Servers are powerful computers that provide one or more services (such as email, web or file servers) to users on a particular network. Cyber criminals frequently target servers because of the nature of sensitive data they often hold.
What is server security?
Server security focuses on the protection of data and resources held on the servers. It comprises tools and techniques that help prevent intrusions, hacking and other malicious actions.
Server security measures vary and are typically implemented in layers. They cover:
- the base operating system - focusing on security of critical components and services
- hosted applications - controlling the content and services hosted on the server
- network security - protecting against online exploits, viruses and attacks
Insecure servers are significant business risk and can cause many network security issues.
How do I secure a server?
Securing large, complex servers can require specialist skills. However, any business using a server should be aware of the risks and - at the very least - use basic cyber security measures.
Good management practices can help you improve your business' server and network security. If you are not using a secure data centre to host your servers, you should:
- keep them locked
- monitor and restrict access to them
- monitor server reports, such as security logs
- assess their environment for other risks, eg temperature and fire
- maintain stable power supply
As with regular desktop PCs, servers will need:
- a firewall
- regular backup and updates
- reliable security software
- reliable maintenance and support services
Network firewall security
A firewall is a piece of software or hardware that filters all incoming and outgoing traffic to your business. Firewall devices can:
- block malicious email relaying
- prevent malware from being downloaded from untrusted websites
- prevent access to blacklisted websites or unsecured services
Hardware firewall
Hardware firewall is a part of broadband routers. It protects your entire local network from unauthorised external access and is usually effective even with minimal configuration.
Software firewall
Software firewall is an application installed on individual computers and devices. It is often part of the operating system and usually needs greater configuration of settings and applications controls.
Server hardening
Regardless of what server software and operating system you run, their default configuration may not be fully secure. You should take steps to increase server security - this process is known as server hardening.
Some common server hardening methods include:
- using data encryption for communication
- removing unnecessary software from servers
- regularly updating operating systems, and applying security patches
- using security extensions
- enforcing strong password complexity to protect all user accounts
- account locking after repeated login failures
- using brute force and intrusion detection systems
- backing up data and systems regularly
Using cloud as an alternative to servers
With new digital services now available on cloud platforms, many businesses are moving - or have moved - parts of their infrastructure into the cloud. Potential cost savings and improved functionality are what make the cloud so appealing.
With some cloud solutions, for example, Software as a Service (SaaS) or Platform as a Service (PaaS), the cloud provider will typically be expected to configure and maintain servers for you, including patching, security hardening, and implementing security functions like logging and auditing.
If you opt for a more 'do it yourself' solution, such as Infrastructure as a Service (IaaS), you will usually be responsible for server security as you would for an on-premise equivalent.
The National Cyber Security Centre has detailed guidance to help you secure your server
Spam, viruses and other malware can have a damaging effect on your business. It is important to understand how to detect an attack and recover your systems following the incident. It is also important to keep an eye on the latest cyber threat alerts or subscribe to the Early Warning Service from the National Cyber Security Centre (NCSC) to learn of potential cyber attacks on your business network.
How to detect spam
Spam is unsolicited communication that now makes up the majority of email traffic. Your internet service provider should offer you spam filtering as a default feature of your dedicated email service.
Spam filters detect unwanted emails based on suspicious word patterns and other clues, and divert them to a separate folder or mailbox after classifying them as spam. You can buy separate spam filters or programs to reduce the spam you receive and securely manage your inbox. See how to protect your business against phishing.
How to detect a virus or malware
Common signs of virus or malware infection include:
- system slowing down
- unexpected activity on your machine or pop-up messages
- email server becoming overloaded or intermittent
- data files becoming corrupt or going missing
- unexpected changes in the content of your files
If you notice these signs and suspect a problem, use your security software to diagnose the issue. Your software provider may be able to offer you advice. Read more about cyber security breach detection.
Virus or malware recovery
If a virus has infected your system, follow these five basic recovery steps:
1. Tell everyone who needs to know
If the virus is spread through email, tell everyone with an email account on the infected system as quickly as possible. If there is a specific file attachment that contains the malicious virus program, name it.
2. Quarantine infected machines
As soon as possible, disconnect infected computers from any internal or external networks. Do not reconnect until after you remove the virus.
3. Organise a clean-up operation
Use your anti-virus software to scan all computers and files to check if the virus has spread. If you can't remove the virus or malware, you may need to restore your computer files from a recent backup. In extreme cases, it may be more practical to wipe the infected computer, reinstall the operating systems and restore your files from a recent, clean backup. If necessary, contact your software supplier for specific advice.
4. Make sure there are no re-infections
Carry out emergency security measures and inform the users that clean-up is underway. Ensure that additional patches are in place to prevent re-infection.
5. Manage outgoing email traffic during the crisis
Use whatever facilities you have to prevent the transfer of the virus via email. Consider closing down the outgoing mail service.
Read NCSC's detailed guidance on how to recover an infected device Cyber attacks are almost inevitable, so the speed at which you react to an incident is critical. You should plan, develop and test a cyber security incident response plan to help you deal with security incidents quickly and efficiently.
The NCSC provides a free 'Exercise in a Box' online training tool to help you test and practise your response to a cyber attack.
Phishing is widespread in the UK. It is one of the most common types of cyber crime that targets businesses regardless of their size or sector.
What is phishing?
Phishing is a type of cyber attack that most commonly happens through email. In a typical attack, thousands of people receive fake emails from unknown criminals asking them to:
- provide sensitive or confidential information (such as passwords and bank details)
- send money to individuals or organisations
- download something that infects your computer
The email usually contains attachments infected by malware or links to a 'spoof website' where attackers try to trick you into surrendering sensitive data.
Variations of phishing include:
- vishing- when fraud is attempted by phone
- smishing - when fraud is attempted via text messages
Read the National Cyber Security Centre (NCSC) guidance on phishing and how to defend against i.
Targeted phishing attacks
Rather than delivering mass emails to random individuals, some forms of phishing target specific individuals or organisations. One such form is spear phishing.
Spear phishing
As with regular phishing, spear phishing emails appear to come from a trusted or familiar source. The criminals gather personal information about the target and modify their message to make it look legitimate. This method is known as social engineering - it increases the chances of tricking the target into divulging sensitive information or downloading malware from infected attachments and links.
Whale phishing
Whale phishing attacks use the same personalised technique but target high-profile individuals, such as celebrities, politicians or C-level executives. Read the NCSC's blog to find out more about these targeted forms of phishin.
Social media phishing
As well as email, text messages and phone calls, criminals can also use social media websites to commit financial or identity fraud. Social media phishing usually involves:
- fake social media accounts that impersonate known or trusted people
- fake customer support accounts to impersonate brands
- click-bait posts that include malicious links
- fake surveys, promotions or contests to get personal information
See Get Safe Online tips to help you avoid social media phishin.
How to spot phishing websites
Fraudulent websites can be difficult to identify. They may closely resemble, for example:
- your social networks
- your email providers, such as Yahoo or MSN
- your banking provider
- government service, such as HM Revenue & Customs
- IT service providers and vendors such as Microsoft, Google or Apple
- online marketplaces, such as eBay or Amazon
- money transfer websites, such as PayPal
Once you enter information into the fake sites, criminals are able to steal it and use it to commit identity or financial fraud.
Common warning signs that you are on a fake website may include:
- a different URL address to that you have originally clicked on
- an element of urgency in whatever the website is asking you to do
- requests for personal information such as financial account or social security numbers
- spelling errors, unusual navigation or substandard graphics
- suspect ads or pop-ups on the website
- a mix of legitimate links with fake links
- incorrect company name
- an absence of legitimate contact details
Keep in mind that an HTTPS site (where the padlock symbol next to the URL address claims a secure connection) can also be malicious.
How to prevent phishing
The key to avoiding phishing is to treat all emails with caution. For example:
- Be wary of emails that begin with 'Dear Sir/Madam' or another type of generic greeting (eg 'Dear account holder', 'Dear customer', etc). Legitimate companies and individuals will generally call you by your name, eg 'Dear [FIRST NAME]'.
- Look for inconsistencies in the sender's email address and any links to web pages. Make sure that they match legitimate sources, including when you hover your cursor above them.
- Be careful with unsolicited emails carrying attachments or directing you to download documents or files from unknown websites. A good email filter will block many of these types of messages.
- Ignore emails that appear to come from a bank or similar institution, and request sensitive information. If in doubt, contact your bank directly using trusted contact details and do not use the contact details or links provided in the email.
- Ignore emails demanding urgent action or making offers that are too good to be true.
- If in doubt, do not click on any links within an email. Instead, contact the sender through a known source, such as phone or their official website. Do not use contact details supplied within the suspicious email.
You should also train your employees to recognise scam emails and act appropriately. If you need help training your staff, the NCSC has created a free online tool to help you do just that - access the NCSC's Top Tips for Staff too.
If you or your staff receive a potential phishing message, you can report it to the NCSC using their Suspicious Email Reporting Service: report@phishing.gov.uk.
Point-of-sale (PoS) security is a growing concern for many businesses, especially for those in the retail sector. There are two main areas of PoS vulnerabilities:
- hardware - eg when criminals affix a 'skimmer' device to PoS terminal in order to intercept and capture card data
- software - eg when criminals use malware to gain access to PoS networks and steal payment card data as it transmits through the network
If you use point-of-sale networks to conduct business, it is vital that you follow security best practices and make every effort to protect your terminals and software.
How to protect your Point-of-Sale station and network
The best advice on securing your PoS environment is to use multiple layers of protection. For example:
- Use strong passwords - replace the default user name and password after installation and change passwords on a regular basis.
- Update your PoS software - install security upgrades and patches to keep your systems protected against known bugs and vulnerabilities.
- Install firewall and anti-virus software - see common cyber security measures.
- Set up encryption - your POS service provider will usually set up encryption of data transmission by default. If you have any concerns, talk them over with your provider and make sure processes are in place to safeguard your system from abuse.
- Control access - only allow access to customer data to authorised and relevant employees. You should also restrict PoS computers and terminals from accessing the internet; this can prevent exposure to online security threats such as viruses and malware.
- Disable remote access - remote access can expose your PoS system to more vulnerabilities and make it easier for cyber criminals to exploit. Consider disabling remote access to your PoS network as a precaution.
Even with all these measures in place, there is no guarantee that your PoS system won't be attacked. Always watch out for any signs of security breach and train your staff on the proper use of the PoS system. It may also be worth investing in cyber security breach detection and developing and testing your cyber security incident response plan.
Cloud security takes in a range of policies, technologies and security controls that serve to protect data, applications and the infrastructure associated with cloud computing.
Cloud security risks
Two main types of cloud security threats relate to issues faced by:
- cloud providers - who look after the infrastructure and the client's data and applications
- cloud customers - who rely on password protection and authentication measures
Key risks in the cloud include hacking, data theft, server faults and non-compliance. You can address each by deploying the same security solutions you would normally use to protect your in-house IT devices and networks.
Cloud security controls
Many of the common cyber security measures apply in a cloud-based environment as they do in conventional IT systems, including:
- antivirus
- firewalls and perimeter protection
- traffic monitoring and reporting
- spam filtering
- real-time alerts and analytics
The National Cyber Security Centre (NCSC) offers detailed guidance to help you configure, deploy and use cloud services securel.
Your security responsibility if you use cloud services
Providers and customers share the responsibility for maintaining and protecting the security of cloud services and systems. As a buyer, your responsibilities will vary depending on the type of service involved. Your responsibilities will be the largest when using Infrastructure as a Service (IaaS.
Cloud security and data protection - things to consider
If you are processing and storing sensitive business or personal data in the cloud, you will want to check that your provider takes security seriously. Things to consider include:
Cloud provider vulnerabilities
Are they following best security practices, patching up regularly, implementing proper security controls? Can they guarantee that your assets will be protected against physical tampering, loss, damage or seizure?
Technology vulnerabilities
Are there weaknesses in the host system or server configuration? Can you get assurances that the technology is secure? Will it be reliably accessible and available when you need it?
Access policies
Did you agree standards and responsibilities between yourself and the provider? Defining roles and responsibilities can help ensure secure coverage and prevent potential liabilities in case of cyber incidents.
Access controls
Will the provider limit access to the cloud service to only those who need it? How will they minimise the risk of accidental or malicious compromises of your data by their personnel?
Service level agreements
Can you establish a documented standard with your cloud provider, including their duties in relation to ongoing management, response times and support?
Risk assessment and analysis
Does your provider have an adequate incident plan in place to quickly deal with and mitigate any potential damage?
Legal and regulatory implications
If you're storing or processing personal data in the cloud, you will have to comply with the UK General Data Protection Regulation (UK GDPR). For more information, you can read the NCSC's report on cloud computing and data storag.
If you're using software that interacts with cloud services, you may also want to read about managing the risk of cloud-enabled products
Data breach involves unauthorised access or disclosure of sensitive, confidential or otherwise protected data. This may be personal information (for example regarding health or financial accounts), trade secrets or intellectual property.
Data theft relates to stealing digital information - from an individual or an organisation with the intention to compromise privacy or obtain confidential information.
Impact of data breach or theft
The exact impact of data breaches or theft may vary depending on the organisation. However, common consequences you will need to consider are:
- financial loss
- reputation damage
- operational disruption
- monetary penalties (if you fail to comply with data protection laws)
Risks to your data can come from:
- unauthorised access to your IT systems and networks
- theft of property or equipment from your premises
- transporting data externally via unsecure devices
- failure to follow data protection processes and principles, with or without intent
How to prevent data breach
To protect your business data, you should think about:
- where and how you store it
- how you secure it (physically and electronically)
- who has access to it
- how is that access facilitated (eg individual devices)
Back up your data
You should back up your important data regularly and store it securely off-site. For added protection, you can use data loss prevention software to:
- disable USB ports
- monitor copying of files to storage media
- prevent users from transferring the data altogether
Read the National Cyber Security's (NCSC) detailed guidance on the importance of backing up your dat.
Create an asset register
As part of your security measures, you should create an asset register taking into account all hardware and software, including your server equipment. Determine which assets are at risk from cyber attack and record all the relevant details. Audit the register regularly to ensure that equipment is accounted for, and that the information is safe and secure.
Dealing with a data breach
If you believe that data has been stolen, or you have been exposed to scam or fraud, you will have to take action to:
- prevent the data breach from continuing
- discover the extent of the damage
- clean up the results
Your incident response will depend on the circumstances. You may need to take specific advice from the police or legal advisors, but generally speaking, you should:
- report the incident to the relevant authority
- inform your bank
- check bank accounts for unexplained transactions
- check your business for any unexpected changes in its credit condition
- consider hiring an IT security specialist to investigate the breach
- consider hiring a specialist to rebuild or replace parts of your IT infrastructure, if necessary
Find out how to develop a cyber security incident response plan.
The NCSC provides detailed resources to help you effectively detect, respond to and resolve cyber incidents. You should consult the following:
- incident management guidan'Exercise in a Box' online cyber exercising too
- small business guide to response and reco... Reporting a data breach
As part of managing the incident, you may need to let people or organisations know about the security breach. You may need to notify:
- the regulators, if the breach is significant or if you've failed to comply with data protection legislation
- individuals or groups whose personal data has been compromised
- relevant industry bodies, eg in the financial or telecommunications sector
Different agencies have different remits in terms of investigating and assisting with cases of online fraud, data breaches and cyber crime. Find out how to report a cyber crime.
Under the UK General Data Protection Regulation (UK GDPR), you must report a serious personal data breach to the Information Commissioner's Office if the breach is likely to
Remote access is a growing need for many businesses. It allows mobile workers or remote staff to access office systems and processes via the internet from remote locations. Despite its many benefits, remote access can expose your business to risks.
You will have to manage these risks to keep your remote access secure at all times. Otherwise, your network may become vulnerable and your business data exposed.
Remote access threats
Remote working relies on the exchange of business data or services outside of the corporate infrastructure, typically over the internet. It can be achieved through a variety of client devices, including many that are outside the organisation's control.
The remote environment in which these devices are used may also pose risks. For example, security concerns may exist around:
- lack of physical security controls - creating a risk of device loss or theft
- eavesdropping - as the information travels over the public internet
- unauthorised access to systems or data - perhaps overlooking the screen
- monitoring and manipulation of data - if someone gains access to the device
You can adapt most of the common cyber security measures to meet the unique challenges of remote access security.
Remote access risk assessment
You should assess the specific risks associated with mobile working and providing remote access to staff. The assessment will inform your mobile working policy, establishing processes for:
- authorising users to work remotely
- device provisioning and support
- the type of information or services that can be accessed or stored on devices
- the minimum procedural security controls
Examine the risks to your corporate network and systems and determine whether you need to increase monitoring on remote connections. If you do so, remember to review and update your workplace monitoring policies.
Remote access security measures
Some specific recommended actions for securing your remote access include:
- encrypting data to prevent theft
- using strong firewall and security software
- using two-tier authentication (eg first with a password and then with a token)
- restricting access to unauthorised users
- allowing access to legitimate users but limiting to the minimum services and functions required
- reviewing server logs to monitor remote access and any unusual activity
- deleting remote access privileges once they are not needed
- testing system regularly for vulnerabilities
- keeping firewall and remote access software patched and up-to-date
You may also choose to restrict the type of data that users can access remotely and use the virtual private network (VPN) software for high level of encryption.
If you're introducing remote access to your business for the first time or scaling it up, you should read the National Cyber Security Centre's (NCSC) guidance on moving your business from the physical to the digital and home working: preparing your organisation and staff
If your staff is working on personal devices rather than work issued IT, read about secure home working on personal IT
Employees are a common source of cyber security breaches. In fact, most cases of insider incidents involve some type of misuse of corporate IT systems by a staff member. This misuse may be malicious, however more commonly it happens inadvertently through an employee's carelessness or negligence.
Regardless of the cause, insider threats can seriously compromise your operations and have a significant financial and reputational impact on your business.
Types of insider threats
Most types of insider threats fall under one of three categories: the malicious insider, the negligent/unknowledgeable employee, and the third party contractor.
Typical events that happen in the workplace, and which could pose a significant risk to your business, include things like:
- browsing unauthorised websites
- visiting social networking sites
- sharing confidential information in a social network environment
- opening spam or suspicious links and email attachments
- accidentally sending sensitive information to the wrong people
- accidentally transferring viruses or malware
- choosing weak passwords and never changing them
- using the same password on multiple accounts
- installing unauthorised programmes on the employee's machines
- uploading files to an online file-sharing service, personal cloud or storage network
- downloading unauthorised files (eg music, films or photographs)
- misplacing or losing property (eg laptops, mobile phones, USB devices)
- providing information to a third-party, eg suppliers or vendors
- transporting company information via unsecured portable devices
- sending sensitive work documents to their personal email addresses
- using unsecured mobile devices to share work data or access company information
- accessing your business' virtual private network via public computers and public wireless hotspots
Cyber security breach detection systems can uncover risky user activity in real-time and alert relevant teams to investigate. However, education and staff training can often be the key to an effective and preventative cyber security strategy.
Cyber security measures in the workplace
Many unintentional mistakes employees make are entirely avoidable. To help keep your workplace safe, you should:
- screen new employees, contractors or anyone else who will have access to your business information - check references, qualifications, identity, etc
- implement a strict, written set of security guidelines
- set good password practices in place
- restrict access to unauthorised websites and devices
- restrict permissions to install software or access system data
- review current practices on email and internet use, remote working and bring your own device standards
- ensure staff receive IT security training and know how to use IT systems properly
- clearly outline the IT risk management policies and practices you expect your staff to follow
- increase general cyber and corporate security awareness through the workplace
- insist on confidentiality or non-disclosure agreements for people who are given access to sensitive information
- build in security controls compliance into employment contracts, including the disciplinary consequences of breaching them
It's important that you explain to your employees their roles and responsibilities in keeping data and company resources safe. Use our sample IT policies, disclaimers and noties to help you set out IT policies for your business.
Lastly, keep in mind that even if you follow all the best practices, you may still encounter security issues from time to time. Review your cyber security risk management processes and develop an incident response plan, to enable you to quickly and efficiently deal with cyber incidents.
The latest UK Cyber Security Breaches Survey showed that in the last 12 months, 39 per cent of UK businesses identified a cyber attack. Within this group, 31 per cent of businesses estimate they were attacked at least once a week and 1 in 5 say they experienced a negative outcome as a result of an attack.
Clearly, no business is immune to cyber risk irrespective of its size and industry. But all businesses can alleviate some of the risks by taking simple steps to protect themselves and their organisation online.
The National Cyber Security Centre (NCSC) has outlined top tips for staying safe online:
- Make regular backups of your key systems and data. Keep copies securely off-site and check that they work.
- Apply any new security patches for your operating system, web browser and all other software on your devices to keep them secure. In many cases, you can set the software to auto-update itself or download the software patches manually.
- Install and regularly update anti-virus and anti-malware software on all your devices.
- Use strong passwords and change them regularly. Also, consider using two-factor authentication for added security.
- Use different passwords for different websites/services or consider using a reputable password management tool.
- Encrypt any sensitive data and do not send passwords or other sensitive data via email unencrypted.
- To protect against phishing or ransomware be cautious of clicking on links sent to you within emails, social media websites/apps or unfamiliar websites.
- Use a firewall and check that your internet router/firewall has the latest firmware installed.
- If you operate a Wi-Fi network make sure it is encrypted (eg WPA2) and regularly change the Wi-Fi password.
- Use a VPN (a virtual private network) if you are accessing your systems over public Wi-Fi or an insecure network.
Other common cyber security measures and best practices for cyber security in business will help you further increase the resilience of your business.
Actions to take in times of increased cyber threat
In response to recent malicious cyber incidents in and around Ukraine, the NCSC has updated its guidance on actions to take when the cyber threat is heightene.
The guidance urges organisations to go beyond the basic steps to reduce the risk of experiencing an attack. Businesses should not delay:
- patching their systems
- improving access controls and enabling multi-factor authentication
- implementing an effective incident response plan
- checking that backup and restore mechanisms are working
- ensuring that online defences are working as expected
Businesses are also advised to keep up to date with the latest threat information. Register for the NCSC's Early Warning servic to learn about malicious activity potentially affecting your network. If you do experience a cyber attack, you should report the inciden to the NCSC's 24/7 Incident Management team.
0 Comments
Refer to a specific part of their comment that you appreciate. Relate to them if you can.