Cyber Security
Cyber Security is becoming a day to day issue around the world and is something that Sigma take very seriously. We have worked hard to become a Cyber Essentials certified company. This certification demonstrates that we implement the most important cyber security controls, keeping our data and our customers data safe, our devices up-to date and retiring un-supported devices and software. We are dedicated to renewing this certification yearly, whilst striving to maintain the fundamentals and pursuing additional qualifications to demonstrate our commitment.
What is Cyber Security
Cybersecurity is the practice of protecting systems, networks, and data from cyberattacks. In today’s modern world, everyone has at least one device connected to the internet which makes them vulnerable, It is important that all devices are kept up to date with the latest security patches to combat the vulnerabilities and prevent cyber attacks.
It is also important to use a device that is still supported by the manufacturer. This includes phones, tablets, laptops, anything that connects to the internet. Manufacturers will stop support for older devices, but will let you know when this is going to happen, the device will not stop working, it just means that the manufacturers are no longer releasing updates to patch security holes. If you continue to use a device that is no longer supported then you run the risk of being targeted for an attack. It is recommended that if a manufacturer is about to stop support for a device, getting it replaced with a new device is advisable.
Apart from manufacturer security updates there are steps that you can take to further protect yourself from attacks. These include:
Passwords
Use passwords on all your accounts. Make sure the passwords are not simple e.g. password123. A strong password should be at least 8 characters long and should contain a capital letter, at least one number and a special character.
R3dB3ar99! Is a good example of a password. It contains all of the above criteria and would not be an easy password to guess.
You should always have a separate password for your emails. Your email is normally the only thing that links all your accounts together. If this is compromised then all of your other accounts are at risk.
· Example – your Amazon account has been hacked. The hacker will know your email address and would then use the password they have for Amazon to see if it works to log into your emails. If the password works, they can access your emails and forward them on to another account that they own. They will also try and gain access to other accounts you have by requesting password resets. Most of the password resets are sent to your emails and as they now have access to your email account, they would be able to reset the password and you would no longer have access.
Two Factor Authentication
This is a very good way to protect your accounts. If your password is compromised two factor authentication (2FA) will give you an extra layer of protection that the hacker would need to get passed. You may have com across this when accessing online banking. The bank will ask you to log on to your account and will then ask you for a code from a device that they have provided.
Other applications are starting to do the same thing. Microsoft, as an example offer this function, but they use an application that can be installed on to your phone called ‘Authenticator’. This app will have the application name you are trying to log in to with a code. The code will change every 30 seconds. You will need this code to gain access to Microsoft 365.
If you are not able to use the app then some manufactures offer to send a text message or an email to an email address that has been approved.
If the hacker is able to gain access to your system, they would look to exploit many things. One of the things being Malware.
Malware
Malware is a malicious piece of software that can damage your systems or steal your data. This is done in different ways.
· A virus may be installed and spread between systems causing as much damage as it can. This can include data becoming unusable
· Spyware may be installed to monitor your activity and is then sent back to the hacker. They would use this information to exploit you or to access your accounts including your bank account. You may not even know that you have this software installed until it is too late.
· Trojans can access your devices in many ways e.g. emails or from a trusted website. You click on a link that looks harmful and it may do what you expect, but in fact it has hidden code that they have now installed on your system.
All of the above can be stopped by using the right type of security software. Some of the security software will stop it at source while others will stop it as it hits your device.
Phishing
Phishing comes in the way of emails and attempts to steal sensitive data by masquerading as trustworthy entities. These attacks often arrive via email and can target specific individuals or organisations.
Ransomware
Ransomware encrypts your data and demands payment for its release. This type of attack normally stops you from gaining access to your system and will detect other devices connected to your network (including external backup drives). It will then encrypt your files, stopping you from being able to open them. Following this you will receive a message with account details to pay some money to. Once they receive payment, they would will give you the software or key to unlock the encryption. However, this is not always the case.
Backups
Make regular backups of your data. There are two ways to do this.
· External backup drive – This is a drive that is plugged in to your device and is used to make a backup of all your data as well as a system image. It is recommended that you have more than one backup drive. This protects you in case you do have an attack that compromises your data whilst the backup drive is plugged in.
· Cloud backup – this is used just for your data and is stored online. The first time you set this up it can take some time for all the data to upload, but then after this, the data can be uploaded as and when changes are made to your data. It also takes longer to recover the files as they would have to be downloaded. The good news is that the changes made to a file are saved and the file that has been updated is stored as history meaning that you can recover a file before changes were made.
Both options should be used to maximise the protection of your files.
Recovery
It is a good idea to have a recovery test performed at least twice a year. This will prove that your backups you are running are recoverable should you need to in the future.
Summary
· Always use a strong password and do not share with anyone else.
· Try and use two factor authentication where possible to double your security protection.
· Keep your devices up to date with the latest security updates.
· Do not use a device that is no longer supported by the manufacturer.
· Make regular backups to both an external drive and to an online storage location.
· Perform data recovery test at least twice a year.
