It seems like a week doesn’t go by without a new security breach being reported in the press. We’re not talking about small breaches either. Just a few weeks ago, a ransomware called WannaCry devastated businesses of all sizes across the globe.
Hackers are now part of complex organisations that are often politically motivated, if not supported. In this kind of environment, the fight against these threats can feel futile for the individual; after all, what can a person on a household budget, or a small business struggling to get ahead do to protect their computers and data when multinational organisations can’t? The good news is that there are some best practice solutions available that can greatly minimise the risks to your IT environment, both around finding the right security solution for your environment, and managing it well:
1) Go comprehensive, rather than specific
In the past, people would buy separate antivirus, firewall, intrusion detection, anti-adware solutions, and so on, because they thought they needed them. That method is no longer efficient, or even worth considering today because the nature of threats mean that they come in many forms, and the best way to be safe is to rely on one comprehensive effective solution. A good endpoint protection product, such as ESET, will cover enough bases to provide a general protection against everything. From there, you may need two-factor authentication or device encryption for particularly sensitive data, but the base security platform should cover all the security measures that would be mandatory across all industries and for all individuals.
2) Get something that isn’t too much of a drain on your computer and network
Like all software, security software requires part of the computer’s ‘energy’ to run. If the load on the computer processor is too heavy, many people will be tempted to shut down the software while they try and do other things, which in turn leaves the computer vulnerable. One of the things that ESET’s customers report as being a key benefit to the software is that it is light in terms of disk space, memory, and network bandwidth usage.
3) You want software from a company that’s on top of the game
When it comes to malicious software and hacks on the Internet, time is the enemy. Once a new attack is unleashed on the Internet, every minute spent before your security software is updated is another minute of extreme risk. A good security solution is backed by a good team of proactive security researchers and engineers, who are good at instantly spotting threats and finding solutions to them.
4) Be realistic about who you are
If you are a person with normal online usage, then a general security solution will be more than sufficient. But if you are a director of a company, or if your company is a large one, then it is more likely that you will be targeted by hackers looking to exploit your business for money. If you’re involved in the political or public arena in some form, it is likely that you will draw the ire of politically minded hacktivists. Understanding who you are can influence your security purchasing decisions; it might be that you need a more tailored, all round protection solution if you know that you are more likely to be targeted.
5) Test a solution, a couple of times, before making the investment
Every security solution will promise the world, of course. With such a myriad of choices, picking one that will perform to expectations can be challenging. Luckily there are solutions that can help here. AV-Test, AV-Comparatives, SE Labs and Digital Citizen will all give you an idea of the performance of a security solution before you make the investment. However, no one test will be perfect, so test across all three where possible, and then compare notes to see which solution is right for you overall.
6) Know which buzzwords to avoid
Everyone expects some marketing nonsense on the back of the box when shopping for security products, but there are a couple that you should take with a large pinch of salt. A word like “next-generation” or “revolutionary” is a big red flag, because these products are often left untested at labs. The vendor claims that this is because traditional testing methods are unable to accurately reflect what the security product does, but being untested is very much a case of buyer beware. You often see these claims made against products that also claim to be driven by ‘big data,’ ‘machine learning,’ and ‘artificial intelligence.’ They sound good, and that’s the point from the marketing point of view, but whether they’re able to actually deliver on the promise to stop malicious attacks is going to be highly questionable.
7) Keep your software up to date
WannaCry was such an effective piece of ransomware despite only being able to attack computers and networks that had a version of Windows not patched for months. The best security solutions out there can only do so much if you’re not going to keep your software and network up to date. At a business level, a patch from a company like Microsoft needs testing before it can be rolled out to the entire organisation. This is to make sure that the patch doesn’t interfere with the custom applications being run by the business, despite this, IT teams should be proactive in making sure that patches aren’t ignored for months.
8) Do backups… somehow
Some security solutions offer backups for your computer data, and many of them will do this automatically and periodically. This is fine, though a hidden catch is often the amount of storage available for backups is insufficient, and expensive to get more. You can also create your own backups (and it won’t hurt to have multiple backups anyway). Just be disciplined in making sure you regularly do the backups so that if something should happen, the minimum amount of data is lost.
9) Understand that price is not the be-all
There’s a perception that the more expensive a security solution is, the better it must be, and therefore the best option for people who really care about their data is to buy the most expensive option that falls within the budget. The reality is, as ESET demonstrates with their product line, good security can be affordable.
10) Ask how easy is it to use?
Ideally, security solutions should be plug-and-play. The more active management that they require, the more drain on resources they’ll be, and IT teams are often already under-resourced. This is especially true of small businesses and individuals, who are really relying on the ability to simply hit the “install” button and be set up with that base level of security. The ESET team works hard on the user experience to provide just this, knowing full well that no one has hours or days to waste trying to configure security hardware.
A bit of research before purchasing a security solution can result in massive savings down the track, not least because the costs of experiencing the loss of data after a hack can be ruinous. Security is one of the most important purchases for any individual or business to make, so checking each option against the ten point checklist above is something that will benefit you greatly over the longer term.