By Mike Ianiri, Redsquid
Cyber attacks are widespread. Consumers are targeted, as are businesses of all sizes. However, 43% of cyber attacks are aimed at small businesses so SMEs need protection.
What can you do to protect your business?
Unfortunately, humans are still the weakest link in cyber security protection plans. This means that threat reduction requires employee training.
- Don’t open emails you don’t recognise or if the topic is worrying. Cyber criminals want to worry you. They’ll say your website has crashed, for example. They want you to open attachments or click on links designed to infect your machine/network.
- Check email addresses carefully. Fraudsters use addresses and URLs that are very similar to legitimate ones.
- Query requests for large, or urgent, payments. It’s not in our nature to query senior management but it will protect your business if your team is trained to do this – as this is a common form of cyber attack.
- Be watchful of new contractors. Whilst most will be legitimate, some cyber criminals will simply walk in and try to infect your machines. So, if you are not sure, stop and check.
By making sure your team know what to look out for, and has permission to query/challenge things, you are protecting your network and your business.
You can check the effectiveness of the training by using regular simulated phishing attacks. This can identify who is following their training and who needs a little more. We did this internally at Redsquid and reduced click-throughs from 54% to just 4% in only three months.
Protecting your network
Your network protection can come in many guises:
If your firewall is a few years old its ability to protect your network needs to be upgraded as the threats to your network will have increased. Sophos is an example of a good provider of such devices.
Keep your PCs fully patched. Your operating system provider regularly publishes security updates to protect against the latest cyber threats.
Microsoft stops supporting Windows 7 on January 14th 2020. Running Windows 7 after that date means seriously risking your network and your business. You must upgrade to Windows 10. Upgrading your hardware is also recommended. You’ll benefit from the physical security and performance enhancements built into new machines.
Vulnerability and Penetration Testing
There are many different ways to get into your network and the data it contains.
Vulnerability Scanning helps to ensure the security of your systems, services and applications from a number of common attack vectors, exploited by both automated and manual attackers. Vulnerability testing should ideally be done continuously, but at least every month.
A penetration test is an authorised simulated cyber attack on a computer system, performed by a suitably qualified third party. It’s designed to evaluate and ultimately to fortify the security of a target system through the identification of security vulnerabilities. We recommend these are done at least once a year by an independent body (not your IT provider) for the peace of mind it provides.
These tests also mean you are properly ticking the GDPR box. You need to be able to show you are protecting Personally Identifiable Information (PII) you hold on your customers and staff. If a breach does happen and you cannot prove you have taken reasonable steps, the Information Commissioners Office (ICO) can fine you up to 4% of annual global turnover.
Email gateways are a great way to reduce mistakes. By passing all your email through a gateway, such as Cyren’s email security (https://www.cyren.com/products/email-security-gateway), you block the malware, phishing and spam emails threatening your network.
APIs and Web Applications
Most businesses are using multiple web applications and APIs to streamline productivity. Have you checked whether the ones you use have been tested for intruder prevention? They can become a back door into your network for cyber criminals.
Multi-factor authentication (MFA) uses multiple devices to protect your network. Your phone can act as confirmation you are who you say you are, for example, logging into an application. Multiple layers of security make it harder for unauthorised users to access your network.
Protecting your network comes first. We also recommend insurance against cyber threats. It can’t replace what’s stolen, however, cyber insurance will help you recover. With a ransomware attack, for example, they may consider which is more beneficial – paying the ransom or paying the costs of getting you back running. We recommend you take advice on the cover you should have and always scrutinise the small print.
ABOUT THE AUTHOR
Mike Ianiri is Sales Director at Redsquid, one of the UK’s leading independent providers of business Voice, Data, ICT, Cyber Security and IoT Solutions. Redsquid is not tied to a single supplier but rather helps clients boost productivity, reduce costs, and protect and grow their business by creating bespoke solutions from the best technology available in the marketplace.