Free Mini Assessment

ICTAA Free Mini Health Check

We have extracted a number of our accreditation questions below to help you determine if your IT ecosystem is currently putting your business at risk of a data breach, cyber threat or unnessesary downtime.

IT SECURITY

These questions related to your IT security and will help to determine if you have any weak spots on your defences.
1.6.2 Do your passwords contain numbers and letters?
How long would it take to Brute-force a password with today’s technology?

High-end PC: 2 billion keys p/sec
5-character password = 0.03 seconds
8-character password = 11 hours
12-character password = 751 years

Amazon AWS (10 servers): 4.3 million keys p/sec
5-character password = Instant
8-character password = 5.4 hours
12-character password = 349 years

GPU (1 GPU): 7.7 billion keys p/sec
5-character password = Instant
8-character password = 3 hours
12-character password = 195 years

Distributed PC Network (ie, RC5 project)
1200 PCs: 998 billion keys p/sec
5-character password = Instant
8-character password = 20 minutes
12-character password = 1.5 years

Add the brand of your anti-virus program: Read More @ https://ictaa.com.au/tips-for-choosing-anti-virus-and-internet-security

1.6.3 Do you have anti-virus on your computers?
We have all heard of computer viruses causing problems with technology. Like any infection, taking precautions is essential to keeping your system clean. An Anti-Virus program searches files on your system, on USB drives and files from the internet and will quarantine any that contain an infection. Most new computers come with a trial for a commercial Anti-Virus package. It is highly advisable that you consult with your ICT Service Provider for their recommended package. There are also many free Anti-Virus products that are quite capable of protecting you from most threats.

Read More @ https://ictaa.com.au/tips-for-choosing-anti-virus-and-internet-security

1.6.4 Does your anti-virus update and scan automatically?
New viruses are developed daily, having an antivirus that updates automatically is a must. These updates are typically downloaded from the internet behind the scenes but you should check this is occurring regularly, it could be useless if not configured correctly or is outdated. You should also check that background or “real-time” scanning is enabled to check files as they are accessed.

Not all anti-virus products are the same In today’s world anti-virus is pretty much mandatory, our computers are almost always connected to the internet and this increases the risk of receiving a virus. Anti-virus software isn’t perfect and threats do slip past them undetected if your running outdated AV there is the possibility that your AV isn’t aware of new virus strains and you could be infected. When evaluating AV products for your business, we would strongly recommend avoiding retail or “unmanaged” AV products, however we do recommend a Managed AV product – Managed AV can be supplied by your IT company and the main difference being its managed by your IT company, they will ensure you always have the latest updates and will monitor all your computers and devices for outbreaks, they will also be able to perform any cleanup activities needed.

Read More @ https://ictaa.com.au/tips-for-choosing-anti-virus-and-internet-security

1.6.5 Do you have an anti-malware product?
There are many categories of Internet-borne threats besides a virus, such as advertising programs, spyware or data collection/mining threats; collectively known as malware. Some basic or free Anti-Virus products may not protect you from all of these threats. Talk to your ICT Service Provider about installing an Anti-Malware product, this could be bundled with an Internet Security product.

Internet Security beats standalone Malware and AV products Many people don’t know the exact difference between an Anti-virus and Internet Security software. Internet Security is the big brother of AV, its more powerful and is packaged with Antivirus features built-in, plus other additional features and tools to protect/guard your system against online attacks. These may include but not limited to: Anti-spam, Anti-malware, Anti-phishing, Firewall, Parental controls, Real-time Email scanning, Wireless Network security & more Here are some points which can clear the confusion between an Anti-virus and Internet Security product, which may help you in choosing the best product for your business: 1. Anti-virus is a standalone program (some companies also includes Anti-malware and some other basic security features) – whereas Internet Security is a collection of many features including Anti-virus, firewall, Anti-malware, Anti-spyware, Anti-Spam, etc. 2. Anti-virus doesn’t normally include a firewall – whereas Internet Security does. 3. Anti-virus can be useful for basic protection – whereas Internet Security is effective for full protection. 4. Anti-virus is cheaper or free – whereas Internet Security cost more. 5. Anti-virus can be useful for basic protection for home users while internet security is useful for Business users and serious home users to protect data. 6. Anti-virus is usually Un-Managed – whereas Internet Protection can be Managed, meaning your IT company/team is monitoring your software and keeping it updated.

Read More @ https://ictaa.com.au/tips-for-choosing-anti-virus-and-internet-security

1.6.6 If you have a wireless LAN, is the connection secured and the access key documented in a central service register?
A wireless network in a small office brings greater convenience for portable devices like laptops, tablets and smartphones. At the same time, it can threaten your security if not implemented correctly. You should ensure your wireless network is only accessible via a strong encryption key (password) and is using secure encryption methods. WEP and WPA1, are early protocols that are no longer considered secure. Don’t forget to document your wireless network in a central asset register.

WIFI in Todays Business Over the years, we have seen WiFi overtake wired networks as the preferred and simplest way to connect devices: Enterprises are using WiFi to connect staff and devices to corporate networks. Retailers using it for POS and tracking of stock movements in warehouses. Public “Free WiFi” solutions allow the public to browse the Internet while out and about. Hospitals and care facilities use WiFi for mission-critical patient care and telecommunications requirements. Schools are using WiFi to administer exams and deliver learning material. With this increased use of WIFI and its now mission critical nature, will WIFI security improve?

Read More @ https://ictaa.com.au/major-wifi-security-upgrade-are-you-ready

Read More @ https://ictaa.com.au/tips-for-securing-wifi-networks

DATA MANAGEMENT AND BACKUPS

These questions relate to your Data Managment and Data Backup techniques used to protect your data and providing a roll-back point when a disaster strikes your business.
1.1.1 Do you have a backup copy of your data that is no more than 30 days old?
While it is always important to have a backup, you must recognise that the more recent the backup is, the better it will be for your business. A backup copy of your data that is less than 30 days old is the minimum for any recovery plan. Backups could be placed on a USB drive, in another folder on your system, online, at home or at another site.

Confirming Your Backup Retention Requirements Old data is a waste of space, this is why it’s important to understand how long you need to retain data from both a technical standpoint and a legal standpoint. Legally your business will need to keep financial records for the ATO for 5 years, you can use their tool to understand what other financial data needs to be keep: https://www.ato.gov.au/Calculators-and-tools/Record-keeping-evaluation/ Be sure to research your industry authorities and ensure you understand your obligations, you can also contact ICTAA and for further information.

Read More @ https://ictaa.com.au/how-to-choose-a-backup-system

Add your current data retention period.
1.1.2 If you have more than 1 person or system accessing your data, is it in a shared location?
When multiple people are working on the same documents there is bound to be some version conflicts. This is a special concern if documents are shared on a USB drive or via email orf If you have 2 or more systems that both need to get access the same file, can both see and use file concurrently without causing version conflicts? This is only applicable if there is more than one person in your company sharing access or you have external users accessing your data.

Sharing Data To allow staff to access files on the go you need a robust way to share files and control who has access, there are many products and systems available, some are cloud-based and others can be a box that sits onsite at your office, or you can have a hybrid that is a mixture of both. Keeping in mind that any Offsite storage such as cloud, will require your office and staff to have a decent internet connection to keep your files synchronised, but it’s not a show-stopper these days and tweaks can be made to reduce the loads on internet connections. Another careful consideration should be access controls, you don’t want to share everything with staff and if someone leaves the company, you definitely don’t want them to retain a copy of your company data on personal devices. There are various ways to control this ranging from the platform you choose which could be an Intranet or an App that has granular permissions to control access. Mobile-Device-Management MDM is another way to control the devices (smart-devices and laptops), business data can be segregated from personal data which allows for remote removal of data. You should also have internal policies within your business to help staff to understand their responsibilities and provide guidance how data is used and managed within your business, this policy can be referred to as a Data Access or Data Usage Policy, also if staff are accessing company data with their smart-devices, a Smart-Device Policy should also be in place to help staff understand that access to company resources may involve the company applying rules that can remote-wipe their devices. If you need either of these policies we have free templates within the portal, you can browse them from here

1.1.3 Is your backup process scheduled on a regular basis?
When you take a backup copy of your business data, it is important to ensure that it is occurring on a regular basis. This could be run manually or automatically, daily, weekly, or monthly – it just needs to be performed regularly.

From a technical standpoint, how much data do you need to keep? This depends on your legal and business requirements, the IT industry has adopted the “Grandfather-Father-Son” backup scheme, this method works by rotating the backup media (the hardware used to store backups) and consists of a full monthly backup (called Grandfather), a full weekly backup (called Father) and an incremental daily backup (called Son). You can then remove one of the grandfather backups from circulation each year (say December) and this will allow you to restore your data from that year. Putting in-place a regular rotation of backups will give you the greatest opportunity to recover data when a disaster strike.

2.1.2 Do you have a backup copy of your data either on an external device that you remove from site on a regular basis, or online?
When your backups are completed, are they taken offsite? You could take them offsite via a USB drive, or a secure pickup and delivery service (referred to as an Offsite Vault), or they can go straight to an online/cloud backup provider. The two main requirements are that a copy is taken to a secondary geographical location and it is done on a regular basis, keeping in mind if you take a backup offsite once a week and your business suffers a disaster, losing all your data onsite, your offsite backup data might be 1 week old, would this impact your business? After this step you will now have 2 copies of your backup data for safe keepings, Primary backups live onsite and Secondary backups live offsite.

Backup Hierarchy The concept of backup storage itself is defined by a hierarchy of four levels: Primary backup, Secondary backup, Tertiary backup and Offline backup. For example: Create a backup and this is called the Primary backup and it should be kept physically separated from the source server/data being backed up, this could be the other end of the office or in another secure location. Make an additional copy of this backup and take it home each night, and this is called Secondary backup. If you have a cloud backup product that creates backups of files and sends them to the cloud, this is called Tertiary backup. And for extra protection, you could use an Offsite backup service where someone physically collects your backups and stores them at an Offline storage vault. If your business can’t tolerate any type of interruption, a DR replica could be used, this is an exact copy of your server and its data that is updated in real-time, if you suffer a disaster simply ask staff to log-in to your DR replica servers, this can also be automated.

Now you may be wondering why you might need so many copies of the same backup or data? It’s simply to spread your risk, lets consider the above points, if a ransomware attack occurred it may well infect your Primary backups, this means your Secondary backups are your only possibility of recovery – but what if your Secondary backups were online or cloud-based or the backup media was connected to the server during the infection? – what if you didn’t remove the infection completely and it infected your secondary backup when you access it – what if the ransomware infection was on a delay and was backed up onto your secondary copy – or what if your employee drops the secondary backup or has an accident during transport. Any of these could render your secondary backup unusable, leaving your business in a dangerous situation.

Read More @ https://ictaa.com.au/how-to-choose-a-backup-system

2.1.3 Does your backup system keep multiple versions of files?
Within your backup system, can you restore different versions of a file? This could be by revision number, by date (ie the version as of 2 weeks ago) or a traditional Monday-Friday backup. Did you know that Microsoft Windows has “Shadow Copy” which allows users to restore files themselves?

Backup versioning Backup versioning is the practice of keeping several versions worth of your backed up files. So if you make a change to a file, you keep the old version and the new version. This can lead to having dozens or hundreds of versions of any single file. That can make things a bit difficult to manage if you don’t have a system in place, but the result is well worth it. Backup versioning has several strengths: If you unknowingly backed up an infected file, you can go back to an earlier version The ability to restore an older version if you backed up an accidental change The ability to see a file’s history (and size growth)

Read More @ https://ictaa.com.au/how-to-choose-a-backup-system

2.1.4 Do you perform regular tests of your backup system?
Having a backup process is only half of the picture; when was the last time you tested recovering files from a backup? Perhaps there has been an error in the backup process which no one is aware of or your backups haven’t been working for some time. The only sure way is to periodically restore some files to make sure that the backups are working correctly.

How often should you test backups? In an ideal world, a test should be scheduled after every backup to validate that the data has been successfully secured. This is not always practical, so there is a trade-off to be made between the impact and effort of recovery and having a degree of confidence in the restore. As a minimum, there are four options:

1. As part of a regular cycle (for example, monthly). Schedule a restore test for each application on a regular interval.

2. When an application changes significantly (patches, upgrades, for instance). Schedule a (more comprehensive) restore test when significant changes have been made to an application, such as upgrading to a new software release or when installing a major patch package or operating system change.

3. When application data changes significantly. If an application has a regular import of data from an external source, for example, performing a test restore can help validate timings for data recovery.

4. When a new application is built. This means testing the restore of a new VM or server when first created. This may seem excessive, but it makes sense to ensure that the server/VM has been added to the backup schedule.

The ability to test recovery can be significantly improved by the use of automation. At the most basic level, this can mean scripting the restore of individual files. But more complex testing can be done with the use of software tools, many of which are integrated into backup software products.

Read More @ https://ictaa.com.au/what-is-rmm

INTERNET AND CONNECTIVITY

3.4.1. Can your business still function if your main internet is down?
What would you do if your main internet connection was unusable, this may occur if the phone line cabling is damaged or your carrier has a fault on your service. Did you know you can simply implement and Mobile 4G Service as a backup internet connection, this will automatically switch to 4G if your main internet connection goes down, mobile data or 3G/4G typically refers to a data service over a mobile phone or mobile broadband service. Modern smartphones have this ability as well; as do iPads and Tablets. Essentially if you use the Internet on a device with a SIM card inside it then you are using a Mobile Data (not to be confused with WIFI which is a different technology).

Mobile 4G Internet is powerful

- 4G is 5 – 10 times faster than 3G networks were.

- It will take you 15 minutes to download a normal definition film over an LTE network

- A song from iTunes ( typically around 4 MB ) will take you only 10 – 15 seconds!

- Watching a video on YouTube should load quickly and without ‘buffering’.