How to best protect from intrusions to your company’s IT environment?
Slovenian companies and their employees are no exception in the discussion of cyber attacks perpetrated by malicious hackers. There is no other recourse than to join forces and make sure these attacks never make it past your firewall.
Number of cyber incidents is growing steadily
The report on cyber security (source: SI-CERT) shows that in 2019 there were 2733 incidents in Slovenia, an increase of 12 percent compared to 2018. Looking somewhat further back we can see that in 2009 there were only 325 such incidents, a mere 12 percent of last year’s 2733. Considering that online criminals are eagerly taking advantage of the situation related to the COVID-19 coronavirus, it can be expected that the 2020 numbers will be significantly higher. Hackers are especially focused on sending emails and other messages with malicious attachments that supposedly include important information on the coronavirus disease, and attempt intrusions into corporate infrastructures, which is often made easier because of the measures for stopping the spread of the disease (sick leave and remote work).
How to protect your business environment?
The organizations under attack are most often the target of so-called ransomware. Attackers mostly focus on under-protected networks of corporations and public institutions. In 2018, 14% of Slovenian companies registered security incidents (source: SURS), with small businesses especially becoming easy prey, as they do not have the know-how and resources for proper security. The most often used entry point is inadequately protected remote access, which is especially disconcerting, because of the increased scope of remote work. By launching a virus on corporate servers, criminals encrypt files so that they can no longer be accessed, and demand a staggering ransom.
Some companies are still not performing comprehensive security checks aimed at detecting possible threats to IT systems and their vulnerabilities, as well as related risks to information security. A comprehensive security check is the most effective method of determining the actual level of security, as the methods, techniques and tools used are the same as those used by hackers. When establishing the mechanisms for preventing intrusion into corporate systems, it is also important to store key data on external sources, where they can be accessed even in the event of a disaster.
What about employees?
Even if a company has good information security, employees require training. They must have an anti-virus solution on their computer and use strong passwords, not share them with others, and change them frequently. They should also not connect to unsecure public WiFi hotspots, click on unknown links and download suspicious files.
With attacks focused on individuals, the most popular approach is phishing, an online fraud, where the criminal wants to obtain sensitive data from users. They generally attempt to lure a user via email to a false website, pretending to be an online service or a bank, under the pretext that the user should login in order to verify their data or receive additional benefits. If we enter our username and password on such a website, these are then sent to the hacker. Using an individual’s account, hackers can then access their business communication and consequently break into corporate environments.
How can we help?
Stroka Business Group provides a broad range of services, including security checks of corporate information structure. We use penetration tests to check the capabilities of corporate security protections, and use the findings to prepare measures for fixing the vulnerabilities in security certificates, software patches and system security settings.
We also assist in drafting security protocols for your company’s network and in the cloud, which include policies for using complex passwords, password changes, firewalls and two-factor authentication. Because we are aware that the security of an information system depends on its weakest link, we focus a lot of attention on our customers’ employees with regular training courses on information security.
We also provide special bundles for Office 365 users that include protection from the latest, most comprehensive threats, hidden in email attachments and links, ransomware, and other advanced malware.
Let us help you »