Viruses, worms, phishing, trojan horses, spyware, ransomware, adware, crimeware….the list of potential IT security threats from increasingly organised Internet Mafia can seem overwhelming. But the biggest threat of all is from employees.

The odd disgruntled ex-staff member aside, damage to a company’s business systems is rarely malicious, of course – but it is nonetheless commonly achieved through ignorance, neglect and mis-management.

And when even minor chinks appear in a company’s data defences, the highly sophisticated and automated malware can easily find a ‘way in’. The outcomes can range from the mildly irritating – slow systems or excessive pop-ups – to complete business shut-down with the inability to trade, invoice or replenish stock, and possibly the very costly loss of historical data.

Just look at the recent global cyber attack which ‘shut down’ many NHS IT systems: the three biggest factors allowing the ransomware to penetrate so many medical records were human.

  • Firstly someone opened the email attachment containing the malicious software. This would have ‘seemed’ an innocent attachment, but likely from an unknown source that a staff member in an attentive business would have been trained never to open. Other common enticements include requests for ID information – from criminals masquerading as banks, and most recently PayPal. It is surprising how many trusting people still believe emails are from whom they purport to be, and are ‘fooled’ into obeying such requests;
  • Secondly, executive decisions have resulted in some 90% of the NHS still using Windows XP – a 16 year old, under-protected and vulnerable operating system;
  • Thirdly, IT teams had failed to respond promptly Microsoft’s free offer of new security software, and otherwise had failed to apply the latest security updates.
  • Other typical human failures with regards to data protection include being slack about password protocols, or connecting under-protected and ‘infected’ personal or third party mobile devices or media – from smart phones to disks and memory sticks – to business systems.

    Think this can’t happen to you? When did you last get so busy you forgot to check that the latest security patch loaded correctly? Or clicked ‘remind me later’ instead of ‘install now’ when reminded about a security update? Do you know if your server has sufficient memory to run the best security software? Are you sure staff aren’t keeping their passwords on sticky notes on their desk? Have you checked your security policy for currency – and do you even have one?

    There are some obvious steps you can take to minimise risk to your business systems:

    • Develop and maintain a security policy – then train ALL your staff (including temporary ones) how to comply with it
    • Ban connection of personal and third party devices or media
    • Train staff in the essentials of what makes a robust password format, and safe password storage
    • Maintain the latest security software, and apply all security patches as soon as offered – then check they have loaded fully
    • Avoid the temptation to use old or cheap IT components – they simply aren’t adequately protected
    • Consider a cloud-based security service

    The cloud? Yes, you heard right. Many people consider cloud-based security to be a contradiction in terms – we often hear: ‘Surely our data is less secure if it’s off-site and out of our control?’ Well, not these days, actually. Because a cloud-based service provider secures numerous clients’ systems 24/7, they have the incentive, budgets and teams of experts to maintain far superior hardware and security solutions than the average business can.

    This means that failures and security attacks are far less likely to occur in the first place. However, if a problem does occur, they will typically have identified and fixed it before the customer even knew it was there.

    What’s more, with the data back-up and recovery services that often run in tandem with the security service, you will be able to continue operating and restore historical data even if your main system does get compromised.

    With increasing recognition that this is now the safest and most affordable option, STL Technology Solutions has extended its suite of cloud-based IT services with a data security management service. This is available to all wholesalers, whether they use STL systems or not.

    It includes:

    • Remote server monitoring
    • Remote fixes, security patches & updates
    • Secure offsite data duplication & storage
    • 15 minute back-ups
    • Business continuity
    • Fast data recovery

    Best of all, this removes responsibility for security management from your staff who’ve got better things to do: like looking after your customers.