The race between hackers’ and defenders’ capabilities is increasing in pace and intensity.
The publishing of the Cyber Threat to UK Business Report 2017/18, the new GDPR regulations and the ongoing scandal of Facebook condoning the harvesting of private data means that data security is first page news.
We are going to examine some key points of the report in real terms to SMEs. If you think that tech horror stories such as ransomware, WannaCry, crypto-jacking, worms and trojans will never affect your organisation, you can think again. According to data compiled by a leading insurance company, in the past 12 months 875,000 SMEs across the UK have been affected by a serious cyber-attack. Of the companies hit, just over a fifth reported that it cost them more than £10,000 and one in 10 said that it had cost them more than £50,000.
Our Cyber Awareness Training sessions are an effective way to make your team the first line of defence and not the last resort. We firmly believe that knowledge is power so have created an 2 step program covering the most critical aspects of Cyber Security. If you are interested in attending a Cyber Awareness Training session, our next session is on 22 May – you can find out more and reserve your place by clicking here.
What does Heliocentrix recommend?
Risk Assess! It’s sounds an obvious starting point, and even if you believe that your organisation has excellent cyber security, until you have written a comprehensive Business Continuity Plan (BCP) and tested it thoroughly and explored every possible scenario, you are still susceptible.
By now, you are probably well under way with your preparations for the new GDPR regulations and feeling confident that your data is under ‘lock and key’. We probably don’t need to remind you that, under certain circumstances, the financial penalties for failing to prevent data breaches could be crippling.
“Attackers will target the most vulnerable part of a supply chain to reach their intended victim” – NCA report
Now that you believe you are secure, what are the guarantees that any contractors, third party suppliers or software that you download have such stringent practices in place? Like any virus, the contagion will spread across your network and needs only one entry point. Your business partners must be as diligent about cyber security as you are. Test them.
You are the weakest link. Human error will be the biggest risk to your business in 2018. Business Email Compromise (BEC) is one of the most common forms of cyber attack (and fraud). Cyber criminals can be very patient and, once they have gained access to your emails, they sit in the background waiting for their opportunity.
“It (BEC) represents one of the fastest growing, lowest cost, highest return cyber crime operation.” – NCA Report
Sending a hoax email from your email is harder to detect than you think. In this socially connected world we can all use business terminology effectively, learn industry language and personal references from social and professional networking sites can make the deception appear authentic and personal.
So do cyber criminals only attack bigger corporations? The easy answer is that they don’t. It is a more likely outcome that bigger firms have dedicated IT teams to spot attacks far earlier than the average UK based SME. The WannaCry attack that hit the NHS, also hit over 300,000 other businesses globally.
We have spotted a cyber attack – who do we tell?
Early reporting is key to finding a solution and mitigating the damage done – both practically and reputationally. Under new GDPR guidelines you must report any security breach to the ICO within 72 hours. Always keep a timeline of events.
The Heliocentrix Top Five Tips for SMEs from the report
- Use up-to-date and supported operating systems and software
- Protect the network: use firewalls, anti-virus solutions and network segregation to protect services
- Protect information: implement an access rights procedure for staff for all devices and services and use multi-factor authentication to protect sensitive information
- Use password managers to prevent password reuse ensure that all services are protected by strict authentication and authorisation controls
- TRAIN YOUR STAFF IN CYBER SECURITY PROTOCOLS
For more information on how malware can affect your business please look at our March 2018 blog post. or get in touch…..
The team here at Heliocentrix are already helping local and national SME’s with their IT systems, from offering friendly advice to security and peace of mind with our fully managed IT support – and everything in-between.
Our Cyber Awareness Training sessions are an effective way to make your team the first line of defence and not the last resort. We firmly believe that knowledge is power so have created an 2 step program covering all aspects of Cyber Security.
If you are interested in attending a Cyber Awareness Training session, our next session is on 22 May and will focus different types of threats, what they mean for your business and to how to stay one step ahead of security breaches. – you can find out more and reserve your place by clicking here.