Keeping you safe…
Cyber Security has historically been seen as an optional rather than necessary aspect of many organisations’ IT systems. Viruses and malware attacks, whilst annoying, were ultimately non-destructive and could be dealt with quickly and easily. Most SME businesses either handled the clean up themselves or used a local IT outsourcing company.
With the advent of Ransomware and Crypto viruses, such as WannaCry, which took down the NHS in 2017, this approach to Cyber Security is no longer valid for any business. It is especially the case for SME businesses that do not have an IT management team as they are the most vulnerable to both the malware infections and subsequent data loss.
So what can you, the SME stakeholder do to protect your organisation from the evolving threats to your IT systems? The answer that many arrive at is to simply sign up to and install a standard antivirus package such as McAfee, Norton, Webroot or similar on each computer and consider the matter closed.
Not Any More!
This approach might seem to offer protection but it is no longer close to adequate. To understand why, it is important to look at how malware infections can get into your systems.
There are 3 main routes to infection:
1) Via a malicious Email Attachment
2) Via a malicious webpage
3) Via infected media (such as USB sticks, Optical disks or mobile phones)
Standard antivirus might offer some basic protection against all of these options but there is a rather nasty caveat:
In any well managed IT network the PCs and servers should all be protected by high quality, self-updating anti-virus product. As this is such a core requirement we provide the Sophos Anti-Virus solution and include it within our maintenance contract. The Sophos product checks for updates on an hourly basis and scores consistently highly in reputable anti-virus product tests.
The software has to be aware of the virus’ existence before you get it!
This is a major issue as most packages update less than 4 times per day; new viruses are now released at a rate of about 1 every 5 seconds. If you are unlucky enough to get a virus before your antivirus has updated then it is totally ineffective. If it is Ransomware then you are going to have to restore data. If you do not have an offline backup then you are losing data. It is not an exaggeration to note that some businesses have closed down due in whole or in part to ransomware infections.
So what should you be doing?
There needs to be a comprehensive mixture of managed security services addressing the different aspects of your IT security and each of the specific areas mentioned above.
With an ION Systems support contract, coverage for all of these services is automatically included.
Here is how you will be covered:
We configure the CanIt email service to check all of your inbound emails. We add a special set of filters so that files that could run malware are treated as if they do and are held for analysis. As a result, emails with clean attachments are sent to your inbox. However, we go further! We also check web links within your emails for malicious content. These are redirected so that should a user click a potentially bad link they are directed to a page, which shows where the link really goes to and the country in which it resides. This is enough to determine whether that link from your “bank” is real or obviously false and dangerous.
All of our client networks are protected by Fortinet firewalls. These firewalls inspect each connection and endpoint for malicious content and block connections that are deemed malicious.
ION Systems is a registered MSP for all of the Sophos antivirus and security products. All PCs are covered by the software, which is checked and managed via our central console. This enables us to check live if machines have an issue and respond quickly to any signs of an outbreak.
So with all of this in place am I totally protected?
The short answer is no. Although you are much less likely to be infected, there is always a chance that something might get through. That is where our Next Generation Antivirus product comes in.
Sophos Intercept X (CiX) is an additional package that we recommend to all clients. This is marketed as a Next Generation antivirus and as such, it takes a different approach.
Intercept X looks at each new process that opens on your computer. The moment a new process starts, Intercept X makes a note of the changes that are made, and keeps a copy of any files that are altered. It then assesses what that process is doing. Ransomware and other Malware act very differently to normal applications. For example, how many normal applications start scanning and encrypting all the files on your computer?
Once malware is detected, the process is stopped and removed and the changes are reverted. For more information of how this works, check this video:
As Intercept X is looking at what an application does rather than a list of known viruses it does not require constant updates to be effective. As a result, you are covered immediately even if the new malware has not yet been discovered!
With these products in place and with our security policies, tailored to your business requirements you can rest assured that you will hear about ransomware attacks on the news and not within your business.