We’ve all read about businesses falling victim to cyber attack and losing sensitive data along with thousands of pounds… We all understand the increasing cyber security risks in today’s current climate, yet we tend not to do anything about until it happens to us… only then do we start to take it seriously.
We will first explore some of the common myths that prevent people from developing a cyber security strategy. Then review the potential consequences of not having cyber security in place – highlighting some real-world examples. We will round off with some essential recommendations and suggested further reading.
Let’s explore the common myths around cyber security
Cyber crime only affects large businesses
The fact of the matter is that cyber criminals do not discriminate – any business (micro to enterprise) with a weakness to exploit, is a potential candidate for cyber crime. Basically, the cyber security risks for small businesses are just as great as for larger businesses.
We change our passwords regularly so don’t need to worry
False. Indeed, passwords should be changed at regular intervals, and this certainly helps – providing you use complex pass phrases, which are more difficult to crack, rather than single use words. However, strong passwords are not enough on their own. Human error accounts for around 90% of all security data breaches, so it’s imperative your team are educated in cyber security and understand how threats are presented.
We have antivirus software installed so are fully protected
Sadly, antivirus software does not protect your business if a team member clicks a malicious link. Selecting a best-in-class antivirus software is certainly recommended as part of a robust cyber security strategy, but bear in mind it is useless without a fully cyber security aware workforce.
Apple products can’t get viruses or be hacked
Simply not true. Apple products are just as vulnerable to cyber security risks as any other computer or smartphone. Your device operating system is irrelevant – if it connects to a network, it’s susceptible to viruses and cyber crime.
When cyber security risks become real
The real cost of a cyber security breach can be detrimental to your business – not only financially but it could also damage your reputation too. If you suffer a ransomware attack your data will be encrypted and then held to ransom for a hefty price, even then there are no guarantees you’ll get your data back. It becomes even more serious if your stolen data contains your customers Personally Identifiable Information (PII) or worse still, their bank details. Even a simple phishing email could result in considerable damage.
Real world examples:
Email infiltration
The supplier of one of our clients had their 365 account breached because they didn’t have MFA enabled. The cyber criminal cracked a password and infiltrated their email system. They switched out the bank details for their own on a request for a £10,000 payment for services rendered. Luckily our client followed their internal cyber security procedure to check bank details, which alerted all parties to the fraud and stopped this going any further.
Ransomware attack
On a larger scale, UK criminal defence firm Tuckers Solicitors received a £98,000 fine after failing to enable MFA, which resulted in a cyber criminal stealing sensitive case data and publishing it on the dark web, holding it to ransom. The ICO said “MFA is a comparably low-cost preventative measure which Tuckers should have implemented, as it would have substantially increased the difficulty of an attacker entering their network.”
The hard truth is that some businesses will not recover from a cyber attack and ultimately will have to close their doors and cease trading.
Are you at risk of a cyber security attack?
The answer to this is a resounding “Yes!”. The level of cyber security risks for SMEs, enterprise or individuals, is pretty much the same, which is why it’s necessary to put preventative measures in place. We strongly recommend implementing the following three practices to increase resilience against cyber attacks.
Multi Factor Authentication (MFA)
MFA is a crucial layer in adding security to your first line of defence. Implementing it for each member of your team could prevent a hacker from gaining access to your network, even if they have successfully cracked a password.
Social engineering training
Your people are your biggest threat! One of your employees could easily click a malicious link in a phishing email, without even realising – giving a cyber criminal instant access to your network and your data. This is why your team need to undergo social engineering training to maximise their cyber security awareness.
Policies and procedures
Make sure you have a written cyber security policy in place that all staff are aware of and adhere to. It should be a step-by-step guide what to do in the case of a security breach and include escalation routes with correct contact details both in and out of hours.
What’s next?
If just one ransomware attack got through your defences, would your business be strong enough to withstand the potential mass scale damage it could cause? If not, and you feel the cyber security risks are too great, then it is time to invest in cyber security.
If you have any concerns or want some expert advice, please call our cyber security team on 01282 500770.
The next Seriun Session
We have a Live Hacking event coming up on Thursday 28th April over breakfast. We will have our cyber expert Wayne Fulton breaking into systems and hacking into networks in front of a live studio audience.. quite the eye opener. He’ll provide simple solutions to prevent such attacks, that can be taken away and implemented with ease. We will also have two guest speakers – Lee Anfiled of Lancashire Constabulay and John Batty from Bridge Insurance Brokers.
For more details and to book your place click here: https://www.eventbrite.co.uk/e/live-hacking-the-stark-truth-behind-the-crime-tickets-265941276517
Further reading
– Advice on preventative measures:
How to strengthen your cyber security in times of uncertainty
– An exploration into the different types of phishing and what to look out for:
The dangers of phishing and cyber crime
– An in-depth review of phishing tactics across email, websites and landing pages, with detailed analysis of a phishing email highlighting the dangers:
Phishing – the red flags