It can all feel overwhelming. But we’re a bit different at Truis. We’re a positive bunch who see challenges as solutions in the waiting. We also like to keep things simple. So when it comes to your ICT security, we focus on four key areas.
ICT policies and procedures.
Awareness is key, you need to understand both the risks and the precautions that must be taken in your business to protect your organisation. These strategies can then be applied in your personal life to safeguard your family’s own private information.
Clear policies are the foundations of a strong ICT strategy. Covering everything from day-to-day usage through to security practices and password creation, they make sure every employee is playing their part.
However, having policies and procedures is only half the battle. You also need to communicate them. We understand — data backups and system updates aren’t the most engaging topics. But if your staff aren’t aware of your policies, then you may as well have no security strategy at all.
Data backups
We’ve all been there. Your phone, tablet or laptop slips out of your hand and suddenly you’ve lost months, maybe even years, of data. Now imagine this happening to your whole company.
The ramifications can be so impactful, that most organisations with a larger user base backup their data as part of their day-to-day operations.
When was the last time you reviewed your data backups? And, more importantly, are you covered if you ever fell victim to a cyber-attack?
Does your ICT strategy follow the 3-2-1 rule?
What is the 3-2-1 rule for data backups?
[1] Veeam 3-2-1 rule
3 – Do you keep at least three copies of your data (so no single event will destroy all copies)
2 – Do you store the data in at least two different formats? (disk, tape, cloud)
1 – Do you keep 1 copy offsite to protect against fire, flood or any other physical disaster? Is this site online or offline?
Not only do these rules cover you for the physical events of disasters (which Australia is well known for!) it also covers you in the event of a cyber security incident.
With an ever-changing digital world, these aren’t questions to ask every once in a while, but on a very, very regular occasion.
With a recent spike in ransomware, it is more important than ever to have another copy of your backup stored offline, creating the 3-2-1-1 rule. In the original 3-2-1 rule all the devices are online and connected to a network (production server, backup media, offsite cloud storage – which gets synced every night). So in case of a ransomware attack the onsite backup files are encrypted by ransomware virus and those encrypted files are getting copied over to cloud storage (e.g. AWS S3, Azure). To combat this, it is recommended to keep an additional copy of your backup that is both offsite and offline.
Endpoint security
Employees no longer work on a single computer hardwired to the company network. Instead, organisations now have an entire ‘fleet’ of wireless devices. And with every new addition comes a new potential weakness.
To combat this, endpoint security scans the whole ‘fleet’ across your network. It’s a vital part of our holistic approach, but one that needs a bit of care and attention.
Firstly, it’s important to keep your fleet secure and in-line with the latest endpoint security practices. Find ways to ensure the most recent system updates and security patches are installed.
Secondly, you should consistently review your endpoint security policies, as well as any licensing. If these expire, you’ll become an easy target.
Network security
Covid-19’s made remote working more essential than ever. But in the rush to provide employee safety, did you look after the health of your virtual networks?
Remember, it’s crucial to focus on the small details – reviewing the security of modems and wireless access connections.
These are easy to forget. But if you do, it becomes easy for hackers to access your secured data.
Implementing the right IT security can sometimes feel like a never-ending task, our team is here to change that. For a full conversation about IT services, security policies, data backup and how to keep your data secure, get in touch. We’d love to help.
