A unified approach to IT can prove challenging, be it due to budgets, scheduling, customer expectations, or aligning departmental goals with the company’s corporate goals. Many businesses deal with issues as they arise. Factors such as ageing equipment, a natural disaster or a security breach inevitably demand time and attention to solve and can cause costs to spiral.
The article ‘Moving from a reactive to a proactive approach to IT’, by Nigel Crockford, Business Development Manager at eSpida explains why running-to-failure is not helping your business grow
Moving from a reactive to a proactive approach to IT’ is available to read at www.computing.co.uk
Twenty years ago, security in IT broadly only consisted of firewalls, antivirus, passwords and development patches. Hackers and data thieves soon found ways of attacking these simple devices to gain access to sensitive organisational data.
As a result, security providers and vendors have invested in the development and production of more advanced technologies in order to defend business networks. Many different security products are now available in the defence against cyber criminals such as anti-virus, spyware detection and threat detection software to name just a few.
So, what’s next?
This is the question constantly being asked, along with what will be the next big thing in cyber security? and what will people be talking about in the next year or so?
The answer broadly lies with the cyber attackers. For each method of attacking organisational networks they develop, the vendors will be developing their products and security solutions accordingly, in order to prevent the attacks.
Change is coming
Rather than taking a traditional reactive response to cyber threats, vendors are becoming proactive by developing software to deal with known activity. Having investigated the way in which attackers operate, vendors are introducing this methodology to remove the initiative from the attacker. Realising attackers collaborate between themselves, vendors have now moved into sharing information, such as knowledge and tools, between themselves which in turn decreases the response time to threats.
With this sharing of information, vendors can now look to the future one step ahead of the cyber criminals and by using a more proactive, defensive approach will be better prepared to foresee potential attacks. By adhering to the GCHQ code of conduct guidelines along ISO 27001/2 and by following known practices and a number of elementary processes, businesses can eliminate some of the lower risks.
With cyber criminals constantly developing new threats, it is imperative that organisations keep their cyber security active and up to date.
My recommendation
Businesses should start with basic security best practice, looking at access control as well as applications within the organisation, ensuring these are forced to update and patched as deemed appropriate for your business.
I would welcome your questions on best practice procedures. Please feel free to contact me at jon.dixon@espida.co.uk
In today’s technological world, media reports of website hacks are becoming more and more prevalent. Furthermore, with human error reportedly accounting for almost two-thirds (62%) of data breach incidents, personal details are frequently being compromised.
Nowadays passwords alone, even those considered complex, are no longer satisfactory to keep the hackers at bay. A scary thought for businesses holding hundreds, thousands or, in the case of some large corporations, millions of customer records. However, there are options available to increase IT security and protect data.
Two factor authentication
To confirm a user’s stated identity, Two Factor Authentication (2FA) uses a combination of two different elements from three categories; knowledge, possession and inherence.
Knowledge
– Passwords
– PIN’s
– Secret questions/memorable information
Possession
– Card readers
– Wireless tags
– USB tokens
Inherence
– Fingerprint readers
– Retina scanners
– Voice recognition
Two factor authentication may be carried out with a hardware token or a soft token such as an authentication app on a smart phone.
Hardware tokens such as the Yubikey from Yubico are becoming more common in the workplace. They add an extra layer of security to networks and user accounts to ensure it is only the authorised user that can access the data with their personal credentials.
Yubikey and Authlite
The Yubikey is a touch sensitive authentication device (hardware token) used for second authentication and is best used with a pin or password. The Yubikey will generate a one-time passcode and provide that second authentication and when used in conjunction with Authlite, a simple yet strong two-factor authentication module (soft token), will provide two factor authentication to the network.
Setting up the system is straightforward and quick to configure from start to finish.
For organisations of all sizes there are many benefits of using the Yubikey for two-factor authentication:
– Prevents unauthorised access by requiring the physical presence of the token to log onto a device
– Easy to use
– Affordable – Total cost of ownership is significantly reduced
– Durable – no moving parts, crushproof and waterproof
– Can be used as part of a business’s ongoing GDPR policies and procedures
Summary
The old adage ‘prevention is better than cure’ has never been more relevant in the world of cyber security, as any organisation that has fallen victim to a data breech will testify.
Making it near impossible for hackers to access your accounts, two factor authentication is one of the cheapest, most simple things to put in place to secure any account. The question isn’t why should you use two factor authentication, it is why wouldn’t you use two factor authentication?
For more information about two factor authentication and how we can help you, get in touch on 0344 880 6145 or email info@espida.co.uk
Is your HR team the key to GDPR compliance?
GDPR is fast approaching and HR professionals are looking to be considerably affected, particularly surrounding recruitment data.
In an article published today, featured on the GDPR:Report website, Nigel Crockford, Business Development Manager at eSpida explains how HR departments can lead by example in GDPR compliance and ensure the organisation is ready for the change in legislation?
The article is available to read here
