If you're in a white collar profession, you are probably aware of professional-development (PD) courses / certificates. If you're in a trade, you're probably more familiar with the "card" system (white card, blue card etc.). What you might not know, is that we in IT have lots of courses to keep our skills up too!
Huntress, one of our Cyber-security partners ran their annual hack_it webinar today, and I thought I'd share a few key notes I took that are interesting if you use computers in your business (who doesn't!).
1. Anti-virus only protects you from about 85% of threats
That means that your network is open to 15% of hackers right now! The number is likely to vary, but you need to accept this: Anti-virus is designed to protect you against 1 kind of threat (a virus), and even then, it is only going to be reliable for viruses that have been seen before. For example, it took the presenter today only 30 minutes to develop a virus that bypassed most AV programs, all done live. You should still use anti-virus, but don't think that you're safe because you do - there are additional protection measures that should be taken. If you've been putting off buying extra protection here - don't. If you're unsure what extra protection is available - ask for help!
2. Storing everything in your email forever can be unsafe (as well as unwise)
Email services are almost always exposed to the internet for remote access (if you can set it up on your phone, then anyone can login over the internet!). In the event that your email is breached, and you have 10 years of email in there, it gives the hacker a goldmine of information for reconnaissance to know how and where to hit you hardest. It also gives them loads of information to be able to go after your clients and suppliers as well. Email was intended to be used as a tool to transfer information, kind of like a phonecall. Afterwards, there is almost always another system that the attachments / decisions wind up being entered into, so why keep the email forever? If you're worried about keeping a 'paper trail', you can save the emails out, or look at taking out a cloud based email retention system.
3. Monitoring your IT security is as important as securing it in the first place!
So you've had your trusted IT support provider check the security configuration of your IT systems, and there's only a few minor recommendations, so it's time to move onto the next task in your business, right? Wrong! Just because everything looks fine now, doesn't mean that it will be fine tomorrow, next week, or next month. On the one hand, there's new threats coming out every week (day!?!), and you might not be protected against them, because they didn't exist before. On the other hand, the "secure" configuration that you have now might be changed next week because Windows update decides to fail, a user installs a program they shouldn't because "our client required it", or an admin turns off security somewhere to test something and forgets to turn it back on. In Control System Engineering we used to say that if it isn't monitored, then it isn't managed. Lots of IT support providers can offer a level of monitoring (we do!), so if you haven't been asked about this, it might be a good idea to be pro-active and ask them first.