Successful security audit

How can your business manage a successful security audit? IT audits—no one enjoys them, but they are a critical part of today’s IT security solutions. Audits are necessary to keep your company’s network and assets safe and secure.

While it is true audits are necessary, dealing with outside auditors can be a less than pleasant experience. What happens if they make a mistake? What if they don’t do their work properly? Then as the leader of the IT department, you’ll bear the responsibility, especially if an intruder subsequently makes their way into your systems.

Is there a way to have a successful audit, even when bringing in outside auditors? The answer is yes, when the audit is done in the right way and with the right auditor.  In a recent article by Mark Weir from from Techrader, he asks how much security is enough?

Successful security audit

Cybersecurity is a major concern for businesses, especially since hackers are getting smarter and bolder.
To protect your company, a robust cybersecurity strategy is vital.

Establish security through annual audits

While security audits are important, many companies fail to conduct annual audits on their networks. The reasons for this are many. Some view this as unnecessary—if they’ve not suffered an incident, then they must have strong enough security. Another reason could be the expense of having an audit each year.

While these reasons may seem understandable, the fact is that businesses are facing more security breeches than ever before. This is true for businesses of all sizes—from corporations down to small businesses. Now is the right time to ensure your network is secure, rather than waiting to be hacked.

If your company has never conducted a security audit, then it’s time to implement annual audits. You might think of an annual security audit as being similar to having a physical each year. The doctor does a first physical exam and uses this as a comparison for future physicals. When something is different in a subsequent physical exam, then it must be investigated.

Spell Out Your Objectives

When it comes to finding the right auditor, it’s a good idea to develop your audit objectives in advance. These may include:

  1. Writing down a list of all company assets (including data, computer equipment, and more)
  2. Define the security perimeter: things that will be included and those that will not be included in the audit.
  3. Define threats
  4. Prioritise Risks
  5. Make a list of security improvements and best practices to eliminate threats

Now you have a list of objectives for the audit, meaning these are the areas that the auditor needs to focus on.

Choose auditors with experience

What you’re looking for is an auditor (or a team) that has real-world experience with security technology. This way they’ll have the ability to even the most elusive and serious security issues. You might also ask to see any published works they’ve written. This is another way to see if the auditor has the experience and the knowledge to conduct a proper security audit.

Instead, contact business connections and see if they can recommend some experienced security audit firms. In addition, ask each audit firm for a list of references to past clients, and then contact these firms and ask about their own experience with the audit firm. Once you’ve created a list of auditing firms, ask them for details on how they conduct an audit.

Prepare for the Audit

Now that you’ve found the right auditing firm, you’ll need to make sure they’re onboard with your objectives and the type of data they’ll have access to. This is where many companies and auditors have their first problem. Everyone assumes the other side knows what data will be accessed during the audit. The auditor may have their own ideas on the subject, and your company may have its own view on the matter. Never make the assumption that you and your auditor are on the same page about access to data. This is something that should be agreed to by you and your auditor before the audit begins.

In addition, it’s necessary to keep those people and departments involved in the process. You’ll want to involve the department managers who will be affected by the audit. This way, they won’t face sudden, unpleasant surprises in the course of the audit. For this reason, it’s a good idea to create some audit rules in advance:

  1. Managers will need to determine any specifics to limit impact on their systems. They may specify the day and time when testing will be optimal for their processes.
  2. Auditors will need an “indemnification statement” that gives them authorisation to conduct the audit. This should also be sent over to your ISP, so they aren’t alarmed by the large volume of port scans on their address space.
  3. Auditors generally expect access to certain data and documentation to analyse your network. These may include:
    • Copies of all policies and procedures (may include passwords, virus scanning, acceptable use info for employees), privacy guaranteed (to keep company users and client data secure), privileged access and incident handling.
    • Information about your network, and specification of target IP ranges
    • List of security devices (firewall, IDS)
    • List of software used on the network
  4. Ensure the auditor has a plan, and that they provide you with the details.
  5. When the audit’s completed, you can review the results to plan your future strategy. The audit report should cover:
    • Threat sources (internal and/or external)
    • Probability of an attack on the network
    • Impact of the attack (should outline how much money the company could use, would this affect the company’s reputation, and more)
    • Recommend actions to fix any problems

In conclusion

Whilst security audits aren’t fun, they are essential. Especially when you see trends that change overtime. The audit provides essential information on the health of your network. As well as vulnerabilities that could put your company in danger.

Contact the LIS Help Desk to conduct a security audit with confidence, knowing your network will be more secure as a result. Our experienced team are always on hand to answer your questions and keep your business secure.

LIS – SECURING YOUR DIGITAL WORLD

#Security #Audit #ITSupport

Apple update threat

Unexpected Apple update threat

Are you an ipad or iphone user? Due to an unexpected update, owners of iPhones and iPads are being warned that some apps may experience glitches. Apple only gave a day’s notice of the release of a major update to its mobile operating systems.

In a recent BBC article, James Clayton and Leo Kelion investigates the Apple update threat.

Chief executive Tim Cook revealed on Tuesday that iOS 14 and iPadOS 14 would launch on Wednesday. Last year, Apple announced the release date more than a week in advance.

Apple update threat

Owners of iPhones and iPads are being warned that some apps may experience glitches because
Apple only gave a day’s notice of the release of a major update to its mobile operating systems.

Developers complain

The Apple update threat has caused havoc with developers. They have complained they do not have enough time to check for bugs and submit their products to the App Store. They include big names such as Nintendo, which has warned gamers that its Animal Crossing: Pocket Camp app will not launch after the update.

Pocket Camp commented on Twitter “We have confirmed that you cannot start the application after updating the iOS device to iOS 14. We are planning to fix this issue in an upcoming update within this month. We do not recommend you to update your device to iOS 14 until we have fixed this issue”.

How to prevent iOS 14 and iPadOS 14 installing

Some people’s devices are set to auto-install Apple’s mobile updates. In general, this can be a good idea to ensure that the latest cyber-security protection and features are automatically added when a device is plugged in overnight and connected to wi-fi.

However, this facility is limited to “point releases” and not the major “round-numbered” updates, like the move from iOS 13.7 to iOS 14. In this case, the new code will still be downloaded in the background on devices running versions 13.6 and above, but will not install without first seeking the user’s express permission, which can be declined.

Taking the pain out of IT

You are busy, so leave the worrying about your IT to us. At LIS we pride ourselves on keeping your IT systems running as smoothly and effectively as possible. This means you are free to focus on other things.

Contact the LIS Help Desk to discuss your aches and pains of your IT system. Consider us your IT doctor. We will diagnose your problems and prescribe solutions. Think of us as a part of your team – we might not be onsite; but we are always there for you.

LIS – SECURING YOUR DIGITAL WORLD

#Apple #iPhone #iPad #ITSupport

Google Chrome Warning!

Be careful when updating your browser. Google Chrome Warning!

A fake Google Chrome update hit the Internet this Summer. Hackers tried to gain control over systems using an old technique. The fake update installs the banking Trojan Zeus and remote-control software. This allows hackers access to your PC, online banking and anything else that takes their fancy. TechRader  take a look at the Google Chrome warning!

Whilst peoples focus is on pandemic issues, hackers are taking advantage of their lack of attention to maximise their returns. Maybe their furlough payments are coming to an end 🙂 .

Using several different methods of attack, hackers are highly sophisticated. The initial attack examines your geographical location, computer and other factors. They then decide whether you are their victim of choice. It then tailors the next phase to any perceived weakness you may have.

Users are fooled into thinking to run the Google Chrome update. In reality they are installing a Trojan and remote-control system by the Google Chrome warning scam.

Google Chrome Warning

Google Chrome users are being warned against a convincing and dangerous new online scam. The fake “Google Chrome update” scam gives hackers total control over your device.

Hackers come up with a fake Google Chrome update

Google Chrome is undoubtedly amongst the leading browser software worldwide. Billions of people use Google Chrome making this an easy target for this sort of attack. Security conscious users know that updating apps is important to keep the bad guys at bay. Taking advantage of this, the scam uses a fake Google Chrome update page, to hook its victims.

If you click on the “Update Chrome” button, the dodgy website will download a hacked file. This then installs malware on your computer. The cyber-experts at ProofPoint, identified that one of the programmes used in this this attack is the banking Trojans Zeus. This program is designed to liberate money from the users’ accounts.

It gets worse

ProofPoint also noted similar attacks for Internet Explorer. Probably at the time of writing any other browsers you care to name. Remember, that also included in the attack is full commercial remote-control software. This opens your PC to full remote access from anywhere in the world. This will include access to online accounts, social media and good old-fashioned email.

Proofpoint’s Sherrod Degrippo in a statement explained that this technique is not new. However, it is still effective because it exploits the intended recipient’s desire to practise good security hygiene. He further mentioned that “keeping software updated is a common piece of security advice. As a result of this, hackers use that to their advantage”. Businesses have been targeted worldwide, including ProofPoint.

Security you never have to think about

You shouldn’t have to be a security expert to feel safe on the web. Chrome is easy to use and built to be secure. Contact the LIS Help Desk today to discuss your online security strategy.

LIS protects you from a range of deceptive and dangerous sites. Downloads may might steal passwords or infect your machine. We use the latest anti-spam and anti-virus software. Take advantage of our Office 365 Security package. As well as other cloud-based solutions. We’ll give you a clear understanding of your current exposure and of the impact such an attack would have on your business.

LIS – SECURING YOUR DIGITAL WORLD

#GoogleChromeUpdate #ScamWarning #MalwareScam

Security Challenge

Take our 60 minute security challenge

We are the local data security experts. Our team prides itself on quickly finding ways that hackers could damage your business and blocking them. Are you ready to take the security challenge?

When you’re running a business, you want to think you’ve done as much as possible to keep your data safe from theft and loss. But if you don’t have the right professionals implementing data security, how well protected are you really?

In fact, if you give us just 60 minutes, we’re confident we would find something wrong with your IT setup that places your data security at risk.

Watch our new video to find out more – then contact us to start your 60 minute security challenge.

Secure your business for peace of mind

Technology is advancing every day and so is the risk of hacking. Users are increasingly facing the risk of hacking as cyber security threats become progressively more sophisticated. Implementing a firewall on your network perimeter and anti-virus on your desktop is no longer a sufficient solution – the attack surface is now much bigger.

Take our 60 minute security challenge. If you give one of our experts just 60 minutes to examine your IT systems, we’re confident they’ll find a data security breach that will horrify you. Of course, we’re not doing this to be cruel.

We want to show you what extra measures your business should be taking to keep your data safe. And your people and clients protected. Let’s face it, it’s better that WE find the breach, than a cyber-criminal does.

Contact the LIS Help Desk to help you stay vigilant when it comes to hackers. We will suggest which upgrades for your system are best suited to your business. This will improve your IT security.

#WeChallengeYou #60minuteSecurityChallenge #Security #Business

 

Big Windows 10 changes

Big Windows 10 changes could be coming as Microsoft prepares next big release. The software giant may soon have to support two operating systems simultaneously. Microsoft could be preparing to completely change its update schedule for Windows 10 due to the upcoming release of Windows 10X.

Windows 10: A guide to the updates

In a recent article by Computerworld, discusses what you need to know about each update to the current version of big Windows 10 changes.

As reported by ZDNet, the software giant has said little about its plans for Windows 10X since back since May 2019. Chief product officer Panos Panay revealed in a blog post that the company would pivot its focus from single-screen devices to dual-screen devices that leverage the power of the cloud.

Big windows 10 changes

Microsoft could be preparing to change its update schedule for Windows 10 due to the upcoming release of Windows 10X.

According to sources, Microsoft is now targeting spring 2021 for the first commercial release of Windows 10X. This is not a new operating system but rather a variation of Windows 10. The features have a simpler user interface and a more modular form. The company had originally planned to ship 10X first on upcoming dual-screen devices including its own Surface Neo.

ZDNet reports that Microsoft’s latest plan will see 10X first debut on single-screen devices aimed at businesses and education in the spring of 2021. Followed by a roll out for additional single-screen and dual-screen devices in the spring of 2022.

Windows 10 release schedule

Now that Microsoft will soon have to release updates for both Windows 10 and Windows 10X, its update schedule will likely change as well.

The company could end up releasing just one feature update per year for Windows 10 beginning in 2021. In an effort to allow its engineers to work on updates for both operating systems according to ZDNet‘s sources. If this is true, then Microsoft will likely deliver Windows 10X releases in the spring and Windows 10 feature updates in the fall moving forward.

If the company does move to once-a-year feature update schedule, it will roll out Windows 10 20H2 in the fall of this year but this will be a very minor feature update. In the spring of 2021 though, Microsoft will finally release Windows 10X for the first time.

In the autumn of 2021, the news outlet’s sources say that the company will roll out a feature update for Windows 10. With an updated version of Windows 10X releasing in the spring of 2022. This version will work on both single-screen as well as dual-screen devices.

We will likely know exactly what Microsoft plans to do soon but updating Windows 10 in one half of the year and Windows 10X during the other half of the year does make a lot of sense. The company will now have to support two operating systems with updates and new feature releases.

Keep your business up to date and secure

LIS will always keep your Windows applications up to date and secure. If you are do not have managed IT monthly services you need to talk to us.

Contact the LIS Help Desk to make sure your business is up to date and secure. We can undertake an IT audit. Upgrade your network to the latest Windows or MAC OS systems. We can check that you have the correct anti-spam and anti-virus software installed. Finally, make sure you can work anywhere, any time and on any device. We can upgrade your Microsoft Office package to Office 365. Take advantage of our Office 365 Security Package. With so many options to make your working life easier… it would be rude not to find out what is available.

LIS – SECURING YOUR DIGITAL WORLD

#Windows10 #ITSupport #Security #Business