• 21 November 2024, 09:41 AM

Category Archives: System Security

Blog banners

DSM Group Achieves ISO27001:2022 Certification

We are proud to announce that DSM Group has been recommended for recertification by the British Standards Institution (BSI) for the prestigious ISO27001:2022 standard—an entire year ahead of schedule. This significant achievement underscores our continued commitment to maintaining the highest standards in information security management.

ISO27001 is an internationally recognised standard, and certification from BSI, a globally renowned certification body, further highlights our dedication to protecting sensitive company and customer information. BSI certification is a mark of trust and excellence, ensuring that our systems and processes are secure, robust, and meet the latest global standards in managing information security risks.

At DSM Group, we are dedicated to consistently improving our security measures. Our early recertification demonstrates the success of our proactive approach to safeguarding the confidentiality, integrity, and availability of information. We pride ourselves on delivering reliable and secure services, helping our clients rest assured that their data is in safe hands.

What Does This Mean for Our Clients?

For our clients, this BSI recertification reinforces DSM Group’s commitment to protecting their most critical assets. With stringent security protocols in place, clients can have full confidence that their data is managed in line with the highest industry standards.

ISO27001 also supports our dedication to continuous improvement, as we regularly assess and refine our processes to meet evolving security challenges. This not only reduces risk but also boosts operational efficiency, allowing us to provide even more reliable and high-quality services.

Thank you to everyone involved in helping us achieve this important milestone. Together, we continue to set the standard for excellence in information security, keeping our clients’ trust at the heart of everything we do.

cloud-cybersecurity-insights

Cloud and Cybersecurity Insights: Trends & Best Practices

Building a cybersecurity strategy has never been more challenging – the rapidly evolving threat landscape,

combined with the acceleration of digital transformation and a workforce distributed beyond traditional office networks to the home have radically altered how IT teams defend their network, data, users and applications.

The astonishing value of the cyber crime industry and move towards cyber crime as-a-service via online dark web marketplaces and commoditisation of malware has not just seen more advanced and complex threats, but an increasingly lower barrier for entry. Anyone can now gain access to the tools needed to deliver ransomware and take payments via anonymous cryptocurrency, while tactics have evolved to include PR and extortion threats that have further muddied the waters of how organisations can respond – further ramping up the potential financial returns.

The last two years have seen the added complexity of an accelerated shift in the infrastructure and strategy of many organisations, as distributed workforces and working from home became the default. This necessitated migration to the cloud at unprecedented speed and digital transformation that helped keep businesses going, but created new risks and opportunities for threats to exploit.

As we move into 2022, we’ve commissioned a survey across hundreds of CTO, CIOs, CISOs and industry leaders to get their perspective of this changing threat landscape, how much cloud has become the core of today’s network, and the priorities from the boardroom to the SOC in defending against the next threat.

To view the full report and results, download your complimentary copy below.

businessman using digital padlock secure his datas 3d rendering 1024x536 1

5 key information security rules that are vital to follow

Every day we hear of new rules to follow, but many of them are really not necessary. To make it simple for you we have collected up the five rules we believe are so essential you’d be at a huge loss without them.

1: Passwords!
Passwords are a basic, key rule you are taught from the first time you use a computer.  But the trouble is that people use simple passwords which are easy to crack, use the SAME password for multiple accounts (so imagine if somebody has already cracked/guessed your password to one account, what they can do now!), and passwords can be stolen from a third party that stores it. So as great as passwords are, they can be almost ineffective. This is where we come in, advising you on how to make your password secure enough (and they can be!).

For starters, you’ll want to make sure that you use a long and complex password, with different passwords for each account. Don’t forget to use a mixture of numbers, upper and lowercase letters, symbols such as: @, !, ? etc. and try not to use anything that somebody might guess like your children’s names as that will be a go-to guess for anyone who knows you well enough. Understandably it would be hard for you to remember lots of different complex passwords so we recommend using a password manager with a single long and complicated password which will remember all the others for you.

2: Backup
Probably the easiest tip to follow. Doing a frequent back-up of your important and confidential information is essential because, if you only do it occasionally, you risk losing any data that has been created or edited since the last one.  Our advice is to set the back-up to run automatically so you can restore even you most current critical data in the event of an attack.

3: Web Security
Though you may only access the safest Internet sites, it’s still possible for your computer to pick up some nasty malware from web-based “drive-by downloads” where malicious code from a website searches for a soft spot where they can access your system software. Around 90% of that web code is said to come from popup advertising which you can get even when only visiting the most secure sites.
It’s for all these reasons that we advise you to use either a web reputation solution to keep you away from viciously malicious sites (the solution can either run straight through your computer or through a network to all of your devices which is our recommendation), or a web script management tool which will stop attacks through software and plugins like Flash, JavaScript, and Java. You can use great browser plugins such as Google Chromes ‘Click to Run’ tool, which stops videos from playing the minute you open a site, which can stop the many dangerous (and irritating!) ads from playing.

4: Update
This should come as no surprise to you, but yes, the more often you update your system, the safer you will be against viral threats. It’s another very simple tip that we are always told to do, purely because it works and not being able to use your computer for a few minutes shouldn’t be too much of an inconvenience considering the benefit you’re getting out of it.

Cyber-Baddies are very skilled at finding vulnerabilities in your system nowadays so, to stop them from getting into your computer and corrupting/stealing your files and destroying your computer from the inside, you need to apply updates regularly.

5: Watch out for fishing
The most common mistake that people make is that they open all their emails without any suspicion. You know which ones we’re talking about, the ones that make no sense as to why you have received them, that try to attract our gullible side to open them and then click on whatever links they’ve left there. They may read things like “Congratulations You are the winner of …!!!” or “Look John, check out this life-changing new secret you’ll never be able to live without!!” etc.  They will be inconsistent in tone and have a hyperlink at the end that will take you to a dodgy or irrelevant site, which is where they get you. The key is to be careful when looking at your emails, don’t open one if you’re not sure about it, and NEVER open one of the links in one of the emails. This is how hackers can trick you, it is called social engineering and can often be convincing so make sure you’re always cautious when opening emails.

Another method they use is to find out information about you (where you work, your age, where you live etc.) and then craft an email that appears as if it’s from someone you know with a subject line that relates to something specific in your life and looks very convincing. This is known as Spear Phishing and can be very difficult to determine if it is safe to open.  The e-mails will often appear to be from a family member, friend, or even an invoice for a recent ‘purchase’ that you never made. So we recommend that you protect yourself against these fraudsters by having a very careful look at your emails before you open them. Unfortunately there isn’t any software that can deal with this issue but, now that you have read through this article, you should be more aware and primed to delete the offending e-mails before they can cause harm.

Was this article helpful? We always love to hear your feedback, so please feel free to let us know!

key cyber security trends look out for 2021 1024x440 2

12 Steps To Secure Your IT System

Online criminals are increasingly targeting SME’s instead of large corporate entities, so it’s more important than ever to take steps to protect your IT and data.
Let’s look at how you can do that in 12 easy steps:-

  1. Make IT security a priority. Technology is integral to every small business, even those with just one computer so don’t fall into the trap of ‘it won’t happen to me’!
  2. Make someone responsible for IT security and ensure they have the time and resources to create new security processes. If not, it’s easy for things to get overlooked.
  3. Assess the risks to your IT system. Look at how you and your employees use IT to identify vulnerabilities. For example, your internet connection should be protected by a robust security package that includes virus and malware protection, plus a firewall.
  4. Take care of IT security basics. Simple precautions like not opening email attachments from unknown sources, education on threats like phishing and changing passwords regularly can significantly reduce the risks.
  5. Draw up an IT security plan. Once you have identified the risks your IT system faces, write an IT security plan. This should set out general rules to minimise the threat of hacking, theft and data loss.
  6. Be prepared to invest time and money. Good security software with regular updates usually costs money. It also takes time to identify what precautions you need to take.
  7. Perform regular backups and test that you can restore your data from your backups. At some point, every business will suffer a data loss – perhaps a result of accidental file deletion or a failed hard drive. Having a good backup system enables you to recover important data and carry on working.
  8. Protect lost property. One of the quickest ways for someone to access your data is through lost or stolen laptops, smart phones or USB memory sticks. Mobile equipment should be password protected and encrypted. Implement a remote wipe system so your data does not get into the wrong hands if a device is lost or stolen.
  9. Be aware of staff-owned devices. If employees are using their own smart phones or tablets for work then make sure this doesn’t create additional security risks.
  10. Train your staff. Ensure all employees are familiar with your security plan. Explain security procedures clearly, both during training and in employment contracts. For example, make it compulsory for staff to change their passwords regularly or to encrypt sensitive emails.
  11. Make it easy to be secure. One of the biggest threats to good security is employees who circumvent rules because following them makes their jobs difficult. It’s important your security measures don’t place an unreasonable burden on staff.
  12. Secure your website. Your website could be one of your weakest spots if hackers target you, particularly if it is the main point of contact for customers. In particular, make sure your online shop is secured by an SSL etc.
o365 backup

6 Reasons Why Office 365 Backup is Critical

While you are reading this, you may be thinking “Doesn’t Microsoft take care of Office 365 backup?”
It’s important to remember that SaaS platform providers, like Microsoft Office 365, take on the responsibility of application uptime and the underlying infrastructure. But it is the customer’s responsibility to manage and protect their vital business data.

We’ve identified 6 reasons why backing up Office 365 is critical:

  1. Accidental deletion: If you delete a user, whether you meant to or not, that deletion is replicated across the network. A backup can restore that user, either to on-premises Exchange or Office 365.
  2. Retention policy gaps and confusion: Office 365 retention policies are hard to keep up with, let alone manage. A backup provides longer, more accessible retention all protected and stored in one place for easy recovery.
  3. Internal security threats: Many businesses are experiencing threats from the inside, and they are happening more often than you think. Having a high-grade recovery solution mitigates the risk of critical data being lost or destroyed.
  4. External security threats: Malware and viruses have done serious damage to organisations globally in just the past year alone. A backup can easily restore mailboxes to an instance before the attack.
  5. Legal and compliance requirements: Ensure you can retrieve mailbox data during legal action and to meet any regulatory compliance needs.
  6. Managing hybrid email deployments and migrations to Office 365: Whether you are migrating to Office 365 or have a blend of on-premises Exchange and Office 365 users, the exchange data should be managed and protected the same way, making the source location irrelevant.

It is always nice to hear how our customers and partners are validating our solutions. IT Manager at Egelim Lojistik A.S.
Before this product I thought my emails were safe. Now, I am sure they are safe.”
Every customer can be confident that as they move to the cloud and expand their infrastructure, Veeam is there to protect and ensure Always on Availability.

Read the May 2017 Gartner Report: Adopt Microsoft Office 365 for Damage Control and Fast Recovery After Malicious Attacks. We believe this Gartner report can provide more information on Office 365 Backup.