Are you well configured?

December 09, 2020 -

Cyber-attacks on big brands or government agencies are familiar headline news nowadays. We read stories of million-dollar ransoms, or huge numbers of access credentials being breached. You might think your business is safe. However, a single badly configured device or app could put you in danger.

You will know that no business is immune from cyber criminals. Even if your business has been proactive and taken measures such as:

  • Putting antivirus protection in place and installing a firewall;
  • developing and implementing a bring-your-own-device (BYOD) policy;
  • training staff in areas such as phishing, passwords complexity and social engineering;
  • patching and updating software promptly;
  • upgrading hardware and software before they reach end-of-life.

Even with these measures in place the threat is ever changing and evolving. The number of devices connected to your network is increasing and more employees use their own devices for work. Many more staff are now working remotely.

A Watchguard Firewall. Properly configured this will protect your business from external threats.

If your wireless is unsecured, you can end up with all kinds of unknown devices connected to your network. It’s difficult to monitor every configuration and make sure it is secure. This is especially true if you’ve become the ‘go-to guy’ for IT, despite it not being your main job.

Notifications telling us to update software always seem to arrive when we’re busy. We can’t stop what we are doing to update, there are simply other priorities. The update is a ‘do it later’ task. So, you click “never show again” on the popup. Suddenly that notification is forgotten, and the update never gets done.

This is the opportunity that cyber criminals are looking for. They actively seek out unpatched, poorly configured, vulnerable software.

What You Can Do About It

You wouldn’t install a security door, cameras and guards at the front and back of the building and then leave the side door open. It’s the same with cyber security. You could undo all your good work by leaving just one opening.

An open window is easy to spot, but something that’s badly configured might be much more difficult to detect. You can use a vulnerability scan to look for insecurities in your systems and software. Maybe a file share has been configured incorrectly. You may think it’s only you that can see the folder, but it may be everyone in the organisation. It may even be visible to those OUTSIDE the organisation, and then you have a real problem.

An automated scan is a proactive approach which can help identify network, application and security vulnerabilities. The process aims to find any possible points of entry for cybercriminals and evaluates the countermeasures you’ve already put in place.

The scan detects weaknesses in networks, communications equipment, and computers. Scan results are compared to a database of known exploits. You can ensure you are guarding against all kinds of known flaws.

A thorough Managed Service Provider will take several approaches to scanning.

Example of a vulnerability scan which can show up badly configured software and hardware

An external scan will look at anything that is facing the internet. This could include apps, routers, open ports, websites, and services. Plugging gaps here keeps bad actors out of your systems.

Following this an internal scan would look at your internal systems. Should a cybercriminal gain entry to the system, this scan considers what might be exploited.

Securing your business is critical.

But it is difficult to secure if you don’t know where the gaps are. A vulnerability scan forms part of a cyber security assessment. We offer these for FREE. It could well be the best 60 minutes you’ve spent on your business this year.

By allowing an MSP to review your security arrangements, you’re one step closer to securing your business. You’ll get a clear report detailing where your vulnerabilities lie, and a clear roadmap of how to address them.

We make it easy to book a Cyber Security Assessment, simply visit our Live Calendar and select a suitable time.

Just want to ask a few quick questions? Schedule a 15-minute call instead!