Cybersecurity Strategy

Regarding network security, it is easy for small to medium-sized businesses to say, “not me”, “They are only after the big guys.” The reality is that attacks on all networks have increased yearly as hackers have become more sophisticated, and small businesses are affected daily by relaxed or non-existent security policies.

A 2013 study showed that 1 in every 5 small business networks would be compromised. With the ever-increasing technological advances, it is likely that since then, these numbers have climbed, posing a significant risk for a potential breach, lost or stolen data, or some malicious threat.

There are many ways Niko Computers IT Support helps to ensure that you are at minimum risk:

  • Updates – Keeping computers and network equipment updated is one of the most effective steps to preventing a possible network security issue.
  • Firewall – A common mistake in small to medium business networks is the need for a business-grade firewall solution. Often business owners need to be made aware of the difference between having a network router and having a network firewall in place.
  • Passwords – Password and password protection are an area that needs attention when discussing network security. Using sophisticated software and tools, hackers are easily gaining access to small business networks through simple or default passwords.
  • Antivirus/Antispam – Most people know that antivirus and antispam software are necessary components of network security, but many people don’t realize why it’s so important until their computer or network is infected with a virus, malware, spyware, or a host of other potentially dangerous issues.

No matter the size of your business, network security is a definite requirement for every business in the digital age. If you are still trying to figure out where to start with an internal security audit, our team can help get you on track.

Q: What do Cyber Security Services do?

A: In the most basic of terms, simple Cyber Security guards against attacks in Cyberspace. Cyber Security services are one part of standard IT support and services – generally not split into a separate category with a different vendor than an IT support company or Managed IT Services provider. Simply put, it consists of planning and implementing security measures designed to give a network infrastructure the most significant security against external and internal threats through firewalls, anti-virus (AV), and encryption tools. The security analyst is a member of an IT services team who will monitor the network for weakness, keep abreast of current trends and methodologies used by cyber criminals, educate both the rest of the IT support team and the clients on ‘Cyber Security Dos & Don’ts’, and carry out simulated attacks to test the defences.

Suppose you need more reliable and proficient IT Support and are concerned with how secure your network is - in that case, Google ‘Niko Computers IT Support.’

Q: What are Cyber Security threats?

A: A threat is any attempt by a cyber crook to breach a network. What the criminals seek is either money or data. Malware is the component of many of these attack styles – injecting itself into your system for several nefarious reasons. Data theft is where the crooks copy the client’s data and steal it. It doesn’t disappear, so the client won’t know it was stolen – but the IT support and services company should. 

For threat methodologies, there are quite a few - below are the most common manifestations that IT support teams look for:

1) Phishing/Spear Phishing: This is a form of clickbait with bad intent. Malware is hidden behind links and attachments in emails from seemingly legitimate sources. Spear Phishing is more targeted – usually towards high-level executives. Again, clients should be advised to spot these as part of a more significant ‘Cyber Security Dos & Don’ts’ training.

2) Ransomware: The criminal looks to trick an end-user into opening an attachment or clicking a link in a Phishing email that allows the malware into the system, where it encrypts all the data, not allowing the client to access it until they pay a ransom for a decryption key, paid in Crypto-currency. Any decent IT provider or Managed Services Provider should have protections, early breach notifications, AND remedies (secure local and cloud backup systems) in place because sooner or later, it WILL happen – one wrong click from an end-user on a Phishing email lets the malware into the system. 

3) Denial of Service (DoS): This aims at overwhelming the network with a barrage of requests that flood the system, making it unusable. Using infected devices for a more targeted attack is known as Distributed Denial of Service (DDoS).

4) Zero-day Exploit: This attack occurs when network vulnerabilities in hardware or software are announced (such as Microsoft’s end date for security support for Windows 7). Cyber crooks wait for these dates, and any companies that have not upgraded become the slow-running antelopes at the back of the herd. Not a good place to be. Your IT services team should be on top of these dates.

5) SQL Injection: The crooks gain access by uploading malicious Structured Query Language (SQL) scripts into the system, allowing the hackers to wreak havoc on your data.

6) Man in the Middle: Typically, the crook gets in between two users, pretending to be the persons both are communicating with, but in effect, they are gleaning sensitive information to use in a more significant attack.

7) DNS Attack: Criminals exploit weaknesses in the Domain Name System (DNS) to redirect website visitors to malicious sites (DNS Hijacking) and steal data from the compromised networks involved (DNS Tunneling). This can be hard to catch by your IT support and services team, as it happens outside of the network – they will catch it when the crooks use the info from the website attack to enter the network.

8) APT Attack: Advanced Persistent Threats occur when a cyber-criminal gains access to a network system and ‘homesteads there – simply sets up shop and filters data out over time. Many can remain undetected for a while – this is where a top-notch IT support company is worth every penny the client pays.

Q: What is enterprise cyber security?

A: ‘Enterprise’ indicates a higher level of proactive monitoring, protection, and disaster recovery for businesses. It is more all-inclusive than the essential Cyber Security used by consumers without the need for IT support. Enterprise-level security is the standard in use by Niko Computers IT Support.

Q: What's the difference between cyber security and information security?

A: Information security is practically synonymous with Enterprise Cyber Security, as they both protect data on a complete level. However, Information Security is ONLY concerned with the data itself. Enterprise Cyber Security is concerned with the data but with the entire network infrastructure.

A business would do well to choose an IT Services company that incorporates Enterprise Security over a company that advertises itself as a simple Cyber Security Service.

Q: How does digital forensic science intertwine with cyber security?

A: Forensics deals with an issue or crime after it has been committed by tracing the steps of the breach and amassing evidence for legal proceedings. Cyber Security Services deal with the prevention of the attack and disaster recovery if an attack occurs. Simply put, Cyber Security fixes the problem, while digital forensic science supports those (the legal system) that fixes the blame.