How to prepare your IT security for an uncertain 2021

In only a few months, the world of work has fundamentally changed. Offices around the globe are empty, and companies have had to quickly implement home-working IT services. If that wasn’t enough, cyber-attacks and secured data breaches are at an all-time high, with no signs of slowing down.

It can all feel overwhelming. But we’re a bit different at Truis. We’re a positive bunch who see challenges as solutions in the waiting. We also like to keep things simple. So when it comes to your ICT security, we focus on four key areas.

ICT policies and procedures.

Awareness is key, you need to understand both the risks and the precautions that must be taken in your business to protect your organisation. These strategies can then be applied in your personal life to safeguard your family’s own private information.

Clear policies are the foundations of a strong ICT strategy. Covering everything from day-to-day usage through to security practices and password creation, they make sure every employee is playing their part.

However, having policies and procedures is only half the battle. You also need to communicate them. We understand — data backups and system updates aren’t the most engaging topics. But if your staff aren’t aware of your policies, then you may as well have no security strategy at all.

Data backups

We’ve all been there. Your phone, tablet or laptop slips out of your hand and suddenly you’ve lost months, maybe even years, of data. Now imagine this happening to your whole company.

The ramifications can be so impactful, that most organisations with a larger user base backup their data as part of their day-to-day operations.

When was the last time you reviewed your data backups? And, more importantly, are you covered if you ever fell victim to a cyber-attack?

Does your ICT strategy follow the 3-2-1 rule?

What is the 3-2-1 rule for data backups?

The Veeam 3-2-1 rule for backup

The Veeam 3-2-1 rule for backup

[1] Veeam 3-2-1 rule

3 – Do you keep at least three copies of your data (so no single event will destroy all copies)

2 – Do you store the data in at least two different formats? (disk, tape, cloud)

1 – Do you keep 1 copy offsite to protect against fire, flood or any other physical disaster? Is this site online or offline?

Not only do these rules cover you for the physical events of disasters (which Australia is well known for!) it also covers you in the event of a cyber security incident.

With an ever-changing digital world, these aren’t questions to ask every once in a while, but on a very, very regular occasion.

With a recent spike in ransomware, it is more important than ever to have another copy of your backup stored offline, creating the 3-2-1-1 rule. In the original 3-2-1 rule all the devices are online and connected to a network (production server, backup media, offsite cloud storage – which gets synced every night). So in case of a ransomware attack the onsite backup files are encrypted by ransomware virus and those encrypted files are getting copied over to cloud storage (e.g. AWS S3, Azure). To combat this, it is recommended to keep an additional copy of your backup that is both offsite and offline.

What is the 3-2-1-1 rule?

3 copies of data

2 different media to store backups

1 offsite location to store backups – online

1 offsite location to store backups – offline

Check out this blog from Veeam outlining in detail the 3-2-1 rules.

Endpoint security

Employees no longer work on a single computer hardwired to the company network. Instead, organisations now have an entire ‘fleet’ of wireless devices. And with every new addition comes a new potential weakness.

To combat this, endpoint security scans the whole ‘fleet’ across your network. It’s a vital part of our holistic approach, but one that needs a bit of care and attention.

Firstly, it’s important to keep your fleet secure and in-line with the latest endpoint security practices. Find ways to ensure the most recent system updates and security patches are installed.

Secondly, you should consistently review your endpoint security policies, as well as any licensing. If these expire, you’ll become an easy target.

Network security

Covid-19’s made remote working more essential than ever. But in the rush to provide employee safety, did you look after the health of your virtual networks?

Remember, it’s crucial to focus on the small details – reviewing the security of modems and wireless access connections.

These are easy to forget. But if you do, it becomes easy for hackers to access your secured data.

Implementing the right IT security can sometimes feel like a never-ending task, our team is here to change that. For a full conversation about IT services, security policies, data backup and how to keep your data secure, get in touch. We’d love to help.

[1] Veeam blog – How to follow the 3-2-1 backup rule – https://www.veeam.com/blog/how-to-follow-the-3-2-1-backup-rule-with-veeam-backup-replication.html