Process

Cyber security basics for non-IT professionals 3/3

Leave a Comment / Articles, Cyber security / By

Process

Processes & procedures

Welcome back for the third article of this series dedicated to Cyber Security essentials for small business owners. Today we are going to focus specifically on tools and processes and how to make use of them to ensure a consistent level of protection of our data. I will try not to be too technical but rather give a handful of common sense tips.

I often see companies trying very hard to be first in class in terms of technology. They invest in brand new computers, they buy innovative software, subscribe to premium services. And at some point, the crash happens. The unexpected. A ransomware, a data loss, a unrecoverable server breakdown.

It’s because the secret of data safety does not (only) rely on money. The idea is mainly to be able to choose the appropriate tools and use them correctly.

Safe

Backup

At some point we have all lived this nightmarish situation. Working for hours on a crucial presentation or a school essay for the youngest (the nasty paper/pen duo was still hype when I was personally in school). And then poof! All gone! Disappeared into the infamous IT void. You may probably feel cold sweat slowly trickling down your back right now, as you are remembering this traumatizing experience.

Well, imagine this happening to the very core files of your company. Clients database, orders history, stock, accounting…

You might answer that this is what backups are made for. To avoid this type of extremely serious situations.

But not only should you have a backup solution in place in your company, you also need to have proper processes to verify the consistency of the backups, and designated people to ensure these process are thoroughly followed.

Typical redundant backup structure would include synchronisation of local workstations, on premises server backup, cloud backup and an additional out of the premises backup. For example:

But that’s just the theory. You can have the most advanced tech, modern tools, the best engineers, at the end of the day nothing replaces human check. Practically, you need to regularly verify that everything is under control.

Let me tell you a story that happened to Pixar studios when they were working on Toy Story 2. How they almost lost 2 years of work and the gazillions of dollars invested in their project.

About a year before the release date of the movie, one of the crew members accidentally “pushed the wrong button” and launched a delete command on the project’s files. Associate Technical Director Oren Jacob noticed that some elements of the movie started disappearing (outfits, characters…). At some point only 10% of the project was remaining!!! The team members naturally went to the IT department and asked the tech team to run a restore job from the backup tapes. Which they did. And that’s where the hitch is: the backups were corrupted. Unusable! Nobody thought about putting in place a control procedure to verify that the backup system was actually making proper backups

Panic

In this case there’s a happy ending. One of the team member had given birth a few months ago. And she suddenly remembered that yes, she had a copy of the film on her computer at home, so that she could be able to work on it remotely! After escorting back the binary Holy Graal into the studio with a great deal of precaution, the team was able to restore this fine piece of digital art and save the movie.

In this example the issue is not the level of investment nor the technology awareness of the company or the quality of the tools which are faulty. It’s just a typical lack of control procedures.

A named individual should have been in charge of the verification of the backups, their frequency and their integrity. A control process should have been documented and scrupulously followed by the person in charge.

Nasty virus

Malware containment

Viruses, Trojans, worms, rootkits… Malware can take many forms. They can paralyse your activity, cost you a lot of money and endanger your business.

Fortunately, many solutions are available on the market to mitigate this risk. And while the editors have made huge progress in the threat detection, none of them are 100% bulletproof. They should however be efficient enough in most cases if you follow some basic rules and processes.

In my previous articles, here and here, I already gave some tips on how to avoid the most common dangers. But what should you do if a malware manages to make its way on a device in your network?

Most people would rely on the antivirus installed on their computer to get rid of the unwelcome guest. Which is better than nothing. It implies indeed that you have an antivirus installed and that it’s updated enough to detect the threat. But that’s not sufficient. Especially in a professional environment. You should have a clear written procedure with dos and dont’s and follow it scrupulously. For example:

  1. Invest in a client-server protection solution. I often see people ignoring malware alerts and just let the antivirus software take whatever default measures are recorded in the default configuration. With a client-server protection all the devices on your network are monitored on a single console (typically by your IT staff). It means every time a threat is detected somewhere, a competent individual is alerted and able to take appropriate action in a timely manner.
  2. Disconnect the infected device from the network and proceed to the disinfection or completely reinstall the OS.
  3. Find the source of the infection, and try to gather as much information as possible on the discovered threat, its propagation mode and its removal procedure. Most antivirus editors have a threat database to assist you in this task.
  4. Make sure that no other devices in your network has been compromised.
  5. Ensure that situation can be avoided in the future (patch vulnerable devices, educate your users etc.). In other words, try to eliminate any discovered vulnerabilities.
  6. If you find yourself stuck, ask for assistance from a professional as soon as possible.

Firewall

Firewall management

First, what is a firewall? According to Checkpoint’s definition a firewall is “a network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.”

Firewalls can be physical devices or pieces of software installed on your computer. They are a key element of your protection.

Many computers now come with a preinstalled firewall. Which is good. Except that when asked for any access permission on their computer, most people just click “allow” and forget about it the minute after. This is almost worse than having no firewall at all. It gives people a false sense of security that can lead to careless behavior.

In a corporate environment, firewall management should not be left to the appreciation of each employee but centralized and monitored by a qualified professional. Each new access request has to be analysed, documented and recorded in a database. In other words you must always be aware of what is going in and out of your network the same way you should always know who is going in and out of your house.

Patches

Updates, patches and hot fixes

I have already talked about the importance of keeping your systems updated here and here. And I reiterate! But… In corporate environments, it is often safer to verify first that the medicine will not bring more problems than the affliction itself.

Most updates are minor ones and you won’t probably even see any difference after applying them. But some of them (service packs, major releases etc.) will affect your operating system more deeply. Which is why, before applying any major update in your network, you should probably conduct some tests on a selected batch of computers and verify that everything continues to work as expected.

Hence, you may want to have a written documentation that lists all the major tasks that the users have to complete on a daily basis, department by department if needed. You then need to go through this list on one or several dummy devices (a virtual machine for example) and make sure nothing is preventing these tasks from being successfully completed before deploying the update in the real world.

Checklist

Conclusion

What I am trying to put in perspective in the article above is that having the best tools, skilled staff and top-notch hardware is great. But not enough.

If I was personally given the choice, I would rather spend time and money in maintaining clear processes and procedures and training staff to follow the best practices. The ideal is to create and maintain a clear documentation to prevent any disruption in the functioning of your information system. And to make sure the employees are actually its guidelines. It doesn’t need to be complex nor very technical. It should typically answer to these questions:

  • What tasks do I need to perform in order maintain a stable environment?
  • How often?
  • What tasks do I need to perform before and after a change in my information system?
  • What tasks do I need to perform if a crisis occur?
  • What tasks do I need to perform after the resolution of a crisis?

For all these questions, the person in charge of these tasks should be clearly named. According to my experience it is the best solution to avoid “watering down” responsibilities.

That’s it for today. I hope you found these few tips useful. Do not hesitate to comment or ask questions below and I’ll try my best to answer them.

Leave a Comment

Your email address will not be published. Required fields are marked *