Dial A Geek’s IT team help Bristol and South West based businesses protect their IT systems, networks and company data from fraudsters and hackers who are constantly on the lookout for weaknesses in your cyber defences. We have extensive experience in mitigating security threats, combating cyber crime and running secure systems for our clients.
We will work with you to review your existing cyber security measures, identify any weaknesses and give you the support to deal with them. We will also ensure that you and your team are equipped with knowledge so that you are aware of security issues and know how to deal with them effectively.
By far the biggest risks for small businesses are email phishing and the harm caused by malware.
Password phishing refers to those pesky emails that claim to be from a trustworthy source such as your bank, well-known brands or even your own company. They exploit the user’s trust by getting people to reveal their usernames and passwords, banking and credit card details, etc. The majority of phishing emails are recognised as spam by your email software and either deleted or sent to your spam folder but a significant number outwit the software and get through to inboxes. Fraudsters continually adapt their approach and are able to produce increasingly convincing fake emails which mean that phishing emails remain the most common form of cyber security attack in the UK.
One such type of attack and currently the most successful from the bad guy’s point of view is Business Email Compromise, aka CEO Fraud. CEO Fraud targets the finance people in companies by tricking them into transferring money into scammer’s bank accounts. Fraudsters break into email accounts and then lurk in mailboxes looking to spot trends of which payments are being sent where and to whom. This enables them to create highly sophisticated and believable spoof emails that look like they come from the CEO or key customers containing artificial invoices and payment requests. Lloyds Banks estimate that as many as 500,000 UK small to medium-sized (SME) businesses have been hit costing an average of £27,000.
Malicious software or malware refers to any software or file that is designed to harm computers, laptops or pretty much any other piece of IT equipment. Malware comes in various forms including viruses, spyware, trojan horses and ransomware. The most common way that computers become infected is when users click on an email link which then allows the software to steal, delete or encrypt sensitive data, monitor your computer activity and send information back to the hacker.
Other types of attacks include:
These come from trusted employees and contractors with access to the company network. This type of attack ranges from mistakes made by trying to access parts of the company network that they don’t have access to, trying to guess other user’s passwords through to intentionally doing harm or stealing company information such as client contact lists.
The most common social media attacks on platforms such as Facebook, LinkedIn, Twitter and Instagram are used to breach user’s accounts and then discreetly obtain personal data about their colleagues and private connections. They can also be used to get access to corporate social media accounts and post false and misleading information on behalf of the company.
In the past, larger businesses were seen as a bigger target for hackers using more sophisticated techniques. However, we are increasingly seeing the same methods being used to target smaller businesses who tend to have less advanced defences.
In fact, a 2018 UK government Cyber Security survey showed that 40% of UK businesses had suffered a cyber security attack in the previous 12 months. For larger businesses, the figure rises to a whopping 72%. In another survey, Hiscox, the insurance company estimated that the average cost of an attack for a small business is £27,500 of direct costs such as replacing hardware and paying ransoms and that’s before indirect costs such as reputation damage are taken into account.
As enterprise level products such as Office 365 become more accessible to SMEs due to cost more businesses are migrating to these cloud-based platforms. One of the advantages of cloud computing products like Office 365 is that they tend to be more secure. However, as the number of businesses migrating to Office 365 increases so does the number of attacks on the platform. Our specialist knowledge of how to setup Office 365 for optimal performance and security means that we are able to prevent our clients from falling victim to these attacks.
According to the Hiscox survey mentioned earlier, only 52% of small businesses have a cyber security strategy in place. Perhaps even more surprising is the fact that following an attack, two-thirds of businesses said that they took no additional steps to prevent a future attack. That said, most organisations have some basic prevention measures in place but very few go beyond these basic measures.
The vast majority of security issues (90%) are caused by end users, i.e. you, me and your employees. So ensuring that staff are aware of their responsibility towards security such as using strong passwords and locking PCs when they are unattended will provide good baseline security. As will deploying products such as Office 365 and Google’s G Suite software for business-critical systems. Businesses can further increase their security score by implementing features that lock systems down and protect your identity.
If you are one of the 48% of small businesses that do not have a cyber security strategy in place, we can help. We encourage all our clients to attain the Government sponsored Cyber Essentials accreditation. This is a baseline security standard to help businesses make their security processes and governance more transparent. We will take you through all the steps required to obtain the certificate and give you peace of mind – the knowledge that you are following the best practice in cyber security.
The General Data Protection Regulation became a law on the 25th of May 2018 and it has already caused a lot of confusion. In terms of computer security, it means that you, as a business owner, are liable for any breaches of personal data that you hold.
It is your responsibility to prove that you followed the best practice and done everything in your power to mitigate the risk of data breach. The first step on your GDPR compliance checklist would be to gain your Cyber Essentials certificate.