Don’t drop your guard and stay updated
Cyber attacks are increasing, phishing emails targeting you and your clients are relentless. It’s important that you don’t drop your guard in the ongoing battle to protect your systems. Our IT Infrastructure Manager, Craig Smallman has some advice to ensure you remain protected.
Step 1: Make sure your machines up to date.
On a regular basis, you will get pop-ups on your PCs and laptops that says to “Update Windows”, or “Update Office”. These pop-ups are there to remind you to patch your machines to ensure that any new security vulnerabilities are fixed. It is very important to do this as soon as you can to keep your data safe.
Step 2: Make sure your servers are up to date.
Equally important (and in a lot of cases, more importantly), you need to make sure that your IT infrastructure is also up to date with the latest security patches. This includes web servers, WordPress sites (these can be particularly vulnerable), database servers, servers hosting third-party software and other network equipment. It’s easy to forget these systems but it’s imperative that these devices get the latest security patches as soon as they are available.
Failure to stay up to date with the latest security patches for servers (especially if they are accessible via the internet) can result in a system breach and rogue software being installed by hackers, with potentially devastating consequences which can lead to significant data losses. Any breach would have to be reported to the ICO, with potential fines.
Here’s my top tips:
- Always patch all servers as soon as you can. Patches are normally sent out monthly.
- Remember to patch any software you may host. Contact your vendors to ensure that you are kept informed of any important updates that are required.
- Use a third-party solution to scan your internal IT infrastructure to inform you of any updates you need to apply. Some examples would be Qualys or Secureworks although there are many solutions to choose from.
- Perform regular penetration tests against your externally facing systems. Again you can use a third-party solution to do this automatically, such as Qualys, AppCheck or Netitude.
- Create an IT Policy to formalise the patching cycles.
Additional steps can include using a third-party SOC (Security Operations Centre). These monitor your server logs and system alerts real-time alerting you immediately on the detection of any unusual activity.
If you’re at all unsure, I would recommend that you consider hiring a security contractor to perform a gap analysis on your infrastructure.
Although no system can be guaranteed to be 100% secure, the aim of security is to reduce the risk as much as you can. Following the above tips will help ensure your systems are not compromised.
IT Infrastructure Manager
03303 600 300