IT Security in the modern workplace

By Alan Gregory | 25th January 2018 | 8 min read

Cyber security firm Norton recently reported more than 17 million British consumers were hit by cybercrime in the past year incurring a cost of £4.6bn ( cyber-attack report ). It’s clear the threat is growing and earlier this week the head of the  UK’s National Cybersecurity Centre warned (major UK cyber-attack when, not if ) that it was a matter of “when, not if” Britain would be hit by a major cyber-attack. 

IT security is a constantly evolving and changing environment, presenting many challenges for even the most seasoned professional. Companies and individuals have been hit hard by attacks such as WannaCry which took place last year. The type of attack has also evolved. In the past, attackers sent large amounts of traffic to a specific network to try to overwhelm the security. As computers have become better connected and more powerful, it has become harder to run this type of attack. Attackers have therefore changed tack and Ransomware has become the favourite way to attack a network. 

Ransomware gets into a network in a variety of different ways, but will usually rely on the user clicking on a link or downloading an infected file. This is how WannaCry was able to spread. Ransomware is not a virus, which means that AntiVirus is unable to protect against it. This has left AntiVirus providers having to react to events rather than being able to be proactive.

Ransomware is difficult to protect against. It relies on the user opening an infected link or document to begin its attack. There are, however, many ways to reduce the chances of an attack starting. Education is the first line of defence. Do you recognise the email, does it match the senders usual writing style, is the topic of conversation the kind you would normally have and does the link look legitimate? Email is the usual distribution method and this makes email scanning a high priority. You should ensure that you are using an email system that scans not only the email and attachments, but the links contained within. Where possible a web filtering or firewall device should be used to try to protect traffic as it is comes in. 

As more and more business is transacted online, accountants and their clients need to take steps to reduce the chance of becoming victims of cybercrime. One important step is to reduce reliance on email and use a secure service such as IRIS OpenSpace to exchange sensitive financial data.

Keeping network security up to date is essential, however this is not a trivial task and the efforts required should not be underestimated. The IRIS Hosting service not only delivers all the IRIS Accountancy Suite products but also includes Microsoft Office 365, other desktop applications and pretty much any third party app.  Your practice data will be fully protected, held securely in our data centres and encrypted so it is only readable by your staff. Our hosted provider invest in added protection to defend against viruses, hackers and spyware. 

The cyber threat is forever evolving and cyber criminals are looking to exploit any weakness. There is no single defence against this threat. The most effective defence is to adopt a multi-layered approach.  Educating staff to be vigilant online, adopting secure tools in everyday working practices and implementing a robust infrastructure will help protect the practice, secure your client data and uphold your reputation.