An appreciation of Cybersecurity and Network Security is essential for all IT people today. The incidence and sophistication of malware and of targeted attacks on corporate and individual sites are increasing daily. Individual and corporate users must have a comprehensive online security environment in place, comprised of a mix of online security measures and cyber security solutions.
Malware has traditionally been thought of as viruses and most organisations install virus protection software as routine. But malware is not only viruses. Industrial espionage through theft of corporate information, theft of banking and credit card information and identity theft are new external threats. Internal threats continue to be the misuse of Internet access by employees, costing the business in lost productivity and potentially exposing it to external threats.
Even small business is not immune. Staff must fully understand the need for Cyber Security measures through a process of education and Information transfer, supplemented by policies on Internet usage.
In short – Cyber Security is not just about viruses.
Risk Definition – Establish the Cyber Security Environment
A business, however small, must assess the risks to their information assets just as they do with other risk areas, such as regulatory risk. This requires the preparation of risk management policies for access to information assets, including the Internet. Once that has been achieved, the appropriate cyber security environment can be established with hardware, software and policy management.
Connecting your business network to the Internet opens the door to attack. Your network must be built to the accepted design and security management best principles with firewalls and traffic filtering rules. The best security is not to let the baddies inside the gate by restricting who can use the Internet, and what they can see on it. If this is a change to an existing freer environment, the introduction will be a painful process.
Malware protection is provided most often by a software tool that sits as an interface between the corporate systems or user computer and the Internet. Key components include:
- Anti-Virus and Rootkit detection and removal. All incoming emails and their attachments, all incoming data files, and increasingly all VoIP data is scanned and if malware is found, blocked from further travel into the network.
- Spoof website detection and blocking. Legitimate websites can be hijacked by hackers or clandestinely modified to hold malware. In both cases, opening the web page may initiate the download of malware onto the user system. The software prevents opening these web pages.
- Spyware and Adware. Spyware records a user’s Internet activity with the objective of selling the information to advertisers or hackers. Adware is frame and page inserts that try to sell stuff. Spyware and adware detectors, blockers, and removers are sometimes not allowed on sites who make revenue from displaying advertising.
- An Updater. A vital component of any malware protection software is an update function that keeps the malware signature files up to date.
- Users will have heard of malware, and will probably have met it on their home computers. They will understand the need for online security and company policies and procedures around the use of the internet. If not, they need an education programme.
- Users must sign a document setting out company policy on computer usage before being granted access to the company network, and if appropriate to the Internet. Among other things, the policy will specifically state the types of material that can and cannot be viewed or downloaded.
- The policy must be regularly reviewed and updated and users told of any material changes.
Managing removable media
- The most common way in which malware makes its way into business networks is via users bringing contaminated flash drives or DVDs from home and plugging them into their office computer.
- The usage policy should include an item specifically prohibiting doing that.
- If possible, USB ports and DVD drives must be disabled in the standard configuration of desktop computers.
- Monitoring tools to record actual and attempted security breaches are essential. This helps in identifying holes in online and cyber security that need to be plugged.
- Monitor users, particularly who tries to access sensitive information. Execution of privileged account actions including creating new user accounts, changing user passwords and deletion of accounts must be recorded in an audit log.
The need for Cyber Security will be with us for the foreseeable future. It is more than just installing a virus protection application. It is an ongoing organisation-wide programme to reduce the probability of encountering malware and user misbehaviour and to mitigate their effects where and when they happen. The price of cyber security is eternal vigilance.