What Every Small Business Should Know About Hackers & Cybersecurity

Uploaded on 2018-09-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

It seems like not a week goes by at the moment without a new story about a large corporate cyber-security breach. Recent hacks at Ticketmaster, Fortnum & Mason and Dixons Carphone have resulted in customer data being accessed, stolen or potentially compromised.

But it’s not just large companies that are at risk and, with the General Data Protection Regulation (GDPR) in place, all businesses must take steps to ensure that their systems and data are protected.

Edward Whittingham is a former police officer and the founder of online security company, Business Fraud Prevention Partnership, which is accredited by GCHQ as part of the UK Government’s National Cyber Security Programme. He says that it’s essential that small and medium-sized enterprises (SMEs) understand that cyber-crime is now a major part of organised crime.

“Historically, there has been a perception that cyber-attacks are conducted by teenagers or rogue individuals, but this just isn’t the case,” he explains. “They’re now conducted on a large scale by serious and organised crime gangs who, for pocket change, can purchase the tools that they need to carry out attacks on the dark web.”

Phishers
Mr Whittingham says that one of the biggest threats to SMEs are phishing emails, where hackers pose as trustworthy entities, such as suppliers or colleagues, and ask for sensitive information to be sent. He warns that these must not be underestimated and points to research that shows that between 90pc and 95pc of cyber-attacks begin with phishing.

“They continue to evolve and are becoming ever more convincing,” he says. “[Hackers] are on the ball and always looking to exploit the latest trend, so it’s crucial that we are, too. If there’s one thing to get to grips with, it’s ensuring that employees understand all of the different threats that phishing emails pose and how to spot the warning signs.”

Those signs are often subtle differences, explains Mr Whittingham. “Check the sender details, and not just the sender’s name, but the actual email address itself: does it look legitimate; are there subtle misspellings or additional characters?”
Other red flags to look out for include any unusual or urgent calls to action, such as a request to make a payment, confirm details or access a link or document.

Costs and expenses
The cost of a cyberattack can be huge, but protection for small businesses isn’t necessarily expensive. Anti-virus software is a must for all SMEs and some packages ensure that the software is always up to date. The market is competitive and business owners should read reviews and take recommendations before selecting the right tool or package. Local authorities and chambers of commerce also offer support.

Back-up your data
Firms that want to mitigate the danger of an attack can take action. Mr Whittingham says that the first step is to back up crucial data: “Think about the operational and financial data that you hold that’s absolutely business critical – what would you do if this became inaccessible or permanently lost?” Back-ups should be made regularly (ideally daily) to a storage device separate to the ones from which you work.

Two-factor authentication
The founder also recommends the use of two-factor authentication, where software or email access requires not just a password but also a PIN number, usually sent by text.
Gmail, Dropbox and other cloud services offer this, but passwords should be improved anyway. They are all too often a weak link, he says. “Employees should be encouraged to use strong passwords made up of sequences of words, as these are easier to remember.”

IT policy
SMEs need to create an IT policy to prevent cyber-attacks and data breaches. This should be a comprehensive but easy to read document that’s adhered to by all staff members.

Chris Gough is technical director at IT consultancy, Mintivo, which works with small businesses as well as bigger companies such as Age UK and Investors in People. He says that IT policies are all too often unread and unattractive, and advises a bite-sized version to interest staff: “You can get great engagement from using a ‘Top 10 need to know’ format and promoting this alongside the full document.”

When it comes to the policy’s content, Mr Gough advises that businesses consider a wide variety of areas, including acceptable usage, communications, password policy, social media guidelines, network security, physical security, data protection, incident response and disaster recovery.

Preparation is key and cannot simply be left for the IT department, he says. “Unfortunately, it’s a case of when, not if, a cyber attack will take place.”

Test your systems
The only way to ensure that your systems are strong is to test them – preferably before the hackers do.

“It’s important that organisations are proactive and not reactive when it comes to cyber security,” explains Mr Whittingham.

“Staff training, paired with simulated phishing tests, is not only a way of educating employees; it can also identify high-risk areas within the business.”

Telegraph:         Image: Nick Youngson

You Might Also Read:

Five Key Ways to Protect Your Company Against Cyber Attacks:

UK Business Is Overconfident About Cybersecurity:

 

« Students Blamed For University & College Cyber Attacks
Edward Snowden Reconsidered »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cybereason

Cybereason

Cybereason provides attack protection with cutting edge EDR and XDR, and industry recognized consulting services to support organizations throughout any stage of the incident lifecycle.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

ThreatAware

ThreatAware

Total visibility of your business cybersecurity. Monitoring, management and compliance for your cybersecurity tools, people and processes from one easy to use dashboard.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Sealing Technologies (SealingTech)

Sealing Technologies (SealingTech)

SealingTech is a leader in cutting edge research, products, engineering, and integration services in the Internet of Things, Edge, Machine Learning, Artificial Intelligence, and Cloud.

Hack-X Security

Hack-X Security

Hack-X Security provide IT risk assessment and Digital Security Services. We are a trusted standard for businesses that must protect their data from cyber-attacks.

iTRUSTXForce

iTRUSTXForce

iTRUSTXForce is a global provider of DigitalX (cybersecurity, privacy, and digital trust) services. We offer comprehensive services that focus on delivering outcomes for our clients.

Vortacity Cyber

Vortacity Cyber

Vortacity is a boutique cybersecurity provider specializing in associations, nonprofits, and mission-based organizations.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.

CRYPTIQ

CRYPTIQ

CRYPTIQ empowers businesses to navigate the ever-evolving cybersecurity landscape with confidence and clarity.