Education and technology insights powered by HP
Security

Plan your Hack-Safe Infrastructure

March 16, 2018

Plan your Hack-Safe Infrastructure

We’re in a new world of work, where personal and professional lives are merged and we can work from anywhere – as long as we’ve got secure digital access. Win the race to protect your digital life from cyber-attacks – with the zero-compromise HP Elitebook x360 with Windows 10 Pro .

We know that the way we work has changed: it is mobile, it is digitally collaborative and it is increasingly reliant on cloud-based systems. At the same time, digital risks have changed. Cyber attacks now increasingly target these new modes of work – and the security measures like firewalls and anti-virus software that protected old-style workplaces just won’t cut it today.

When it’s time to plan your next IT upgrade: make sure that addressing today’s cyber threats, form a core part of your strategy.

SOFTWARE

From operating system to network protocol, firewall to anti-virus, software decisions play a critical role in organisational security. But most users spend the majority of their time within an application – whether that’s a tool like a word processor or spreadsheet, or a cloud-based SAAS (Software As A Service) system such as SAS, Xero, Salesforce or Zendesk. How do you secure your software? That depends; old-style, hard-disk based software needs old-style measures like anti-virus software that’s regularly updated and regular software and OS upgrades to stay ahead of new attacks. But the vulnerabilities in a cloud based system are different: less chance of a virus, more chance of a data breach. Here’s where you need solid protocols: strong passwords; multi-factor authentication; and solid anti-hacking protection. And for your network: install a software firewall on every device that connects.

MULTI-FACTOR AUTHENTICATION

Multi-factor Authentication – or MFA – is souped-up single-user security. MFA means you need more than just a password to get access to a system; you need a second, independent credential. The simplest MFA combines a password with an SMS sent to a pre-authorised mobile phone. This can be a hassle and because SMS can be received on various computers and programs, it has holes. Far more effective and difficult to compromise is biometric identity – such as fingerprint, facial or iris identification. Biometric access is easy to use, which makes it far more likely that users will comply; and it’s also difficult to circumvent, adding another layer of complexity against cyber attacks.

HARDWARE

We’re in a new digital era, where The Internet of Things is a reality – and that means that there are millions of devices that can potentially access your network. Your WiFi network should require the highest encryption protocol – likely WPA2. But what hardware has trusted status on your network – and how can it be hijacked? It’s time to get suspicious: understand the vulnerabilities left open by each device that can gain access to your network – from printer to server rack, from modem to router to mobile device and every desktop and laptop that’s allowed to connect. And once you know where the weakest link is: shut that door, fast.

BIOS LEVEL PROTECTION

Anti-virus software is only as effective as the most recent batch of signature downloads; biometric identity protects you against unauthorised access – but that’s no help when your user inadvertently downloads a malicious file. Today’s most malevolent and destructive attackers use BIOS-level code, which once opened, infects the computer’s Basic Input/Output Operating System – a critical system component which loads before the operating system and before user authentication is required. The only protection against this level of attack is BIOS-level security which detects any change to the BIOS and restores it to default before an attack can proceed.

The IT security at your workplace may be at an all-time high – but mix it up with today’s digital threats and things may get a whole lot murkier. Check out the 2018 HP Australia Security Study which found that less than half of Australian SMEs have conducted an IT risk assessment in the last year.