can be said if fire, flood or theft affect the local machinery.

    For those business' large enough to see a need for a local area network. Move to a cloud data model and bin the servers, switches and cabling - they are no longer necessary.

    I would still always use basic anti-virus software on local machines, if only to reduce any threat from common bugs that may be inadvertently introduced by download or email.
     
    Posted: May 18, 2019 at 8:48 PM By: ffox Member since: Mar 11, 2004
    #17
  18. Mr D

    Mr D UKBF Legend Free Member

    13,751 1,507
    Can get a virus on your phone.

    Random chance or visiting the wrong site.
     
    Posted: May 19, 2019 at 12:16 AM By: Mr D Member since: Feb 12, 2017
    #18
  19. Mr D

    Mr D UKBF Legend Free Member

    13,751 1,507
    There are also some who spend thousands on electronic security and ignore direct access security - can sit in the car park outside some places accessing their wifi without password (or company name as password!) and browse the office files at leisure.
    Or take a laptop out of a business without anyone noticing, all files on laptop unsecure...
     
    Posted: May 19, 2019 at 12:22 AM By: Mr D Member since: Feb 12, 2017
    #19
  20. Nico Albrecht

    Nico Albrecht UKBF Regular Full Member - Verified Business

    477 61
    I assume you are kidding here. More than ever good antivirus security software is vital in combination with off site backups
     
    Posted: May 19, 2019 at 8:56 AM By: Nico Albrecht Member since: May 2, 2017
    #20