Good News, we finally have it here FOR YOU!

Any company knows, at a particular time it will have a cyber-security problem, indeed quite often our clients, ask us ‘what else’ they can do to be secure against cybercriminals. That’s when we honestly say there’s nothing 100% secure; there are Zero Days, there’s human error, there are too many factors could be wrong, our mission is to reduce those factors, and for all the rest we are counting on COVERSURE INSURANCE SERVICES:

The team at Coversure Business Insurance are cyber insurance specialists. Their cyber insurance policies can help all businesses protect themselves from the potentially ruinous effects of a cyber-attack. For an affordable premium, their cover can protect you from being held to ransom, pay to have your systems restored following an attack, compensate you for loss of earnings and help with legal costs should the attack lead to you being sued. With over 50% of business having been breached in 2016 and 60% of small businesses cease trading following an attack, now’s the time to protect and survive.

Call us for an indication quotation!

You may find our new short Cyber Insurance video useful https://www.coversure.co.uk/croydon/blog/insuring-your-business-against-cyber-crime

The new fish and chips “flavour”

Who doesn’t like fish and chips? I do! And because of that, I tell while eating if the fish is fresh or not.. and if not I will still be paying the same for ‘ frozen fish.’ Is that fair?

In IT we have a term called phishing, imagine we are the fishs. All of us move around the cyberspace browsing, in any moment we want to bank with our bank and while we are operating on a web page that ‘seems’ to be our bank it isn’t; ‘hackers have replaced it, literally copied’ to be almost the same as our bank´s web page.

At the end of the day they will get gold of our bank account, credentials, etc., etc. all data our bank asked us to enter in their systems. So we get ‘fished.’.

There are some techniques to avoid entering  ‘fake’ web sites and some other techniques to avoid our web page get faked. But honestly its a matter of security knowledge. We as fish need to ‘suspect’ every time we browse the Internet and be sure that we are where the page says we are.

When the threat “sleeps” at home

The Security is highly important these days in ANY organisation, private or public, in any vertical market, it doesn´t matter. The new economic globalisation and the eclosion of a geo-located structure  have made new and brilliant internal and external threats.

It’s true from 5 years to today; almost every  company has  at least the minimum security in-house, I’m talking about Firewalls, Antivirus, and anti-spam at least. And I agree that the minimum was enough to protect our business from outside. But I also agree that the internal protection is  the biggest unknown security now, and unfortunately, the ‘bad guys’ go one  step ahead of us. The old techniques included/meant  trying to bypass the firewall, but today many of our staff are not seated in the office, so there’s no firewall. But let’s go beyond that, let’s imagine a mad internal personnel, let’s think about one of our new employees, are we sure he or she is  not doing anything bad with my data? Have  you heard  about Spy Industry?

At this point, if you are thinking we are talking about needing  a DLP (Data Leak Prevention) you are right, and obviously, we need to be sure no one bypasses our ‘corporate compliance rules’ like who can send what type or content of data outside… BUT is  that enough? Sorry to say, no it isn’t . According to the research on 2014 ‘Cost of Data Breach’ from IBM/Ponemon, the 84% of the security issues contains stealing or incorrect use of corporate data.

That’s right, many corporate users steal business information or don´t use it correctly (according to Compliance department). Maybe just an excel with VIP customers leaked on a pen drive or using a cloud drive provider in the worst case.

It’s not new, and many companies push their staff to sign a ‘confidence clausure’. But is  that enough? In my opinion NO. It’s more effective to remind the user what they  doing, whether it’s allowed to do it or not and what the consequences will be. In the “real world”, on the streets, governments and private properties remind us of the use of CCTV to ‘monitor us’; And you obviously do not think to ‘do anything  bad’ while ‘CCTV in operation’.

Based on that idea, why don’t we monitor our staff? Why don’t we develop that plan to the cyber security world? But we will monitor ONLY when they are accessing the ‘risky and highly confidential data’. I.E. access to our CRM, or a critical SQL server.

We are talking about corporate workers, but now think, does all the staff working on your company belong to your firm? Sure? So you don’t outsource anything? I do not know any business with more than 500 users who doesn’t  outsource something : IT helpdesk, Marketing, Designers, Legal, etc..

So there’s no better way to prevent any DLP if we remind a user when it  accesses  a private part of the business ‘Hey smile, to the camera you are on TV.’ And why not use the tampered video recorder as evidence to demonstrate his/her actions.

Today, as far as I know, only a few companies have developed this idea to the market.

Technorizon UK, can help you drive your DLP project, contact us for more info.