Cyber Security
Cyber security is an essential part of running a business in the 21st century. Ensure your system is properly protected with our extensive security assistance. We’ll help you look after your business and your assets.
Dial A Geek’s IT support team help Bristol and South West based businesses protect their IT systems, networks and company data from fraudsters and hackers who are constantly on the lookout for weaknesses in your cyber defences. We have extensive experience in mitigating security threats, combating cyber crime and running secure systems for our clients.
We will work with you to review your existing cyber security measures, identify any weaknesses and give you the support to deal with them. We will also ensure that you and your team are equipped with knowledge so that you are aware of security issues and know how to deal with them effectively.
What are the most common cyber security attacks on SME business?
By far the biggest risks for small businesses are email phishing and the harm caused by malware.
Password Phishing
Password phishing refers to those pesky emails that claim to be from a trustworthy source such as your bank, well-known brands or even your own company. They exploit the user’s trust by getting people to reveal their usernames and passwords, banking and credit card details, etc. The majority of phishing emails are recognised as spam by your email software and either deleted or sent to your spam folder but a significant number outwit the software and get through to inboxes. Fraudsters continually adapt their approach and are able to produce increasingly convincing fake emails which mean that phishing emails remain the most common form of cyber security attack in the UK.
One such type of attack and currently the most successful from the bad guy’s point of view is Business Email Compromise, aka CEO Fraud. CEO Fraud targets the finance people in companies by tricking them into transferring money into scammer’s bank accounts. Fraudsters break into email accounts and then lurk in mailboxes looking to spot trends of which payments are being sent where and to whom. This enables them to create highly sophisticated and believable spoof emails that look like they come from the CEO or key customers containing artificial invoices and payment requests. Lloyds Banks estimate that as many as 500,000 UK small to medium-sized (SME) businesses have been hit costing an average of £27,000.
Malware
Malicious software or malware refers to any software or file that is designed to harm computers, laptops or pretty much any other piece of IT equipment. Malware comes in various forms including viruses, spyware, trojan horses and ransomware. The most common way that computers become infected is when users click on an email link which then allows the software to steal, delete or encrypt sensitive data, monitor your computer activity and send information back to the hacker.
Other types of attacks include:
Inside Attacks
These come from trusted employees and contractors with access to the company network. This type of attack ranges from mistakes made by trying to access parts of the company network that they don’t have access to, trying to guess other user’s passwords through to intentionally doing harm or stealing company information such as client contact lists.
Social Media Threats
The most common social media attacks on platforms such as Facebook, LinkedIn, Twitter and Instagram are used to breach user’s accounts and then discreetly obtain personal data about their colleagues and private connections. They can also be used to get access to corporate social media accounts and post false and misleading information on behalf of the company.
Who is targeted by cyber security attacks?
In the past, larger businesses were seen as a bigger target for hackers using more sophisticated techniques. However, we are increasingly seeing the same methods being used to target smaller businesses who tend to have less advanced defences.
In fact, a 2018 UK government Cyber Security survey showed that 40% of UK businesses had suffered a cyber security attack in the previous 12 months. For larger businesses, the figure rises to a whopping 72%. In another survey, Hiscox, the insurance company estimated that the average cost of an attack for a small business is £27,500 of direct costs such as replacing hardware and paying ransoms and that’s before indirect costs such as reputation damage are taken into account.
As enterprise level products such as Office 365 become more accessible to SMEs due to cost more businesses are migrating to these cloud-based platforms. One of the advantages of cloud computing products like Office 365 is that they tend to be more secure. However, as the number of businesses migrating to Office 365 increases so does the number of attacks on the platform. Our specialist knowledge of how to setup Office 365 for optimal performance and security means that we are able to prevent our clients from falling victim to these attacks.
What can businesses do to prevent cyber attacks?
According to the Hiscox survey mentioned earlier, only 52% of small businesses have a cyber security strategy in place. Perhaps even more surprising is the fact that following an attack, two-thirds of businesses said that they took no additional steps to prevent a future attack. That said, most organisations have some basic prevention measures in place but very few go beyond these basic measures.
The vast majority of security issues (90%) are caused by end users, i.e. you, me and your employees. So ensuring that staff are aware of their responsibility towards security such as using strong passwords and locking PCs when they are unattended will provide good baseline security. As will deploying products such as Office 365 and Google’s G Suite software for business-critical systems. Businesses can further increase their security score by implementing features that lock systems down and protect your identity.
If you are one of the 48% of small businesses that do not have a cyber security strategy in place, we can help. We encourage all our clients to attain the Government sponsored Cyber Essentials accreditation. This is a baseline security standard to help businesses make their security processes and governance more transparent. We will take you through all the steps required to obtain the certificate and give you peace of mind – the knowledge that you are following the best practice in cyber security.
Cyber security and GDPR support
The General Data Protection Regulation became a law on the 25th of May 2018 and it has already caused a lot of confusion. In terms of computer security, it means that you, as a business owner, are liable for any breaches of personal data that you hold.
It is your responsibility to prove that you followed the best practice and done everything in your power to mitigate the risk of data breach. The first step on your GDPR compliance checklist would be to gain your Cyber Essentials certificate.
Click here to download the full size graph.
Cyber Security FAQs
Why is Cyber Security important now? Four in ten (40%) of all businesses and charities experienced a cyber breach or attack in the past year. This included computer viruses, hacking, theft of data and theft of financial information. Breaches were identified most often in businesses holding personal data and those where staff use personal devices for work.
General Data Protection Regulation (GDPR) rules require companies which hold personal data (like customer names, addresses, email addresses, phone numbers and payment card details) to have “appropriate” security measures in place to protect that data. Taking this action will help protect your company’s important information and could help prevent a fine from the regulator, should you be unfortunate enough to suffer a data breach.
Cyber security is the process of taking steps to protect your data from outside hackers and insider threats.
The ICO has now started fining companies that do not take adequate steps and have policies (that are used) in place to protect their data.
Is Office 365 alone not secure enough? A Microsoft Office 365 Tenant setup with the standard settings, is not secure.
Microsoft has a built-in security rating, this is called Secure Score. Check yours here https://security.microsoft.com/securescore?viewid=overview
Every day you will have failed login attempts on your Office 365 accounts from all over the world, especially if you have been a victim of a Phishing attack previously.
You will also be receiving Phishing emails to your staff, tempting them to click on links.
Business Email Compromise (BEC) is where the bulk of cyber attacks originate.
What are the penalties in case of a data breach? The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million – whichever is greater – for organisations that infringe its requirements.
However, not all GDPR infringements lead to data protection fines. Supervisory authorities such as the UK’s ICO (Information Commissioner’s Office) can take a range of other actions, including:
– Issuing warnings and reprimands;
– Imposing a temporary or permanent ban on data processing;
– Ordering the rectification, restriction or erasure of data; and
– Suspending data transfers to third countries.
We don’t hold any relevant data, why should we get it? Every company holds relevant data and if this data was lost or stolen, the impact on both customers and the business could be devastating, with loss of customer confidence, possible legal action, investigations and fines.
Why would a hacker attack our small business? In the eyes of a hacker, small businesses with nothing in place to protect themselves, are an easy target. In fact, most beginner hackers will be focusing on small businesses enabling them to sharpen their skills for breaching for larger organisations.Also, hackers know that small businesses can have ties with larger organisations. They will use small businesses to gain backdoor access to larger organisations.
Why should I get Cyber Essentials Plus instead of just Cyber Essentials? Cyber Essentials Plus externally assesses and verifies that your business has implemented all five security controls. Cyber Essentials does not, which means a company could technically manipulate the assessment to achieve a pass. For instance, if a company’s Managed Service Provider carries out the assessment, they are essentially ‘marking their own homework’.
Cyber Essentials Plus also has a host of its own advantages such as being able to further reduce insurance premiums and proving to clients that you are doing everything in your power to protect data.
