GABIRAY

News and thoughts

Five great advice everyone should follow before being hacked.

May 13, 2024

It is not a question of if your IT will be compromised. It is a question of when. Postponing it and minimising the damage when it happens, is of the essence.

A Danish Market Analytics Company had a bad experience with a recent cyberattack. Not only did it cost them a lot of money, essentially turning a possible profit into a loss, it also laid bare areas of improvement. A lot of companies choose not to talk publicly about being under attack and while that may have its good reasons, we at Gabiray recommend being as open as possible, about the situation. For the benefit of everyone, the Danish company complied a list of advice that they are now sharing with everyone. We have taken the list, adapted it and elaborated it, with our perspectives on how to better manage your IT Security.


#1 Use two-factor authentication on everything.

This is really a no-brainer, but surprisingly we do see a lot of companies that either do not use this or have it partially implemented only. (If you need to know what two-factor is, read here).

When two-factor is enabled, it will be much harder for anyone to maliciously gain access to your systems. If you are using a service that does not offer two-factor, maybe it is time to consider if you really need it or it can be substituted for one that does.


#2 Control who has access. Maintain a secure database over accesses.

An Access Rights Matrix, and an Access Rights Policy, helps you ensure that only those who do need access to a certain service, have it. Let’s face it: Your SoMe intern probably doesn’t need access to your financial systems. The important thing here is that these data are kept safe and duplicated in several locations. And of course that none of these contain peoples passwords.


#3 Understand the risks involved when adapting a new tool.

A lot of Services today offer “plug-ins”. An easy way to expand what the Service can do and enable it to sync data or talk to other Services. While that for the most part is a one-click, easy setup, it does require further scrutiny before you go ahead. Who created the plug-in? Where are the data stored? What are the options if you want to opt out of it again? And which of your data are shared between the Service, the plug-in and maybe even other third party services. Doing your homework with a proper risk analysis, can save you headaches and money.


#4 Remember to store your Emergency Plan/Major Incident Management Process in several locations.

In general this is true for all your Processes and other vital documentation. Most companies will have a lawyer or accountant. Ask them to keep a copy of your Business Critical Processes. We recommend designing both and Emergency Plan that will cover everything from Physical Security to Press Communication along with a Major Incident Management Process as defined by ITIL.


#5 Always follow the Emergency Plan.

Yes. We mean it. Always follow the plan. We will get back to this in part two of this blog, but it is super important that the plan is followed. 

And speaking of following.. Follow along tomorrow for five more great advice everyone should follow before being hacked.

Also read...

Two interesting thoughts about AI you need to see

Getting an overview of AI, let alone understanding its future, is daunting. As with any emerging technology, think Crypto or (sigh) Metaverse, an abundance of self proclaimed experts seem to appear from nowhere (and looking at their CVs often nowhere is e...
Read More

Here's to the young and daft!

As Sir Ken Robinson said in an all time favourite TED talk of mine: “If kids don’t know better, they’ll have a go.” I find that untethered curiosity one of the most vitalising things. Recalling one boring managers meeting, the topic was whether to promote...
Read More

Laptop Squatting is anti-social. End of discussion.

Southern Europe, Spain in particular, is in uproar over Digital Nomads in cafes, EuroNews reports.In Riga, where we are based, it is also rapidly becoming a thing. Digital Nomads or Exchange Students occupying an entire four person table, with their lapto...
Read More

Here’s to meetings

by Søren Holmberg - OwnerEveryone are dreading meetings, but why?A supposedly leaked email by every techies favourite guru [sic] Elon Musk is now making its way through LinkedIn. I don’t for a second believe it originates from the controversial Tesla and ...
Read More

EU dooms doomscrolling doomed - here is why that is not controversial

There is an ancient (in IT that is more than 10 years) proverb: "America innovates, China copies, India supports and Europe regulates.” With the Digital Service Act and Digital Markets Act, aimed at so called Tech Gigants and imitations hereof, EU is tryi...
Read More

Five more great advice everyone should follow before being hacked.

So here is the follow up from yesterday’s post and the last five advice to you.It is not a question of if your IT will be compromised. It is a question of when. Postponing it and minimising the damage when it happens, is of the essence.A Danish Market Ana...
Read More

GET GOING AND KEEP GOING

Our portfolio of Services to get your Project going and keep your Business running.

Project Management
read more
Process & Documentation
read more
SEO & Communications
read more
Daily IT Operations
read more

Images by drobotdean/wayhomestudio on Freepik