Successful security audit

Successful security audit for business

How can your business manage a successful security audit? IT audits—no one enjoys them, but they are a critical part of today’s IT security solutions. Audits are necessary to keep your company’s network and assets safe and secure.

Whilst it is true a successful security audit is necessary, dealing with outside auditors can be a less than pleasant experience. What happens if they make a mistake? What if they don’t do their work properly? Then as the leader of the IT department, you’ll bear the responsibility, especially if an intruder subsequently makes their way into your systems.

Is there a way to have a successful security audit, even when bringing in outside auditors? The answer is yes, when the audit is done in the right way and with the right auditor.  In a recent article by Mark Weir from from Techrader, he asks how much security is enough?

Successful security audit

Cybersecurity is a major concern for businesses, especially since hackers are getting smarter and bolder. To protect your company, a robust cybersecurity strategy is vital.

Establish security through annual audits

While security audits are important, many companies fail to conduct annual audits on their networks. The reasons for this are many. Some view this as unnecessary—if they’ve not suffered an incident, then they must have strong enough security. Another reason could be the expense of having an audit each year.

While these reasons may seem understandable, the fact is that businesses are facing more security breeches than ever before. This is true for businesses of all sizes—from corporations down to small businesses. Now is the right time to ensure your network is secure, rather than waiting to be hacked.

If your company has never conducted a security audit, then it’s time to implement annual audits. You might think of an annual security audit as being similar to having a physical each year. The doctor does a first physical exam and uses this as a comparison for future physicals. When something is different in a subsequent physical exam, then it must be investigated.

Spell Out Your Objectives

When it comes to finding the right auditor, it’s a good idea to develop your audit objectives in advance. These may include:

  1. Writing down a list of all company assets (including data, computer equipment, and more)
  2. Define the security perimeter: things that will be included and those that will not be included in the audit.
  3. Define threats
  4. Prioritise Risks
  5. Make a list of security improvements and best practices to eliminate threats

Now you have a list of objectives for the audit, meaning these are the areas that the auditor needs to focus on.

Choose auditors with experience

What you’re looking for is an auditor (or a team) that has real-world experience with security technology. This way they’ll have the ability to even the most elusive and serious security issues. You might also ask to see any published works they’ve written. This is another way to see if the auditor has the experience and the knowledge to conduct a proper security audit.

Instead, contact business connections and see if they can recommend some experienced security audit firms. In addition, ask each audit firm for a list of references to past clients, and then contact these firms and ask about their own experience with the audit firm. Once you’ve created a list of auditing firms, ask them for details on how they conduct an audit.

Prepare for a successful security audit

Now that you’ve found the right auditing firm, you’ll need to make sure they’re onboard with your objectives and the type of data they’ll have access to. This is where many companies and auditors have their first problem. Everyone assumes the other side knows what data will be accessed during the audit. The auditor may have their own ideas on the subject, and your company may have its own view on the matter. Never make the assumption that you and your auditor are on the same page about access to data. This is something that should be agreed to by you and your auditor before the audit begins.

In addition, it’s necessary to keep those people and departments involved in the process. You’ll want to involve the department managers who will be affected by the audit. This way, they won’t face sudden, unpleasant surprises in the course of the audit.

Successful security audit rules

  1. Managers will need to determine any specifics to limit impact on their systems. They may specify the day and time when testing will be optimal for their processes.
  2. Auditors will need an “indemnification statement” that gives them authorisation to conduct the audit. This should also be sent over to your ISP, so they aren’t alarmed by the large volume of port scans on their address space.
  3. Auditors generally expect access to certain data and documentation to analyse your network. These may include:
    • Copies of all policies and procedures (may include passwords, virus scanning, acceptable use info for employees), privacy guaranteed (to keep company users and client data secure), privileged access and incident handling.
    • Information about your network, and specification of target IP ranges
    • List of security devices (firewall, IDS)
    • List of software used on the network
  4. Ensure the auditor has a plan, and that they provide you with the details.
  5. When the audit’s completed, you can review the results to plan your future strategy. The audit report should cover:
    • Threat sources (internal and/or external)
    • Probability of an attack on the network
    • Impact of the attack (should outline how much money the company could use, would this affect the company’s reputation, and more)
    • Recommend actions to fix any problems

In conclusion

Whilst a successful security audit is not fun, they are essential. Especially when you see trends that change overtime. The audit provides essential information on the health of your network. As well as vulnerabilities that could put your company in danger.

Contact the LIS Help Desk to conduct a security audit with confidence, knowing your network will be more secure as a result. Our experienced team are always on hand to answer your questions and keep your business secure.

LIS – SECURING YOUR DIGITAL WORLD

#Security #Audit #ITSupport

Fake Online Reviews

Amazon deletes 20,00 fake online reviews after users profit from five-star ratings. An investigation from the Financial Times alleged that many users were profiting from posting thousands of five star reviews. One reviewer posted a five-star review on average once every four hours. They reviewed over £15,000 worth of products.

Products manufactured by small Chinese brands has many of these reviews to help boost sales. Reviewers would then go on and sell them on eBay. It appears that one reviewer made nearly £20,000 since June. Selling items including vacuum cleaners, laptops, dolls houses and selfie lights.

When contacted by the Financial Times, one reviewer denied posting paid-for reviews. They then deleted their review history from their Amazon page.

Can you trust online reviews?

Items posted were described as “unused” and “unopened” on the reviewer’s eBay page. These were apparently duplicates, they claimed.

In the descriptions for the products on eBay, the reviewer described an electric scooter. This was the same brand that they had reviewed on Amazon – as “hands down my favourite toy”. they went on to claim, they “purchased a second one for my fiancée”.

Two of the ten other top-ranked Amazon reviewers also deleted their history. Another removed their name and reviews, changing their profile picture to an image which read “please go away”.

The Financial Times suggests that nine of the UK’s ten reviewers were engaged in “suspicious behaviour”. “We want Amazon customers to shop with confidence knowing that the reviews they read are authentic and relevant,” Amazon said. It added that it would suspend, ban, and sue people who violate its policies.

Amazon’s community guidelines state that reviewers cannot post content in exchange for compensation of any kind.  This includes free or discounted products or on behalf of anyone else.

Fake Online Reviews

The UK Competition & Markets Authority (CMA) has launched an investigation into fake and misleading reviews. Unscrupulous sellers are using a range of tactics to evade detection on Amazon to mislead shoppers with fake reviews.

Amazon’s murky world of fake online one-star reviews

Amazon’s marketplace is being abused by independent sellers using fake online one-star reviews to harm rivals, the BBC has been told.

Newsnight spoke to a number of those affected who believe their sales have suffered as a consequence.

A consumer rights champion now wants a UK watchdog to investigate further, as part of a probe into fake reviews that is already under way. Amazon claims to be “relentless” in tackling review manipulation. Even so, some of those targeted believe it cannot eradicate the problem. Third-party vendors have sold more physical goods on Amazon’s site than the US tech giant itself every year since 2015, according to its own figures.

Honest advice from the experts

We are proud to say we are celebrating our 25th year in business. We pride ourselves on delivering nothing but the very best customer service and solutions to our customers whatever the situation may be.

Contact the LIS Help Desk for honest advice for your company’s IT requirements. We won’t advise you to have a repair or upgrade done if it’s not the best solution. Rest assured that using us for your IT support, you will enjoy the latest advice, services, technology and developments in the industry.

 LIS – SECURING YOU DIGITAL WORLD

#technews #amazon #Reviews #ITSupport

 

Google Chrome Warning!

Be careful when updating your browser. Google Chrome Warning!

A fake Google Chrome update hit the Internet this Summer. Hackers tried to gain control over systems using an old technique. The fake update installs the banking Trojan Zeus and remote-control software. This allows hackers access to your PC, online banking and anything else that takes their fancy. TechRader  take a look at the Google Chrome warning!

Whilst peoples focus is on pandemic issues, hackers are taking advantage of their lack of attention to maximise their returns. Maybe their furlough payments are coming to an end 🙂 .

Using several different methods of attack, hackers are highly sophisticated. The initial attack examines your geographical location, computer and other factors. They then decide whether you are their victim of choice. It then tailors the next phase to any perceived weakness you may have.

Users are fooled into thinking to run the Google Chrome update. In reality they are installing a Trojan and remote-control system by the Google Chrome warning scam.

Google Chrome Warning

Google Chrome users are being warned against a convincing and dangerous new online scam. The fake “Google Chrome update” scam gives hackers total control over your device.

Hackers come up with a fake Google Chrome update

Google Chrome is undoubtedly amongst the leading browser software worldwide. Billions of people use Google Chrome making this an easy target for this sort of attack. Security conscious users know that updating apps is important to keep the bad guys at bay. Taking advantage of this, the scam uses a fake Google Chrome update page, to hook its victims.

If you click on the “Update Chrome” button, the dodgy website will download a hacked file. This then installs malware on your computer. The cyber-experts at ProofPoint, identified that one of the programmes used in this this attack is the banking Trojans Zeus. This program is designed to liberate money from the users’ accounts.

It gets worse

ProofPoint also noted similar attacks for Internet Explorer. Probably at the time of writing any other browsers you care to name. Remember, that also included in the attack is full commercial remote-control software. This opens your PC to full remote access from anywhere in the world. This will include access to online accounts, social media and good old-fashioned email.

Proofpoint’s Sherrod Degrippo in a statement explained that this technique is not new. However, it is still effective because it exploits the intended recipient’s desire to practise good security hygiene. He further mentioned that “keeping software updated is a common piece of security advice. As a result of this, hackers use that to their advantage”. Businesses have been targeted worldwide, including ProofPoint.

Security you never have to think about

You shouldn’t have to be a security expert to feel safe on the web. Chrome is easy to use and built to be secure. Contact the LIS Help Desk today to discuss your online security strategy.

LIS protects you from a range of deceptive and dangerous sites. Downloads may might steal passwords or infect your machine. We use the latest anti-spam and anti-virus software. Take advantage of our Office 365 Security package. As well as other cloud-based solutions. We’ll give you a clear understanding of your current exposure and of the impact such an attack would have on your business.

LIS – SECURING YOUR DIGITAL WORLD

#GoogleChromeUpdate #ScamWarning #MalwareScam

Secure passwords

Smart devices will require secure passwords by 2021

Internet-connected gadgets will have to come pre-set with a unique password, or require the owner to set one before use, as part of plans for a UK cyber-security law.
Manufacturers could face being forced to recall non-compliant products and could also be fined. The government is now seeking feedback from consumer groups and industry experts to shape its final legislation. One expert said the new rules would need “strong enforcement”.
The “call for views” is the latest step to introduce a cyber-security bill, which was first outlined in May 2019. Other proposals include a requirement that manufacturers state the minimum amount of time they will continue to provide security updates for a product after purchase.
Digital infrastructure minister Matt Warman said that until the law was passed, households should ensure they had changed all internet-linked devices’ default passwords to “protect themselves from cyber-criminals”.

Davey Winder, a Senior Contributor for Forbes takes a closer look about making sure your devices have secure passwords.

These devices include:

  • Smart speakers
  • Voice assistants
  • Smartwatches for dementia patients
  • Smart lightbulbs
  • Security smart systems
  • Smart TVs
Secure passwords

Smart home devices can pose a security risk if their vendors do not take adequate care in securing them.

Do you have secure passwords?

IT-savvy users are likely to change the password and update the firmware upon acquiring it. Worse yet, hacking one’s way through a device with an unmodified default password does not take much effort. Once compromised, a cyber criminal will steal your data. Setting up botnets or performing distributed denial-of-service attacks will also cause harm to your devices.

In an effort to protect consumers, the UK has proposed a law that would make universal passwords for IoT devices illegal.

Stay protected

In conclusion, we recommend our clients use passwords that are secure. Keep all of your passwords private and make sure no one knows them. Are you using a password manager or post it notes?

Contact the LIS Help Desk to review your security and to have peace of mind.

LIS – SECURING YOUR DIGITAL WORLD

#BadPassword #ReallyReallyBad #IllegalPasswords

Work from anywhere

Technology started allowing us to work from anywhere remotely in the early 2000s. Laptops, VPN and increased Internet bandwidth set this trend in motion, allowing people to connect to corporate networks from home to access email, servers or other systems. Employees depended on this way of working to perform their daily duties.

What it didn’t address at the time was the human element. People’s desire to work on their own terms, anytime, anywhere and on any device. In the early 2000’s technology didn’t readily support this paradigm of “remote work”. Most workers didn’t even know what they were missing in terms of flexibility or convenience.

Work from anywhere, any device and any time

More and more large companies are realizing the benefits about working from home. Why stress your employees out with the expense and commute in to the office. Business Insider explores some of out largest companies working from home.

We’ve put together a brand new guide to show you the most important things to consider with a permanent flexible working arrangement for your people.

Work From Anywhere

The future is now… YOUR desktop, anytime, anywhere, any device! IT does not need to be complicated. Business owners need to concentrate on what they do best, running their business.

Top technical desires

Working 0nline or offline: Back in the late 90’s, for those old enough to remember, Lotus Notes pioneered this concept. Notes had the ability to replicate databases locally between servers and users’ local desktops. Today many technologies do this seamlessly to access emails, files or other corporate systems.

Instant gratification: Today users want access to information immediately and from any device. A mere 15 years ago expectations were very different. Employees had to be logged into a PC at the office to gain access to data. Expectations have taken a monumental shift thanks to new technology. Now smartphones, tablets, broadband, WiFi, and 4/5G all make information accessible at our fingertips.

Advanced communication: Recent advances in infrastructure and hardware have enabled new ways to communicate and collaborate. The use of these new platforms differs based on age, culture and social boundaries. There are so many choices available that employees can communicate via more channels than ever before. Document sharing, enterprise social media, gamification, instant messaging, phone, text, email, video, video or voice chat, screen sharing.

The new normal

Work anywhere you have an internet connection and often where you do not. There are many closed based back up solutions. We would recommend OneDrive.

With the ability to synchronise your OneDrive and your machine, you can now save your documents to a local folder. They will synchronise to the cloud in the background! Start a document at work and save it. The file will fly off gently to the cloud without human intervention. You can then pick up where you left off in a coffee shop or at home, working locally or in your browser. It does not matter which browser either, it works in Edge, IE11, Safari, Chrome or Firefox.

Work anytime

Well you can work anywhere, on any device so it follows that you can also work at any time. Now you may see this as a blessing or a curse. A blessing because you are not tied to your office and the opening times of the building. Which means you can get that report finished no matter where you are or what time it is. However, that is also a curse because you could work all night if you wanted to or even if you do not. Great for night owls!

As we adopt a more mobile workforce and many professions now run their business from a home, the office or even a coffee shop. We would recommend using Office 365 and take advantage of our Office 365 Security Package. It is easy to use and collaboration with clients and colleagues is now much easier.

Review your IT infrastructure. Enable your team to work from anywhere

Moving to Office 365 has huge benefits for productivity and collaboration. Because Office 365 has many security features built in it can be achieved safely. The extensive compliance manager gives controlled access to your data. You can remain in control and as an added benefit you quickly achieve full GDPR compliance. Have you moved to Office 365 yet and has it transformed your working life? Is your IT system set up and ready for your workforce to work from anywhere, any device and any time?

Contact the LIS Help Desk to speak to one of our experienced IT technicians. We carry out an IT audit to enable us to what recommend the best hardware and software solutions. Find out how we can make your workplace mor efficient and productive.

LIS – SECURING YOUR DIGITAL WORLD

#FreeGuide #NewWorkingPatterns #PreparedForTheNewNormal