Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
    • Insights

    50 million reasons to secure your smart device

    Secure your smart device
    How to keep your smart device secure this Christmas

    Some 50 million of us are either buying Internet of Things (IoT) devices for our loved ones this Christmas, or are due to receive them on the day.
    This is according to estimates from the Online Trust Alliance (OTA), a charitable organisation with the mission to enhance online trust and empower users, while promoting innovation and the vitality of the internet.

    The OTA’s IoT Working Group, made up of some of the world’s most recognisable brands, has taken this revelation to timely remind buyers and receivers of these devices about the cyber security threats they possess.

    In the words of Craig Spiezle, executive director and president, OTA, “That’s 50 million opportunities for data and home network compromises as well as privacy abuses.”

    The organisation has released a Smart Device and Set-Up Checklist to help protect the security and privacy of consumers who buy or are given smart devices.

    Failure to follow these guidelines may lead to users putting theirs or their loved ones’ personal data at risk.
    The team at Ward Solutions has studied the list and identified some of the top line recommendations to stay cyber safe this Christmas:

    1. Confirm your ability to get a refund for the device if the security is not adequate
    2. Review the device’s warranty and ensure security and software patches are provided
    3. Register it with the manufacturer to ensure you receive security updates
    4. Use a unique user name and password and change it frequently
    5. Be mindful when browsing and downloading apps – use the manufacturer’s official site where possible
    6. Disable or protect remote access when not needed to reduce the risk of hacking
    7. Use a router-based firewall and turn on any built-in firewall settings
    8. If selling the device, reset it to factory settings and clear any saved data. If buying a second hand device, do the same if the previous user has not
    9. Disable any camera and microphone when not using them
    10. Create user profiles with unique settings for children using the device

    The full list can be seen here.

    IoT is about to take over, with anywhere from 25 – 40 billion connected devices predicted to be in play by 2020, according to industry experts.
    Users, i.e. the majority of human beings on the planet, should take this time to heed this advice and embrace the newly connected world with security and privacy front of mind.

    For further advice and support in this area, contact Ward Solutions today.

    Insights

    How to protect your business from cybercrime

    By adopting a holistic security approach, Ward Solutions can help ensure your firm is not grabbing the headlines for the wrong reasons

    Protecting your business from cybercrime
    Paul Hogan, CTO and Pat Larkin, CEO, Ward Solutions

    The news agenda is regularly dominated by cyber security, usually for all the wrong reasons. Major data breaches, email phishing scandals and downtime of important services regularly grab the headlines.

    The organisations at the centre of these scandals, which have included household names like Sony, JP Morgan and TalkTalk, suffer enormously in terms of financial loss and reputational damage, not to mention the distraction from the organisation’s core business activity.

    TalkTalk’s widely publicised breach last month, which saw around 157,000 customer accounts hacked, is reportedly costing the company approximately €50 million.

    The attraction for cybercriminals is clear. In the well-developed cyber black market ecosystem, financial information like bank account details can be sold for €150 – €200 per account. Credit card details usually go for between €10 and €25.

    In the case of some of the bigger data breaches, such as US retail giant Target in 2013, upwards of 40 million credit card details were reported stolen. The profit potential for the ‘bad guys’ is glaring.

    It’s important to realise that the breaches and scams we read about make up only a sample of the cybercriminal activity taking place on a daily basis. Numerous fraud issues and smaller breaches take place every day that might be classified or don’t make the news agenda.

    Recognising the information security lifecycle

    "Being honest and transparent and committing to making it right helps to rebuild customer trust and repair reputational damage" - Pat Larkin
    “Being honest and transparent and committing to making it right helps to rebuild customer trust and repair reputational damage” – Pat Larkin

    Ward Solutions is Ireland and Northern Ireland’s largest information security provider. Our experience has taught us that organisations which adopt a holistic security programme approach are best protected.

    Information security is a continuous journey, not a destination that can be arrived at. We encourage organisations across Ireland to realise this and move away from a primary preventative-based approach, which usually centres on IT controls only.

    We work with businesses to fully secure their assets and incorporate an information security lifecycle, which focuses on people, processes and technology, with the primary goal of minimising risk to the business.

    In our experience, adopting a ‘human firewall’ approach is very effective and can actually yield the best ROI for information security spend.

    This involves investing in an organisation’s team so that they are fully aware of – and continuously trained on – the most likely risks. This will help them know the best ways to avoid cyber threats and mitigate damage when they occur.

    We lead by example in this regard by investing €400,000 annually on continuous training and development. All of Ward’s team members spend at least five per cent of their time engaged in research and development, understanding evolving threats and developing new responses.

    Understanding the risks

    The first step in developing an information lifecycle and protecting a business is to identify its critical information assets, the risks to those assets and the potential impact of those risks on the business.

    We then put in place the necessary prioritised controls and processes to minimise the risks and mitigate the potential damage – the preventative strategy.

    Prevention is not enough, however. Business and IT leaders need to accept that the occurrence of security incidents and events are inevitable, whether it’s fraud, data and service loss or breach.

    A recent report from threat intelligence agency Recorded Future shows that almost half of FTSE500 companies had credentials exposed on well-known ‘paste sites’ used by hackers.

    Our own independent research this year highlights that 48% of Irish organisations have experienced personalised spear phishing attacks, which is just one type of threat.

    In many cases, organisations don’t even realise cybercrime has taken place for months, sometimes even years after it has happened. Ongoing security monitoring and detection is so important as it helps discover the breach faster and reduce exposure time and damage.

    Planning and learning from mistakes
    Learn from your mistakes - protect your business from cybercrime
    Worryingly, many organisations don’t have a sufficient plan in place for when inevitable incidents happen.

    Most have a plan, usually to address compliance requirements, but therein lies the problem. As it is just to satisfy a legal requirement, plans are rarely kept up-to-date and even more rarely communicated, understood or performed in the case of an incident.

    An inadequate response to an in-motion security event can significantly aggravate the damage arising from an incident.

    Worse still, even when the maximum impact of the damage has been felt, many organisations don’t conduct a full investigation and develop measures to ensure it won’t happen again, and that they learn from the incident.

    Organisations that have fallen victim to cybercrime need to undertake appropriate analysis of the cause, or causes, behind it and foster a culture of honesty, transparency and continuous improvement.

    A culture of blame is not the answer. This can lead to quick fixes, hiding the full impact of what happened and missing important elements of the root cause.

    Being honest and transparent and committing to making it right helps to rebuild customer trust and repair reputational damage.

    Embodying this culture leads to people within the organisation being more likely to flag risks or weaknesses before they become incidents, or flag incidents before they become full-blown catastrophes.

    Adopting an information security lifestyle approach

    Developing and implementing this approach requires the skills and services of a highly competent and experienced information security partner like Ward Solutions.

    We can move organisations from a reactive posture, where too little – or too much – money is being spent in the wrong area, to a holistic approach that aligns security spend with risk and likely threats to the business.

    We recently invested in a new Security Operations Centre (SOC) in Dublin, which includes best-in-class threat monitoring, risk assessment and incident response technologies, helping us to define and deploy the right solutions to embed this approach in our customers’ businesses.

    The reasons for adoption are clear – it leads to reduced risks and costs to the organisation in the event of a security incident; reduced reputational damage; revenue assurance; reduced insurance costs; improved credit worthiness; and competitive advantage.

    For further information on how Ward Solutions can help you protect your business, visit www.ward.ie or call 01 642 0100.
    This article originally appeared in the Sunday Business Post, Connected Magazine