Cyber attack: Is your business ready for the inevitable?
13th January 2015
Exposure to business interruption caused by cyber risks has grown for a number of reasons recently including:
– an increasing reliance on electronic systems to conduct business
– the automation of business functions which are reliant on electronic systems
– the interconnectivity of those electronic systems, to internal and external networks
Top 8 security vulnerabilities and how to avoid them
The Information Commissioner’s Office (“ICO”) published a report of the top 8 most common security vulnerabilities identified during their investigations of data breaches and how these can be counteracted as follows:
1. Software Security Updates
Attackers search for unpatched, outdated or otherwise vulnerable software to attack. You should have a software update policy in place for all hardware, including laptops and other mobile devices. You should only use software for which updates are still being provided.
2. SQL Injection
“Structured Query Language” is a type of programming language designed for database driven software. A SQL injection is a hacking technique which exploits flaws in the programming code. You should consider periodic independent security testing to identify programming issues, including SQL injection flaws.
3. Unnecessary Services
You should only run network services that are absolutely necessary and ensure that services intended for use on local networks only are not made available to the internet. This will reduce the number of ways an attacker might compromise systems on the network.
4. Decommissioning of Software or Services
When old or temporary hardware, software or networked services (e.g a website / file server) are no longer needed, you must decommission them and thoroughly check that the decommissioning procedure has actually succeeded.
5. Password Storage
The report explains “Hashing” and “Salting” techniques which increase the security of stored passwords. Users should also be advised to choose strong passwords (long passwords using a wide range of characters).
6. Configuration of SSL or TLS
Ensure that personal data (and sensitive information generally) is transferred using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) which are encryption schemes used for ensuring secure communications across the internet.
7. Inappropriate locations for processing data
Make sure you have policies for all your IT infrastructure for how, when and where personal data will be processed and stored. Apply specific access restrictions where necessary. Ensure that your network has regular back-up and business continuity functions in place.
8. Default credentials
Change any default credentials provided by hardware and software suppliers, such as standard usernames and passwords, as soon as possible.
For a no obligation insurance review and to find out more about how we may be able to help you please call Horner Blakey Insurance Brokers on 020 7929 0108