Cyber security, as some may already know, is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from nasty attacks. As a business, it’s something we need to be aware of as the cost of cyber crime is at all all-time high and the consequences can be very damaging.
Cyber-attacks can cause significant disruption and harm to even the most resilient organisations. Not only are loss of assets an implication, businesses can face fines and damage to their reputation.
Breakwater IT have been our professional IT service provider for some time, and we would highly recommend them. They have built a positive reputation for themselves due to the high level of quality service they offer their clients. When I was seeking some advice around cyber security it felt only fitting to approach them for guidance. I spoke with John Gostling, their Managing Director, who has been working within the IT profession for over 20 years. He shared some of his thoughts and tips on cyber security and how businesses can better protect themselves.
Cyber-attacks can affect businesses of all sizes and the implications can be catastrophic. Your personal assets are at risk, so it is important to make sure they are secure. Technology has become an increasingly integral aspect of the workplace. From email correspondence to financial transactions, we are relying on technology more and more to be connected at all times so that we can carry out our work effectively. When these lines of communication become compromised it can be disastrous for our businesses.
There are many reasons, but one is simply because small businesses don’t always have the cyber defences in place to protect themselves due to the perceived expense. It’s important to point out it doesn’t have to be expensive to protect your systems, but it does take common sense and a proactive approach.
Usually it is organised crime groups who setup automated attacks to steal money. This includes things like ransomware, invoice fraud and impersonation attacks. Impersonation attacks seem to be most common; this is where a criminal will impersonate the finance or managing director and attempt to get the finance team to send their company money.
Threats can come in all manner of shapes and sizes. Most of the breaches we have seen so far in 2019 are specifically crafted emails which try and get the user to click on a link. Once they have clicked on the email, they will normally be prompted to enter their password. If the password is submitted the criminals, then have access to that account. This can go unused or unnoticed for many months whilst the attackers view the information in the mailbox and work out ways to extort money from that business.
Another example would be to use malware on a USB stick. Once the stick has been run it can give an attacker full access to that machine including taking over the screen and viewing the webcam.
The best thing to do is to plan for a breach. Look at your systems and what’s important to your business. Identify recovery plans to ensure that key systems can be brought online as quickly as you need them. Your recovery plan should include steps for notifying the ICO in the event of a personal data breach.
My top tips would be to:
We hope you found this blog useful, if you need any more information at all email John on firstname.lastname@example.org and he would be happy to help.