What is cyber security?
Cyber security is the use of technologies, processes and controls to protect your computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. In the end, all these technologies we use are there to protect your business. Generally everything you need to do are things we have been badgering our clients about their importance for years.
Why is cyber security important?
Cyber security threats continue to rise and more organisations are becoming required to demonstrate their security compliance, either for insurance cover, governmental contracts or professional memberships. A cyberattack can have detrimental effects on your organisation, including costly business downtime, a damaged reputation, loss of customers and confidence, loss of revenue, GDPR fines (if data is stolen) and most worrying of all, possible business closure.
Cybercrime and Cyber-Attacks are becoming more prevalent with each passing day. Over half of small and medium businesses (SMB) have reported being the victims of cybercrimes. Every day, there are new headlines about data breaches, hackings, Cyber-Attacks, and various forms of crimes against businesses. In a survey, over two-thirds of the participating businesses had suffered at least one cyber attack, while one-third had experienced the same in the last 12-months.
According to the Cyber Security Breaches Survey, 39% of UK businesses were subject to a cyber attack in 2022, with an average cost per attack from loss of money or data of £4,200 for all businesses reporting an attack.
Types of threat
Common cyber threats include:
- Denial of Service Attack (DoS) – an attack which targets the resources of a server, network, website, or computer to take it down or disrupt services.
- Hacking – Gaining unauthorised access to data in a system or computer.
- Malware – Malware or malicious software is designed for compromising a system for a purpose.
- Phishing and Spear Phishing – Spear phishing or phishing involves sending emails with malicious attachments designed to steal personal information.
- Ransomware – Software designed to block access until a sum of money is paid.
- Spoofing – Deceiving users or systems by pretending to be someone familiar.
- Spamming – The sending of unsolicited messages to a large audience.
- Password Attack – Password attacks enable cybercriminals to gain unauthorized access to user accounts and networks.
Checklist
You can make your first steps becoming secure right now. Those steps are to improve the security on your email that you and your employees all use:
- Use a strong and different password for your email using 3 random words or an secure password generator. (hint: password managers are really good at helping you with all your passwords, but you still need to protect them too).
- Turn on 2-step verification (also known as 2 factor authentication or multi-factor authentication) for your email. (hint: Microsoft 365 as we provide our clients allow you to add this for free!)
If you have fixed both of those, let’s look at the other areas you need to look at to protect your business. This isn’t an exhaustive list but we can help you all the way.
Create a Cyber Action Plan
Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and 2-Step Verification (2SV), and get a free personalised list of actions that will help you improve your cyber security.
The Cyber Action Plan is a free service provided by the National Security Cyber Centre to help individuals and small businesses improve their cybersecurity. After taking a short quiz, the NSCC will create a tailored list of actions that will help bolster your cybersecurity. This can be your first step to protecting your business and both your and your employee’s livelihoods. Click here to complete the Action Plan,
Educate your users
According to IBM’s Cyber Security Intelligence Index Report, 95% of security breaches are caused by human error. The actions of people play a critical part in the success or failure of an enterprise’s security program. It is easier for an attacker to entice a user to click a link or open an email attachment to install malware in order to get into an enterprise, than to find a network exploit to do it directly. Users themselves, both intentionally and unintentionally, can cause incidents as a result of mishandling sensitive data, sending an email with sensitive data to the wrong recipient, losing a portable end-user device, using weak passwords, or using the same password they use on public sites. No security program can effectively address cyber risk without a means to address this fundamental human vulnerability. Users at every level of the enterprise have different risks. For example: executives manage more sensitive data; system administrators have the ability to control access to systems and applications; and users in finance, human resources, and contracts all have access to different types of sensitive data that can make them targets. The training should be updated regularly.
Back up your data
All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored. By doing this, you’re ensuring your business can still function following the impact of flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can quickly recover, you can’t be blackmailed by ransomware attacks.
Whether it’s on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they:
- are not accessible by staff.
- are not permanently connected (either physically or over a local network) to the device holding the original copy.
Ransomware (and other malware) can often move to attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from. For more resilience, you should consider storing your backups in a different location, so fire or theft won’t result in you losing both copies. Cloud storage solutions are a cost-effective and efficient way of achieving this.
Protect your organisation from malware
Malicious software (also known as ‘malware‘) is software or web content that can harm your organisation, such as the recent WannaCry outbreak. The most well-known form of malware is viruses, which are self-copying programs that infect legitimate software.
5 free and easy-to-implement tips that can help prevent malware damaging your organisation (don’t worry about the detail of how to fix them, we can help you with all of these):
- Install (and turn on) antivirus software and web filtering.
- Prevent staff from downloading and installing programs.
- Keep all your IT equipment up to date (patching).
- Control how USB drives (and memory cards) can be used.
- Switch on your firewall.
Secure your passwords
Your laptops, computers, tablets and smartphones will contain a lot of your own business-critical data, the personal information of your customers, and also details of the online accounts that you access. It is essential that this data is available to you, but not available to unauthorised users.
Passwords – when implemented correctly – are a free, easy and effective way to prevent unauthorised users accessing your devices. This section outlines 5 things to keep in mind when using passwords.
- Make sure you switch on password protection.
- Use 2-step verification (2FA, MFA).
- Avoid using predictable passwords.
- Help your staff cope with ‘password overload’.
- Change all default passwords.
Get Certification
A great way to help you through completing and maintaining the above actions, you may wish to consider joining the Cyber Essential Certification Scheme. This certification covers all of the best practices above and helps to show that you are treating cyber security seriously. For some companies, this certification is becoming necessary to handle Government contracts and to confirm with insurance requirements.
This government-backed initiative helps businesses of all sizes protect themselves against the most common cyber attacks.
How we can help
We can help you navigate the complicated world of IT & Cybersecurity so you can better protect your data and your business. We have lots of ways to help you make changes to secure your business and to certify that you are covering all the requirements of the Cyber Essentials scheme whether you are a current client of ours or not.