Information Security and Compliance

Malware (malicious software) is any software used to disrupt computer operations, gather sensitive information, or gain access to private computer systems. The term malware covers a large range of categories ranging from ...

viruses, Trojan horses, rootkits, backdoors etc.

Malware attacks are almost entirely automated. This malware, begins to manifest and compromise system throughput and availability. The automated (bot) nature of malware, makes it capable of causing spreading rapidly and very difficult to contain.
Vulnerability assessment and Management of Malware, has been a major pillar of network security in enterprise, Class A networks for many years. Within just the last couple of years, medium and even small businesses are discovering the common sense of fixing their relatively few vulnerabilities rather than erecting more and more defences to keep them from being attacked.
Vulnerability Assessment tools, like AVDS, scan every node on a network on a frequent, regular basis. Doing a penetration test, or having a security consultant scan your network once a year, every 6 months or even every 3 months doesn't cut it. They must be done regularly; on a weekly or at the very least monthly basis. The reason is obvious - Microsoft alone discloses a boatload of vulnerabilities every month (on "Patch Tuesday"), every one of which can affect your organization and open a potential security risk. But on top of that - networks are dynamic. Someone changing the firewall configuration can accidentally create an opening for an attacker.
At Crust Solutions, we strongly believe that periodic vulnerability scans, coupled with even basic malware detection and blocking, will be enough to prevent an organization from being compromised  - not because either method of defense alone leads to absolute protection, but because they harden the organization enough for the botnet operator to simply give up and move on to their next, weaker, target.
We identify the ways in which malware could be introduced into our systems like email, web traffic, flash drives, installed applications etc. We then put in systems to eliminate this threat either by filtering traffic, installing anti-virus applications, educating staff on the impact of their actions, etc. We leverage on automation. Automating the update of signatures, automating periodic scans and progressive behavioural analysis.
We achieve this by employing some of the most advanced and sophisticated tools the industry has to offer.

Email Security
In today’s electronic world, email is critical to any business being competitive. In most cases it now forms the backbone of most organisations’ day-to-day activities, and its use will continue to grow.
As email becomes more prevalent in the industry, the importance of email security becomes more significant. In particular, the security implications associated with the management of email storage, policy enforcement, auditing, and archiving and data recovery. Managing large, active stores of information takes time and effort in order to avoid failures – failures that will impact the users and therefore the business, undoubtedly leading to lost productivity. For secure and effective storage management, organisations must take a proactive approach and invest wisely in a comprehensive solution.
When considering a secure email storage management solution, a layered approach, combining both business processes and applications makes sense. By considering the services email provides to the business, email management can be broken down into a number of components: mail flow, storage, and user access – both at the server and user levels. Whilst each one of these components should be addressed separately, they must be viewed as part of a total security agenda.
Mail flow can encompass many aspects of an email system. However, the security of mail flow is for the large part focused around the auditing and tracking of mails into and out of the organisation. Monitoring the content and ensuring that any email that has been sent and received complies with business policy is fundamental. Proving who has sent or received email is a lawful requirement for many industries and email can often be used as evidence in fraud and human resource court cases.
Another key aspect of the management of mail flow security is the protection of the business from malicious or unlawful attacks. It is at the gateway into the mail system where a business must protect itself via a variety of methods including hardware and software protection systems, such as spam filters and virus scanners.
Storing of the actual email data includes physical storage, logical storage, archiving systems as well as backup and recovery solutions. The biggest security threat to any email storage system is the potential for mail data to be lost. Most organisations see this threat as existing in the datacentre and spend many millions of cedis on securing it. In fact, the threat is most likely to come from lost or stolen hardware, such as laptops containing offline email files. When you consider that the number of employees working remotely is growing, including those who only work away from the office periodically, email security on laptops becomes more significant. Providing a managed method of archiving and controlling this data is therefore essential. When it comes to archiving, organisations should take a two-pronged approach, to reduce the risk and retain corporate knowledge. Firstly we ensure that users are frequently educated about email retention policies. In addition, an archiving solution should enable administrators to remove items from users’ mailboxes based on administrator-configured options such as the age or size of a message. Administrators should be able to control, retain and backup the email files, by consolidating the information stored in email files whilst ensuring that users are prevented from simply creating new emails

URL Filtering
Depending on the nature of business or security requirements of your organisation, URL filtering may be a requirement. Some organisations may have policies against specific content. In some cases casual surfing may be considered as a waste of time and some sites can contain unwanted and inappropriate images, videos, or content. Spyware and malware can be blocked before they are allowed to be installed, thus saving even more time and administrator overhead in keeping the machines clean and running smoothly.
Page 9
Crust Solutions Inc. IT Security Risk & Compliance
Url filtering is achieved by allowing or denying access to specific Url’s based on key words in the address.
At Crust Solutions, we ensure that your gateways are controlled in accordance to your policies. Only traffic that is allowed to come through will be permitted.

Risk and Compliance
We carry out comprehensive security checks to ensure that your IT operations are compliant to international standards. These include but are not limited to the following:
- Security Policy Design and implementation
- Patch/Firmware management
- User ID Management and Alignment
- Password policy design and enforcement
- User ID creation procedures
- User ID categorization and access levels
- Naming conventions and User ID validation
- Backup management regimes
- DR and Disaster Management regimes
- Cryptography

Mobile Device Security
Mobile devices have become common placed in most organisations. These devices range from laptops, PDA’s, Smartphones, tablets etc. The use of these mobile devices introduce a lot of flexibility into our work spaces and allow work to be carried out without geographical boundaries. However they also create room for multiple threats to our organisational security.
These mobile devices stand the risk of getting stolen, damaged, or used for the wrong purpose. In most cases, our organisations loose sensitive operational data, in worst cases, we lose this data to the completion or other parties that don’t have clearance to access this data.
Not only does this impact on productivity but it may also compromise our market dominance or affect customer satisfaction in our products.
We at Crust Solutions Inc., as part of our risk and compliance assessment will ensure that, all mobile devices have the right forms of authentication and identification on them. Restrictions should be in place to guarantee that only relevant official data is transferred onto or generated with these mobile devices, moreover the transfer of official data off these mobile devices should be closely regulated.
Other security parameters such as antivirus and firewall installations on these remote devices should be operational and up to date.
In the event of any loss, theft or damage, procedures should be put in place to prevent unauthorized access to the data. The devices should also be capable of remote erase.

Who we are...

Crust Solutions Inc. is a group with an aim to improve IT service delivery in Ghana. Crust Solutions Inc provides managed services, Dedicated Private Servers, IaaS Solutions, Storage solutions and many more at highly competitive prices with impeccable service.

Contact Us

  • 6th Nii Okai Street,
  • Demod North-Kaneshie.
  • P.O. Box 4368 GP
  • Accra, Ghana
  • Tel +233 (0302)902719
  • E-mail: info[@]crustsolutions.com