fbpx

Security & Protection

Security is the final layer, the roof that protects all the levels below.

A clear and comprehensive security plan is vital in today’s business world. You need to ensure your business is protected from a wide range of threats, from generic phishing emails to specific, targeted attacks.

Endpoint Protection

Also known as anti-virus and anti-malware, Endpoint Protection is the last line of defence for each of your computers and servers.

If you’re not familiar with commercial-grade endpoint protection you may be used to expensive bloatware-style programs that spam you with notifications at the worst possible times and constantly try to upsell you onto more expensive services.

We use Bitdefender which is a completely different type of endpoint protection. It runs in the background, doesn’t drag your computer to a grinding halt, and only notifies you when there’s an active threat to your computer.

It also reports back to a central console that allows us to monitor your environment for threats, common malware, and security holes like out-of-date software. With this powerful tool at our disposal we can identify and neutralise threats before they take hold, and facilitate communication with your users to warn them about particular problems and how to handle them.

Email Security & Spam Filtering

Emails are a favourite vector for would-be attackers. With a stolen list of addresses (or, sometimes a list of auto-generated ones) it is possible to bombard your users with virus-laden or phishing emails at very little cost.

We layer an industry-leading email security package over the top of Microsoft’s already capable spam filter. This is tuned to pick up on concerning emails and mark them for additional scrutiny before they are delivered.

Attachments are given a thorough virus scan and inspected for potential phishing content while the content of emails is evaluated against a whole host of rules to determine whether it looks genuine or spammy.

If an email is suspected of being harmful it is quarantined so that the recipient can review it before it is released to their inbox. In this way, problematic emails are discarded before they ever hit your infrastructure.

Drive Encryption

Your computer is – or at least should be – protected by a password. This stops would-be attackers from accessing your private files, browsing history and other personal data if they log in remotely or try to boot your computer.

This password does not, however, protect against someone who physically has your hard drive in their possession. With your hard drive, they can simply plug it into another computer and gain access to all your files with ease.

Drive Encryption closes off this route of attack. By encrypting the contents of your hard drive, an attacker needs your decryption key (a long string of random letters and numbers) to access your files. Without it, the entire drive is useless – just a bunch of random gobbledygook!

In your computer where it belongs, the drive is automatically unencrypted in use but protected by your login password. With a suitable password, even if someone has your entire computer, they won’t be able to access your files.

Patch Management

A key vector for security breaches is to take advantage of vulnerabilities in the software you have on your computer. These vulnerabilities allow attackers to access data that they shouldn’t be able to access, and gives them the opportunity to use this data either directly against you or to conduct further attacks.

Many of these vulnerabilities have already been fixed by the software manufacturers but you will not benefit from these fixes if your software isn’t updated. Out of date software can be a serious risk that is often easily closed.

For example, a bug in one of the fundamental technologies used on the secure web was discovered and gained wide publicity in 2014. This bug allowed attackers to gain access to important private data which would allow them to go on to impersonate legitimate websites and services.

This bug was fixed and released within a week of discovery. The update process to most affected servers is a simple update task. Yet, despite the publicity, speed and publicity of the fix, and the vendor’s quick response there were still over 90,000 vulnerable devices in July 2019 – over 5 years later.

By monitoring the updates installed on your operating system, and the programs you have installed we ensure that your entire fleet of computers and devices is kept up to date. By closing security holes as soon as fixes are available, your infrastructure is much less vulnerable to this type of attack.

Security Awareness Training & Vulnerability Testing

With hardware and software holes closed, your users become the favoured target of attackers. While additional security on emails and endpoint protection will help reduce the risk of attack, no software or service can protect you from a user handing their password over to a convincing, but malicious actor.

These attacks can be as simple as a phishing email trying to gain access to your Amazon or Microsoft account and all the personal data and payment details contained therein, or as sophisticated as someone turning up to your office pretending to be from your IT support company and asking for access to your server room.

This is why proper Security Awareness Training is a key part of any security strategy. At Ascend we provide your users with appropriate, targeted training in small weekly modules that can be worked into their working day, delivered by email.

Choosing from a whole library of available modules, we can select lessons for each member of staff that are relevant to their role. A phishing awareness module for everyone, a VPN module for those who work from home, or an anti-bribery module for those who deal with commercial contracts.

These modules are supplemented by a short questionnaire that tests your users’ existing knowledge. Where they show their knowledge to fall short, we’ll add modules to their list that will help fill the gap.

To help confirm that the training is sinking in, and to highlight areas for improvement, we will conduct regular phishing email tests. These emails will be designed to look like genuine emails from the companies and services that you work with but will contain the usual tell-tales of a phishing email. Where users click on the provided link or go as far as to enter their login details, they will be immediately notified to draw attention to the test, and will be allocated appropriate training to help them recognise phishing emails in the future.

Password Management

Good password hygiene is critical to protecting your business and your users online. Password leaks are unfortunately a regular occurrence, and if you and your users are in the habit of reusing the same password, or a predictably modified password, then one compromised account can lead to many others.

Worse still, if your users use some of the more common passwords (‘123456’ and ‘password’ are still top of the most-used passwords list) then their accounts may be compromised without the passwords being leaked.

The best kind of password is a long, random string of letters, numbers and symbols with a different password used for each and every service. The major problem with this approach is that the human brain cannot hope to remember all these passwords, especially when the number of accounts you may have creeps into the hundreds.

A password manager helps relieve some of this burden. It relies only on a single, highly-secure password and will generate, store, encrypt and auto-fill unique passwords for each of your online accounts without very little effort on your part.

With any security offering, we provide all your users access to BitWarden, an easy-to-use password manager that integrates with your browser and makes password hygiene easy.

And, because we believe that good password discipline at home will translate into good password discipline at work, each user will also have a personal license that they can use at home.

Multi-Factor Authentication

Multi-factor authentication is the practice of asking a user for additional information when they are logging in. Various methods exist, from the simple security question (by now everyone knows their mother’s maiden name) to a code sent my SMS or email.

One of the most secure methods involves entering a code generated by a nominated device – often an app on your smartphone. This ensures that no one can log into your account without both your password and your code-generating device. Password leaks happen, and your phone could be stolen, but the likelihood of both happening at once is vanishingly slim.

We will work with you to implement a robust MFA strategy, helping you determine the best balance between security and convenience to ensure your company data remains secure.

Website Malware Monitoring

Legitimate websites are more and more frequently being used as a vector for spreading malware. Whether they are being used to host malicious files, or they contain a hidden login page that can be linked to from phishing emails, the damage to a site’s reputation if it is found to be hosting such content can be considerable.

We’ll use a range of tools to monitor your site for unexpected content and ensure that any infection is cleaned up as soon as it is detected. We will also work with website rating agencies to ensure any false positive flags are removed as quickly as possible, maintaining your site’s reputation and keeping the visitors coming in.

Sound Interesting?

If you’d like to find out more, just fill in the form and hit send.

It’s that simple!

No commitment. No pressure. Just an informal chat about your pain points and what we can do to help.

Hardware & Infrastructure

Software &
Cloud Services

Support &
Guidance

Security &
Protection