Blog

We are passionate about the work we do, which is why we regularly research and update our blog with original content to keep you updated with industry news.

Security in an Open World

Date Tuesday, 01 July 2014 , By: Marc Whittingham , In: Technical

All of the recent revelations regarding Snowden, Heartbleed, and the GameOver Zeus botnet based infection has focused everyone's minds on security and how anyone can remain secure in this increasingly hostile and permeable world.

The massive erosion of trust in government and their security agencies has had wide reaching effects and has been the subject of much comment in recent months.

Whether it be at work with confidential and proprietary business information or at home with personal banking information. This can cause everyone concerned massive inconvenience, not to mention cost and worry of the loss of company data.

Whether it be at work with confidential and proprietary business information or at home with personal banking information. This can cause everyone concerned massive inconvenience, not to mention cost and worry of the loss of company data.

Prevention is better than cure in all cases and being vigilant and putting in place appropriate safeguards is the best defence. This defence is best implemented in a multi-layered fashion, the first line of defence is ensuring that all users have a 'strong' password that is known only to them. See http://preshing.com/20110811/xkcd-password-generator for a discussion around strong passwords and how to create strong but memorable passwords ... or https://www.xkpasswd.net/c/index.cgi for a website password generator based on the above principles.

The next simplest measure is to have correct internal policies signed and recorded ensuring all staff understand and have signed up to the IT policies such as agreeing not to access inappropriate content while at work and not to send emails containing inappropriate content, all of which can have serious legal and financial implications for businesses and business owners (the use of your internet connection is your responsibility).

The next is to implement a proper firewall with correctly formed policies preventing those that might wish you harm from getting in; while this is rare, it is a risk that someone may gain access and use your systems for sinister purposes or simply to cause malicious damage.

Despite everything, the greatest risk can sometimes come from within and, as such, the next safeguard is to have proper policies, procedures and, if necessary, preventative software/hardware in place to ameliorate the risk of people allowing information to get out (accidentally or maliciously). Software and hardware devices currently available on the market can help protect against all of these risks and can prove to be very powerful tools and, should someone decide to remove information from your network, these measure can provide hard and fast proof of any improper behaviour.

A further protective measure is to have proper, comprehensive backup solutions in place protecting your data so that, in the event of accidental deletion, natural disaster or malicious action, data can be preserved and your critical business information successfully restored in the minimum time possible.

Naturally, all of these safeguards come with a number of trade-offs; whether it be privacy, cost, or convenience, a sacrifice has to be made in the name of security. As with all things a balance has to be struck and taking expert advice on the likely risks and implications for your particular circumstances is the best first step.

Needless to say Blue Frontier have experience in all of the above areas, if you would like to speak to us with regard to your network security or any other issues, please give us a call on 01722 744 574.

Marc Whittingham

By: Marc Whittingham

Marc joined Blue Frontier in 2007 and was welcomed to the board of directors in 2016. With industry experience dating back to 2003, he heads up the technical support team with a strong focus on service. As our lead networking and virtualisation engineer, Marc provides the invaluable link between clients and technicians. His incredible versatility is evidenced by his further roles as: Information Security Manager, Data Protection Officer and Quality Assurance Manager.