ITCS Blog

Equifax data breach highlights need for IT security audits – it’s not ‘just an IT issue’, says ITCS.

Cyber security professionals are hot property at the moment, with a 70% increase in job vacancies across the sector. It’s therefore no surprise that that the ITCS IT security team are in constant demand.

The recent Equifax data breach and the Wannacry ransomware attack have made world headlines, highlighting the need for robust IT security, especially with new GDPR rules due to come into force.

Two Thirds of FTSE Companies have been hit by a cyber attack

IT security audits are increasingly important. In case you think your company can’t be affected, the 2015/16 Cyber Governance Health Check made sobering reading. Two-thirds of FTSE companies have been hit by a cyber-attack in the past year alone, so IT security audits have to be a high priority for every business, even SME’s.

Staff often pose the biggest risk to IT Security

HR and the C-Suite need to lose the view that IT security is something they can pass off to ‘the IT team’.

That’s because no matter how robust your IT infrastructure, the biggest security risk comes from inadequately trained or complacent staff. In fact, at a recent Cybersecurity event, 57% of cyber security experts said they would like to see human employees replaced by AI!

IT experts like ITCS can help provide a robust infrastructure, combined with security advice and training, and we can advise your internal IT team on how to carry out regular IT security audits.

However, it isn’t only an issue for ‘techies’.  Line managers and HR have a vital role to play in maintaining secure working practices on a day-to-day basis. IT security isn’t just IT’s responsibility – it’s everyone’s responsibility. The CIPD are now encouraging HR Managers to take the lead and educate staff on secure working practices.

Here’s some things you can do to mitigate your risk:

Tighten up your physical security

Hacking isn’t just done by anonymous remote hackers. Train your staff to challenge anyone who they don’t recognize (in person or on the telephone) requesting access to your PC or password information, and train staff to lock their PCs when leaving their desk.

Your password is not usually something you need to provide, and being asked should raise a red flag. If in doubt, check with IT before granting access. If your firm has an ID system, challenge anyone who doesn’t have company or authorized contractor ID. This is good common sense anyway with current terror threats.

Keep your IT systems up to date

If you don’t outsource your IT, you are responsible for updating your system. Make sure staff know what to do if their system prompts them about software updates. We can help if you aren’t sure what to do – you definitely shouldn’t ignore them.

Manufacturers often update their software in order to protect against a specific threat.  The Equifax breach apparently resulted when a staff member failed to apply a software patch in a timely fashion – affecting 400,000 UK customers alone (and an estimated 143 million worldwide). Ouch.

Offer regular IT security training and updates

Training in cyber security adds a layer of resilience. It means staff understand which threats are out there, how to prevent them, and how to deal with them when they occur.
Sending out a memo is usually ignored, so formal IT security training is essential – and your in house team should reinforce secure working practices in between sessions.

Drive home the importance of password security

Most people know they ‘should’ create strong passwords, but nonetheless choose the name of their child, dog or even their address.

It’s vital that employees understand the importance of this. Passwords are the first line of defence. Managers should enable their systems to ‘force’ the use of strong passwords, and frequently educate staff on the need for them.

Managing the risk of insider attacks

Disgruntled employees pose a very real risk, whether having their own agenda, or receiving an incentive from a third party. A disgruntled Morrisons employee who leaked employee data literally cost the company millions of pounds.

The first step to protect your business from insider threats is to carefully control who has access to what information. Staff should only have access to data they need to do their job, access to sensitive data should be controlled and recorded and access levels should be regularly reviewed, especially if job roles change.

A formal starting and leaving procedure should be followed, rather than just making changes when someone leaves. On leaving, the formal leaving process should terminate access immediately, not a few days later and any shared passwords (which should not exist anyway) should be changed.

ITCS offering free IT security audits

Whilst many customers rely on us for IT support, we believe IT Security is equally important.

We are happy to offer any business a free review of their current IT security with a thorough audit. We will advise you of the next steps to take and you can decide how to proceed next.

ITCS services include IT security consultancy and training. We can also ‘train the trainer’ if you prefer to deliver staff security training in house.

IT security remains a threat that businesses cannot afford to ignore, and staff need to be on board to help combat the threat. Wayne Harris, our Compliance Officer says:

“No matter how secure your systems are, your people have a vital impact on security. Alert and well-trained staff add an important layer to your security. Unmotivated, untrained staff simply add an additional risk – with so many threats these days, that’s not a risk worth taking.”

To take advantage of your free review, click here and complete the form at the bottom of the page – our team will be in touch.

WebEquifax data breach highlights need for IT security audits – it’s not ‘just an IT issue’, says ITCS.