Cyber security is an ever-present factor in our online lives. And, at least in the short term, keeping your data safe is going to get even more challenging. Our Head of Technology, Kenny Watson, explains.

If, like many people, you already find cyber security procedures to be a drag, well… there’s good news and there’s bad news.

Like all things related to security, it is an ongoing fight between the people who want to steal your data and the ones who want to protect it. Every so often a big technological change comes along which temporarily gives one side an advantage, and the Internet of Things is one of the biggest boons for the baddies that we’ve seen in a while.

Open doors

In an office, it’s possible for many things to be connected to the internet: the heating system, fridges, CCTV, even coffee machines. All of those will be connected to the company’s network, and all will probably have relatively weak security. So from a hacker’s point of view they are all attractive entry points: if you like, a great selection of poorly locked back doors.

One way to tackle that is called Zero Trust Network Architecture. The basic principle here is to segregate networks – so that, for example, Internet of Things devices are in one zone, very sensitive data is in another, and so on. Access to each zone is only given to the users who need it, and not until they have been verified. Modern security software also allows you to precisely define the access rules for any one zone. For example, you can set it to deny all mobiles under any circumstances.

People and processes

Another core principle is to build layers of security, so that hackers don’t have a straight path from outside your network all the way to your most sensitive data. Perhaps the most important layer of all is not technology but user education.

That’s especially true when dealing with phishing: emails that attempt to get people to transfer money to a fraudster, or to click on a link that introduces a virus. Untrained people can easily be fooled, especially when fraudsters use ‘spoofing’, in which a message appears to come from a known and legitimate email address. Attacks like this can be devious, for example using photos taken from the ‘About us’ section of your website to make spoof Outlook profiles more convincing.

The best response to put in place a system of compulsory processes and checks and then inform staff, particularly those in high-risk roles like Accounts, so that everyone understands the dangers and knows what is expected of them.

The starting point is always to act like you’ve already been hacked. (If the saboteurs are already inside the building, how can you make it as hard as possible for them to achieve their objectives?) Here are a few of the ways that Silver Cloud can help you.

Firewalls

The first line of defence, which almost every organisation should have. Exactly what’s required will depend on the particular risks being faced and how the data is used – and there always are lots of new options as the market changes fast. Silver Cloud is independent, so we make sure we understand each customer’s particular needs and then select from the whole market to find the right solution.

Anti-virus and anti-malware software

Another standard product, which is pre-installed on most computers. The software works by assessing all the information that comes into the device, and checking it against a database of known viruses and how they operate. Your biggest worry here is probably not just that your network is infected by a virus, but that you then pass it on to one of your customers or contacts. It’s quite possible that they could trace the source back to you, potentially causing huge financial and reputational damage.

Encryption

Ensuring that even if someone accesses your data it’s in a form that they can’t use. This is a major front in the constant war between hackers and defenders.

Multi-factor authentication

In short, requiring at least two piece of information – possibly from two different devices – before carrying out an instruction. A relatively robust and reliable solution. Obviously, no security method is infallible, but the fact that financial institutions use multi-factor authentication tells you that it’s one of the best options available for everyday use. It’s also a very effective defence against identity theft, which makes such attacks about 90% less likely to succeed.

Alerts

Think you’ve never been hacked? How do you know for sure? There are now several excellent tools on the market that will alert you when your defences have been breached. They can then monitor the situation, giving you useful data and insight that will help you improve both your technology and your procedures.

The big picture

Let’s finish with a bit of perspective. Just as you wouldn’t turn your house into a fortress that even you struggled to get into and out of, your organisation doesn’t have to introduce every possible cyber security measure. It’s a question of deciding on a sensible, practicable, affordable and proportionate response.

In the end, cyber security is about understanding the risks that your organisation faces, and then doing what you can. It’s a battle that, most likely, neither side will ever completely win.