Connect with us

Expert Speak

12 Tips to Keep Your Business Safe from Cyberattacks



Written by Mohamad Rizk, Regional Director, Middle East and CIS at Veeam Software

According to recent research, more than 85% of companies have been the victim of a ransomware attack in the past year. It’s not a question of whether you’ve been attacked or when you’ll be attacked, but how often you’ll be attacked. While there is no way to guarantee you will never be attacked, you can take some simple steps to make it more difficult for the attackers to succeed and keep your business running. Start with the basics. Make sure your PCs and servers are all up to date and patched. Make sure you have up-to-date virus and malware checks in place. Then, embrace good practices and educate others across your team.

Tip #1 – Be skeptical
If something sounds too good to be true, it probably is. Know the warning signs for phishing, social engineering, and other scams, and err on the side of caution. Don’t click on unknown links, open unexpected or suspicious attachments or provide information to someone you don’t know or weren’t expecting to hear from.

Tip #2 – Use Strong Passwords and Passphrases
Longer is stronger. Leverage passphrases to help create long passwords that are easy to remember, but hard for others to guess.

Tip #3 – Slow down
Slow down and avoid making simple mistakes. Be cautious of auto-completion in emails so you don’t send sensitive information to the wrong person. Don’t accidentally ‘reply all’ when you only intended to send information to one person on the thread.

Tip #4 – Beware of Malware
Viruses, computer worms, and Trojans can hide in legitimate-looking websites
, free software packages online, and phishing emails. Ensure you have an anti-malware program enabled and kept updated.

Tip #5 – Stay Secure on the Go
Security doesn’t stop just when you leave the office.
Be aware of your surroundings. Don’t talk about sensitive information, like banking details or medical information, in a location where others can hear you. Keep your device screens hard for others to see – consider a privacy screen when possible. Use an external battery pack rather than public charging ports to protect against ‘juice jacking.’

Tip #6 – Know Your Data. Protect It.
You cannot protect your most sensitive information
if you don’t know what information you have. Inventory your organization’s information. Classify it based on its sensitivity level. Protect the information according to that sensitivity level.

Tip #7 – Limit Access
You may hire the most trustworthy people to work for you
, but that doesn’t mean they all need access to your most sensitive information. Provide access on a need-to-know basis. This helps protect confidentiality but also reduces the impact if someone’s access is compromised. Use multi-factor authentication when given the option to minimize the damage that can be caused if someone steals your passwords.

Tip #8 – Stay Secure Online
If you understand that the internet contains scams and threats around most corners
, then you can help to spot when something doesn’t seem right and steer clear.​​ Use and require secure networks – if the WiFi you are using is not encrypted, ensure you are using a VPN or other layer of protection. Leverage bookmarks for important URLs so you’re less likely to fall for fake dupes of the real ones. Avoid oversharing on social media and assume that anything posted is public, regardless of privacy settings.

Tip #9 – Be Security Aware. Report.
Even with all the best intentions, sometimes cybercriminals will win a battle.
It is important that your organization has a defined incident reporting and response plan so that your security team is promptly notified if there is a risk of compromise. The sooner your team knows about it, the sooner they can protect against it. Communicate your preferred method of incident reporting frequently so your employees have no doubt about how to contact you.

Tip #10 – If You Can Connect It, Protect It.
As the perimeter of your business infrastructure becomes blurred with cloud services and personal devices
being used for work (BYOD), you need to ensure your corporate policies are inclusive to require that any device used for work that can connect to the internet is required to be protected. This may be anti-malware software, strong passwords, or access controls. Each device will require something different, but a general rule of thumb is that if you can connect it, protect it.

Tip #11 – Back up Your Data
You can have a best-in-class security program and still find yourself in a situation where your data can no longer be accessed or trusted.
Regularly backing up your data in 3 different locations on 2 different media with 1 copy being offsite, 1 copy being offline, air-gapped, or immutable, and 0 errors with recovery verification, allows you to quickly restore your data with minimal downtime and keep your business running.

Tip #12 – Train Your Users // Be a Security Learner
Cybercriminals are constantly changing their tactics
as they learn about what protections are being put in place. Your organization’s people can either be your weakest link or your greatest asset. Put emphasis in teaching your people about how they can be part of your human firewall, and they can become an extension of your security team.

Expert Speak

Hidden Champions: Behind These Popular Applications Are Hard Drives



Written by Rainer W. Kaese, Senior Manager of Business Development Storage Products at Toshiba Electronics Europe

Continue Reading

Expert Speak

How to Secure MSP Success Brick by Brick



Written by Roman Cuprik, content writer at ESET (more…)

Continue Reading

Cyber Security

Is Consent the Gateway to Ethical Data Usage Practices?



Every tech company under the sun is grappling with data privacy and protection policies and laws. However, consent is crucial when it comes to data collection and processing. Having the user’s consent to use their data is imperative. While securing the data after collection is also important, using customer data without their consent causes more serious issues. Without obtaining consent from the user, any data that you use for your business falls under the unlawful use of data regulations.

Users of the well-known platform Glassdoor, which allows individuals to anonymously review their employers, allege that the site collected and linked their names to their profiles without their permission. Glassdoor users have expressed alarm, and the issue has been widely featured on social media and news-sharing sites. They fear that their anonymity could be compromised if data about them is collected and added to their profiles.

The issue here boils down to a single word: consent.

The gray area of obtaining consent
Organizations can knowingly or unknowingly exploit users’ personal data without proper knowledge of data privacy. It is not enough just to get consent from users; explicit consent is required. This includes ensuring the user selects checkboxes during the signup process, enters their email address, authorizes receiving marketing emails and newsletters, and grants the app permission to track user data in specific situations.

But when it comes to verbal consent, there is ambiguity. The GDPR accepts verbal consent but requires written or recorded proof of the consent given. The GDPR states that, “when requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.” Therefore, it is better to record or have written proof of verbal consent; one must not assume or misunderstand that verbal consent only includes oral consent.

Often, there is less visibility of data usage for customers. More often than not, customers do not know what they are giving consent for or how their data will be used. Let’s take the case of location data sharing.

Location data can show if someone visited an abortion clinic or a cancer treatment center. People usually want to keep this type of information private and not share it with companies or third parties. When consent is given without knowing what it is for, the act of giving or obtaining consent becomes meaningless.

Why consent is important in ethical data practices
Although you are legally required to obtain the user’s consent to process their data, there is also such a thing as the ethical use of data. When you take measures to protect your customers’ data beyond what the law requires, it promotes trust among your customers.

People value privacy and appreciate brands that prioritize data privacy. Let’s say a consumer is given the option to choose between two brands: one with no privacy features and another that advocates for privacy with built-in privacy features. Which do you think the customer will choose? Obviously, the latter.

Understanding a company’s data privacy policy is crucial to 85% of consumers—even before they make a purchase, a global study determined. Equally as important, 40% of individuals have changed brands after discovering that a company failed to protect customer data adequately, according to the McKinsey Global Survey on Digital Trust.

This is why tech companies go out of their way to demonstrate the privacy features they offer and how user consent is prioritized in these features.

In a way, customers prioritizing consent compels companies to integrate ethical data privacy policies into their systems. But it’s time companies realize that consent is the backbone of data privacy regulations and take customer consent seriously, not just to avoid hefty fines, but to also value the customer’s choice and their right to privacy.

A final word
Organizations worldwide are facing issues with data privacy. What is important when trying to protect your customers’ data is to realize the role customer consent plays. This helps organizations develop features and draft policies with the customer’s consent in mind and to effectively communicate to the customers why they are seeking consent. Without this step, data privacy becomes compromised. So, both organizations and customers need to grasp why consent matters and advocate for the ethical processing of data.

ManageEngine is a division of Zoho Corporation that provides comprehensive on-premises and cloud-native IT and security operations management solutions for global organizations and managed service providers. ManageEngine strongly believes in privacy by design and continuously advocates for user privacy. Established and emerging enterprises—including nine of every 10 Fortune 100 organizations—rely on ManageEngine’s real-time IT management tools to ensure the optimal performance of their IT infrastructure. Learn more about ManageEngine’s comprehensive suite of IT management solutions here.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.