Whether you are a current client, a prospective client, look after your own IT needs or use another IT support provider, we all need to consider how to protect ourselves and our businesses from cyber threats. Please don’t become another victim by not improving your personal and business’s security.
In the past, we have seen interest levels rise when we see the big attacks like WannaCry in 2017 and hit all our news feeds. That cost the NHS (and us) £92 million as a very rough estimate, through services lost during the attack and IT costs in the aftermath. The NHS was warned a year in advance that they were vulnerable but were criticised that they were too slow to react. However, the risks had always been there with the NHS lacking good IT security practices and employee security awareness training. If you are interested, you can read the “Lessons Learned Review” (how many times do we hear that phrase), an independent report here: https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf
Despite all that, we still see businesses that fail to even consider how at risk they are, let alone take any real action. We saw real concern by business owners at the time, but often that just didn’t follow through into changes. These are often businesses that are critical to the livelihoods of their owners and employees, where damage by cyber attacks could cause huge hits financially and to ongoing trading. The NHS is a behemoth of an organisation, so introduction and control of good security practices must be a complete nightmare, but at smaller business sizes, there are no excuses to improving our knowledge, policies and protection.
Rising levels of attacks
We have seen cyber attack levels rising even before the Ukraine crisis, with attacks often happening behind the scenes while hackers fake invoices and change bank details so they can scam money, often thousands of pounds. Suppliers can be hit by hackers getting into their email systems and sending the supplier’s clients the fake details, but also clients themselves are getting hacked where the scammers pretend to be a supplier sending new details.
Now, more than ever, we are surely all aware that modern day conflicts happen on all levels, especially in our world more reliant on connected technology than ever before.
Be aware of the risks
The UK’s National Cyber Security Centre (part of GCHQ) is calling upon all organisations in the UK to bolster their online defences, especially following Russia’s attack on Ukraine. Don’t think that your business might be too small to get attacked or would easily recover, we are all at risk.
You can read their advice here: https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened
In summary, their advice is what you will hear from both us and most IT providers recommending to their clients:
- Ensure all your desktops, laptops and mobile devices are all regularly updated for patches not just on the operating system but all the software you use.
- Make sure all your other devices such as routers, network switches, WiFi access points have their firmware regularly updated and don’t have any open interfaces or ports they shouldn’t have.
- Incorporate good password policies, practices and control with strong passwords and multi-factor authentication, plus audit your accounts to see what they can access and who has the credentials. Also to track any credentials that have been the subject of data leaks and ensure action is taken – users could be using the same password in numerous systems, so that alone can give a hacker access to your systems.
- Use security software (antivirus/malware) which is regularly updated and is active (not a disabled trial account from when you purchased the computer), plus ensure firewalls and web filtering are appropriate and protecting you. These should all be being monitored centrally.
- Ensure you backup all your data whether those are files, databases or emails etc. Make sure the backups that are in place are actually working and add multiple levels of storage.
- Educate all your users about looking out for signs of attack and what to do if they spot something.
- Add multiple layers of security to cover your data and systems.
Take action before it is too late
Finally, once you have identified all the risks to your business, either speak to your current IT support provider, whether that is us or not. That will give you the tools and practices to combat the threats we are all subject to. If you look after your own IT environment, don’t feel you have to find all the solutions yourself, speak to a support provider who will have a range of solutions ready and waiting, then we can all fight these threats together.