• 05 November 2024, 06:18 AM

Author Archives: DSM Group

businessman using digital padlock secure his datas 3d rendering 1024x536 1

5 key information security rules that are vital to follow

Every day we hear of new rules to follow, but many of them are really not necessary. To make it simple for you we have collected up the five rules we believe are so essential you’d be at a huge loss without them.

1: Passwords!
Passwords are a basic, key rule you are taught from the first time you use a computer.  But the trouble is that people use simple passwords which are easy to crack, use the SAME password for multiple accounts (so imagine if somebody has already cracked/guessed your password to one account, what they can do now!), and passwords can be stolen from a third party that stores it. So as great as passwords are, they can be almost ineffective. This is where we come in, advising you on how to make your password secure enough (and they can be!).

For starters, you’ll want to make sure that you use a long and complex password, with different passwords for each account. Don’t forget to use a mixture of numbers, upper and lowercase letters, symbols such as: @, !, ? etc. and try not to use anything that somebody might guess like your children’s names as that will be a go-to guess for anyone who knows you well enough. Understandably it would be hard for you to remember lots of different complex passwords so we recommend using a password manager with a single long and complicated password which will remember all the others for you.

2: Backup
Probably the easiest tip to follow. Doing a frequent back-up of your important and confidential information is essential because, if you only do it occasionally, you risk losing any data that has been created or edited since the last one.  Our advice is to set the back-up to run automatically so you can restore even you most current critical data in the event of an attack.

3: Web Security
Though you may only access the safest Internet sites, it’s still possible for your computer to pick up some nasty malware from web-based “drive-by downloads” where malicious code from a website searches for a soft spot where they can access your system software. Around 90% of that web code is said to come from popup advertising which you can get even when only visiting the most secure sites.
It’s for all these reasons that we advise you to use either a web reputation solution to keep you away from viciously malicious sites (the solution can either run straight through your computer or through a network to all of your devices which is our recommendation), or a web script management tool which will stop attacks through software and plugins like Flash, JavaScript, and Java. You can use great browser plugins such as Google Chromes ‘Click to Run’ tool, which stops videos from playing the minute you open a site, which can stop the many dangerous (and irritating!) ads from playing.

4: Update
This should come as no surprise to you, but yes, the more often you update your system, the safer you will be against viral threats. It’s another very simple tip that we are always told to do, purely because it works and not being able to use your computer for a few minutes shouldn’t be too much of an inconvenience considering the benefit you’re getting out of it.

Cyber-Baddies are very skilled at finding vulnerabilities in your system nowadays so, to stop them from getting into your computer and corrupting/stealing your files and destroying your computer from the inside, you need to apply updates regularly.

5: Watch out for fishing
The most common mistake that people make is that they open all their emails without any suspicion. You know which ones we’re talking about, the ones that make no sense as to why you have received them, that try to attract our gullible side to open them and then click on whatever links they’ve left there. They may read things like “Congratulations You are the winner of …!!!” or “Look John, check out this life-changing new secret you’ll never be able to live without!!” etc.  They will be inconsistent in tone and have a hyperlink at the end that will take you to a dodgy or irrelevant site, which is where they get you. The key is to be careful when looking at your emails, don’t open one if you’re not sure about it, and NEVER open one of the links in one of the emails. This is how hackers can trick you, it is called social engineering and can often be convincing so make sure you’re always cautious when opening emails.

Another method they use is to find out information about you (where you work, your age, where you live etc.) and then craft an email that appears as if it’s from someone you know with a subject line that relates to something specific in your life and looks very convincing. This is known as Spear Phishing and can be very difficult to determine if it is safe to open.  The e-mails will often appear to be from a family member, friend, or even an invoice for a recent ‘purchase’ that you never made. So we recommend that you protect yourself against these fraudsters by having a very careful look at your emails before you open them. Unfortunately there isn’t any software that can deal with this issue but, now that you have read through this article, you should be more aware and primed to delete the offending e-mails before they can cause harm.

Was this article helpful? We always love to hear your feedback, so please feel free to let us know!

disaster recovery

Disaster Recovery Testing – Will Your Plan work?

Disaster Recovery has become tougher due to ever-changing virtual environments.

Being able to recover from a disaster is consistently a top priority for IT managers. They’re constantly looking for ways to protect more applications, and to do it more economically with less downtime. But even with sustained investment, there’s still an alarming lack of confidence in how well these processes will perform when a real disaster event occurs.

One of the most ambitious projects an IT department will ever embark on is the creation of a Disaster Recovery (DR) plan. But IT professionals need to understand that creating the plan is only the first step in the process. No matter how carefully crafted it is, a DR plan has no value if it doesn’t work when needed or if only a subset of the protected data can be recovered and recreated. It’s important to understand that in addition to developing an adequate DR plan, a strictly adhered to change control process must be implemented so that changes in the environment can be reflected in the plan. Yet the reality of the modern data center is that change typically happens too fast for a change control process to keep up with it. Even if change control is adhered to most of the time, one small misstep or slip up can result in recovery failure.

Four Disaster Recovery monitoring must-haves:

  • Environment awareness. Disaster Recovery tools must go beyond application awareness and understand the environment so that changes to the application’s specific environment are detected and reported.
  • Hardware and software independence. DR monitoring should work across a variety of applications and storage hardware to analyze for inconsistencies.
  • Monitoring only. DR tools don’t have to actually move data — there are numerous hardware and software vendor products that do that. DR monitoring should therefore complement those solutions, not compete with them.
  • Work from a knowledgebase. DR shouldn’t depend on collecting information from devices for information. Organisations should develop their own list of best practices that’s used to check for DR gaps.

The proof is in the testing

Disaster Recovery plan testing is critical to identifying changes in the environment so that the plan can be updated or modified to include any new situations and to accommodate any altered conditions. Despite the importance of DR plan testing, full-scale tests can only be done periodically because they’re time consuming and often expensive to conduct. In reality, partial testing is more likely with a quarterly frequency at best; many businesses only do a full-scale test once a year.

Many businesses also have the added burden of multiple locations coupled with legal or compliance regulations. That means each location should conduct its own standalone DR test, This can potentially make the gaps between various DR sites and the primary site even greater.

The problem is that in between DR tests, many configuration changes take place. As a result, IT planners are looking for ways to monitor and validate their disaster readiness in between full-scale tests. DR monitoring tools are able to audit processes such as clustering and replication to ensure these systems capture all the data they need and store the redundant data copies correctly.

Configuration is the root of the problem

When a Disaster Recovery process like replication is first implemented, it’s installed into a known, static application state. The volumes have all been created and configured, and they can be easily identified by the replication application so that it can protect them. But as the application evolves, new volumes may be added so that more host servers can be supported. Or perhaps a volume gets moved to a different storage system so that performance can be improved, such as moving log files to an all-flash array. These additions or changes are often not reported to the IT personnel in charge of the disaster recovery process and, consequently, are left out of the protection process.

The configuration changes will typically be discovered during the next DR test and can be corrected then. But if a disaster occurs before the next scheduled test, data loss is likely to occur, as well as a failure to return the application to proper operation. In other words, every time a configuration change is made to an application, a DR test should be planned to make sure all the changes have been mapped into the DR process. In the real world, however, most IT budgets can’t support the expense of such frequent DR tests, and the IT staff is stretched far too thin to execute tests so frequently.

The bottom line

DR planning is never a one-time event; it’s a constant process that has to keep up with evolving service-level agreements and changes in environment. Given the realities of a rapidly changing business, it’s almost impossible for change control processes to keep up, and it’s equally difficult to conduct DR tests with enough frequency to be meaningful. As a result, most companies, especially large enterprises, should consider disaster recovery monitoring and outsourcing of the day to day processes.

For more information or to discuss your DR requirements further please contact us.

covid workplace

How confident are you that your business can survive the Covid-19 infection?

So, we are now faced with unprecedented circumstances. A global pandemic is affecting almost every aspect of our lives – including our businesses.

As a DR and BC recovery supplier DSM Group has been inundated with calls regarding anything from team splitting to working from home but is it too late to be considering this? Should your BC plan have been tested and operational by now?

Our advice would be it’s never too late and you certainly shouldn’t bury your head in the sand. You’re not alone. In our experience even those who have the most refined plans are finding themselves in unknown territory at this time.

Here are a few things to consider:

  1. Keep up to date with the advice from Public Health England: https://www.gov.uk/government/topical-events/coronavirus-covid-19-uk-government-response
  2. Reduce none essential travel to business critical only.
  3. Consider splitting your team and working at an alternative site.
  4. Consider working from home where possible (this is not suitable for all businesses).
  5. Ensure effective communications with staff, clients and suppliers.
  6. Cross train employees, especially in essential functions.
  7. Begin creating or amending your Business Continuity Plan to include pandemic responsewhile always considering the 4 main points; Prevention, Preparedness, Response and Recovery.

Developing a plan is not a fast or simple process but will pay dividends in the future. Once created it should be tested regularly. Allocate responsibility to keeping the plan up to date to key personnel.

Lastly, businesses should consider this an opportunity. While we cannot underestimate the impact this Pandemic can have on businesses, consideration of alternative revenue sources to ensure business survival is always positive.

If you need any help and guidance or would like to consider possible recovery options please feel free to contact us direct support@dsmgroup.co.uk

pen testing

A quick guide to effective pen-testing

Do you want to uncover vulnerabilities before a Cyber hacker exploits them? Maybe you are already aware of your network’s vulnerabilities, but need a third party to argue that your network security needs additional investments? Or does your Business need penetration testing services to comply with a certain security regulations.
Here is guide that explains the best practices to be used before, during and after network penetration testing.

 1.)  Pre-Test Stage

This section lists the activities to pay attention to before penetration testing.

  • Define the scope. Regardless of the pen-test type, list the number of networks, the IP address range within one network, subnets and computers to avoid any misunderstanding. Otherwise, pen testers might leave some network systems unattended or worse, hack some third party systems.
  • Define the time frame. Penetration testing shouldn’t disrupt your company’s everyday operations. Imagine if a pen tester used a technique involving heavy network traffic. If used at peak times, it could overload the network and crash it.
  • Decide if you want your IT security and technical information to be in the know. Unannounced penetration testing is good to assess the status of your security team. Yet, it may slow down the process or even block it, for example, by cutting access from internet for pen testers.

2.)  Test Stage

This section covers practices followed by pen testers while conducting network penetration testing.

  • Gather as much customer information as possible. Pen testers use the customer’s website, WHOIS databases and web search engines.
  • Conduct a network survey. This process provides pen testers with server names and domains, the range of IP addresses owned by the organisation, information about closed and open network ports, running OS and services.
  • Determine existing vulnerabilities. At this stage, pen testers scan the network looking for vulnerabilities to use for penetration attempt. Vulnerability scanning can be automated and manual. A combination of the two methods will boost the effectiveness of the process considerably.
  • Identify suitable targets. Pen testing will always be conducted within a time frame set by you. So, out of the list of vulnerable targets on your network, it’s essential to choose the proper ones not to waste time and effort doing unnecessary job. It would be sensible to choose the servers, as the primary targets for penetration testing.
  • Attempt penetration. To exploit vulnerabilities, pen testers use specialist, customised tools. These tools categorise vulnerabilities based on the severity. This helps to provide a customer with a report of vulnerabilities that need to be fixed immediately.

3.) Post-Test Stage

Network penetration, as such, is over. But the penetration testing procedure isn’t. Two stages are left: cleaning up and report generation.

  • Report generation. A well-structured report is a welcome hand in risk management. It should start with an overview of the penetration testing process followed by the most critical network vulnerabilities that need to be addressed in the first place. Afterwards, fewer critical vulnerabilities should be highlighted.
  • Cleaning up. Pen testers’ code of practice doesn’t allow to leave any surprises in your network. To keep it clean, pen testers should maintain a detailed record of all actions performed throughout the stages of penetration testing.
man in the middle

What is a Man-in-the-Middle Attack and How Can You Prevent It?

 

This type of cyber crime is very common and on the rise, so here’s what you need to know about MITM attacks, including how to defend yourself and your business against them.

What is a man in the middle attack?
The idea behind a man-in-the-middle attack is straight forward: Intercept traffic coming from one computer and send it to the original recipient without them knowing someone has viewed, and potentially altered, their traffic.
MITM attacks give the perpetrator the capability to steal funds, redirect a browser to a malicious website, or steal information to be used in later cyber crimes.

These are three popular types of MITM attacks your business will most likely encounter:

1. Email Hijacking
Hackers target and gain access to important email accounts, they will then monitor activity and transactions to make their eventual attack a lot more convincing. For example, they could wait for a scenario where the customer is sending money and respond, spoofing the company’s email address, with their own bank details instead of the company’s. Unfortunately, the customer thinks they’re sending their payment to the company, but they’re really sending it right to the hacker.

2. Wi-Fi Eavesdropping
Most MITM attacks rely on Wi-Fi connections. Hackers will set up a Wi-Fi connection with a legitimate-sounding name and all the hacker has to do is wait for you to connect and they’ll instantly have access to your device. Alternatively, the hacker can create a fake Wi-Fi device disguised as a legitimate Wi-Fi access point to steal the personal information of everyone who connects.

3. Session Hijacking
When you log into a website, a connection between your computer and the website is established. A hacker will then hijack your session with the website through various ways. One option they use is stealing your browser cookies. Your cookies store small pieces of information that makes web browsing convenient. It can be your online activity, login credentials, pre-fill forms, and in some cases, your location. If hackers get hold of your login cookies, they can log into your accounts and assume your identity.

“Who is the typical target of a man in the middle attack?”

Any person or any business could be the target of a MITM attack.

How do I prevent man-in-the-middle attacks?
There’s no simple ‘quick fix’ to protect yourself against MITM attacks, however here are a few to help you:

  1. Only connect known, trusted devices to your Wi-Fi networks. Don’t allow devices to automatically connect.
  2. Make sure all access points are secured and encrypted. Attackers that rely on physical proximity can be kept off a network by good security.
  3. Keep an eye out for phishing emails that request you to click to log in to a website.
  4. Train your staff to become a ‘Human Firewall’
  5. Make sure operating systems are patched and updated to prevent attacks that exploit weaknesses.

How would your business stand up against a Cyber attack?