We’ve got your back!
If you are running a business and you are online – you are a potential target for cyber criminals. From ransomware to email compromise, businesses can be targeted in a number of ways with the vulnerability of employees often the weakest link. It can be costly – not only in terms of the financial impact, but also can seriously damage your reputation.
Stellarise are here to partner your business growth. We want all your energy to be focused on building your business, not recovering from the aftermath of an attack that could have been prevented. That’s why we take the security of your IT and data so seriously.
The following is a brief outline of the multi-layered approach we take to help our clients build cyber resilient businesses.
Enterprise Level Perimeter Firewall
We implement firewalls from Cisco Meraki, pfSense and Ubiquiti networks to provide the right secure firewall across our different client requirements.
We design and build segregated networks to compartmentalize and restrict network traffic. This can help limit the extent of any breach.
Cyber Essentials is a government sponsored scheme that helps organisations guard against the most common cyber threats and demonstrates their commitment to cyber security.
Stellarise help to ensure that our clients have all the things that they require in order to achieve certification before assessment – and we partner with an independent organisation to undertake the assessment itself.
As part of implementing Cyber Essentials we put in place monitoring across endpoint devices to ensure that their firewalls are turned on. This can help prevent attacks spreading across machines and is essential if machines are taken out onto public networks.
Policy Based Anti-Virus and Managed Patching
To be effective against known threats, Anti-Virus software needs to be kept up-to-date. We deploy policy-based solutions and use monitoring to ensure that known threats can be prevented. We deploy managed Patching solutions to ensure that the operating system and common 3rd party software is up-to-date with security patches.
Mobile Device Management (MDM)
Whilst the mobile era has provided businesses with great productivity benefits, it also exposes your organisation to new risks associated with possible loss of corporate data on these devices. Mobile Device Management allows us to remotely configure, manage and secure all mobile devices (mobile phones, tablets and laptops) in your company to ensure that sensitive data is protected.
Alerting for suspicious activity
We monitor key systems for activity that could be suspicious, for example, to alert us when a new user account is created or email forwarding rules are set up so that we can validate that they are bona fide. The team routinely monitors the threat landscape and adds further rules as necessary. These help us identify any breach attempt quickly.
High Frequency back-ups for shared storage
Wherever possible, we implement high frequency snapshot back-ups for clients’ shared storage. In the event of a ransomware attack this allows us to quickly roll back to a point in time before the attack in order to restore files.
We strongly recommend clients turn on 2-Factor Authentication wherever possible. This is an authentication method in which access to a system is granted only after successfully presenting two or more pieces of evidence; typically a password and also a time limited code that is sent to a mobile phone, or better still through the use of Google or Microsoft Authenticator apps. It can seem like an extra layer of effort (which it is – for good reason) but any downsides are outweighed by the protection it offers.
DMARC email validation
We also use implement DMARC (Domain-based Message Authentication, Reporting and Conformance) across our clients – which is an email-validation system designed to detect and prevent email spoofing, the use of forged sender addresses often used in phishing and email spam. It will give you the confidence that the emails you receive are from a recognised source. Find out more about DMARC in our blog here.
Email security training
Cyber criminals often fake employee and management identity to defraud by email. Spoof emails and ‘phishing’ attacks are becoming ever more sophisticated, convincing and difficult to spot. Forbes predict that email fraud is set to be a top cyber security trend for 2019 as attacks grew by a staggering 297% across 2018.
Stellarise offer security awareness training through our partners, KnowBe4. It combines awareness training with simulated phishing attacks and so can provide visibility of where or with whom the weaknesses lie so action can be taken. In the unfortunate event of a breach involving personal data, an active staff training programme is looked upon as evidence by the Information Commissioner’s Office (ICO) that you take information security seriously.
Encrypting your Data
We recommend that drives, particularly on laptops, are encrypted so that, in the event of loss, the data is not easily readable by anyone who isn’t authorised to do so.
Contact us – we’ve got your back!
Good cyber security is an integral aspect of growing your business through IT. It doesn’t need to be a headache if you take preventative measures as part of your IT strategy and support.
Stellarise have a proactive approach to cyber security and through our own measures, and that of our partners, we are able to offer a tailor-made, robust cyber security package to our clients. If you have any questions, please get in touch.