The Cloud Consultancy provision, setup and manage SME Cyber Security services to protect your business.
Whatever your business, however big or small it is, you will receive phishing attacks at some point. Think about how you will help your staff understand the threat and how to spot phishing. As with other advice, give them the tools to defend against it in their personal lives and they will bring that behaviour back to work.
There are other important steps which mitigate the impact when the phishing succeeds. You will never stop it all. DO NOT BLAME staff when they get it wrong – they are only human.
- Cyber Security Training
- Educating your employees should be a number one priority
- Privilege Password Management
- User Provisioning, Seamless Integration, User Groups, Security Policies, Item Folders, Audit Logging and Analytics
- Complete Microsoft 365 SaaS Protection
- E-mail, Contacts, Calendars, SharePoint and OneDrive For Business
- Microsoft 365 Predictive Email Defence
- Complete AI based protection against Malware and Phishing
- Endpoint Cloud Business Continuity / Disaster Recovery (BCDR)
- Recover individual files and folders
- Restore lost or stolen PC’s
- Rollback from Ransomware attacks
- Personal Service Automation (PSA)
- Service Desk
- Project Management
- Account Management
- Inventory & Procurement
- Remote Management Monitoring (RMM)
- Patch Management with flexible application patch policies
- Detailed Auditing providing Endpoint device complete visibility
- Realtime Monitoring with intelligent alerting, auto-response auto-resolution
- Virtual Private Network (VPN)
- Fully Managed Firewalls, Wi-Fi Access Points and Switches
- End-point Protection
Cyber Security for Business
If you are a small or medium-sized enterprise (SME) then there’s around a 1 in 3 chance that you’ll experience a cyber security breach. For micro / small businesses, that could result in costs of around £1,400. For larger businesses this cost escalates rapidly. Charities, education and the public sector are all significant targets of cyber-attacks.
DO NOT PRESUME YOU WILL NOT BE A TARGET BECAUSE OF THE SIZE OR NATURE OF YOUR ORGANISATION
The guidance provided by the National Cyber Security Centre can’t guarantee protection from all types of cyber-attack, but it does show how easy it can be to protect your organisation’s data, assets, and reputation.
Understand the Threat
CYBER ATTACKS HAPPEN AGAINST ALL SIZES AND TYPES OF BUSINESS
- 32% of UK businesses and 22% of charities identified cyber security breaches or attacks in the last 12 months
- 19% had staff stopped from doing their daily work by the attack
- Only 33% had cyber security policies
- Phishing attacks against staff of all levels remain the most common form of attack
- Only around 20% of staff receive any kind of Cyber Security training
- 50% of businesses go bust within 6 months of a cyber attack if it takes a week or more to recover
- Micro and Small Businesses are less resilient to attack and therefore seen as easy targets by cyber criminals
- You may be targeted because of who you do business with – an attack on the supply chain!
1. Understand your risks
CYBER RISKS ARE BUSINESS RISKS
Every organisation has to make difficult decisions around how much time and money to spend protecting their technology and services; one of the main goals of risk management is to inform and improve these decisions. People have had to deal with dangers throughout history, but it’s only relatively recently that they’ve been able do so in a way that systematically anticipates and aspires to control risk.
Someone should have ownership of the risks arising from your digital world. These should feature on your risk register.
2. Backing up your data
Think about how much you rely on your business-critical data, such as customer details, quotes, orders and payment details. Now imagine how long you would be able to operate without them.
All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored. By doing this, you’re ensuring your business can still function following the impact of flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can quickly recover, you can’t be blackmailed by ransomware attacks.
We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make backups automatically. Using automated backups not only saves time, but also ensures that you have the latest version of your files should you need them.
3. Preventing malware damage
Malicious software (also known as ‘Malware’) is software or web content that can harm your organisation. The most well-known form of malware is viruses, which are self-copying programs that infect legitimate software.
A vast amount of malware can be avoided or prevented through simple steps. It is important to add the staff element by educating them about phishing, as a lot of malware arrives by staff clicking on the wrong things.
Another frequent and (in most cases) easily solvable cause of malware successfully infected systems is out of date software. Updating and patching hardware (the technology) and software is a crucial step, often overlooked. Small organisations can usually allow automatic updates on most systems (where available) without too much trouble. Larger organisations need a change management process to ensure updates do not stop functionality and productivity.
All firms need a roadmap for hardware AND software. End of Life for specific software is published WELL in advance, yet we continue to see people using Windows XP (died in 2014), Windows 7 and Windows Server 2008 R2 (both die in January 2020) with resulting malware infections from known vulnerabilities. Windows is far from the only problem – you need a register of ALL software and hardware you use with a record of the update process chosen and expected End of Life. Upgrade well in advance so there are no surprises.
4. Keeping devices safe
Mobile technology is now an essential part of modern business, with more of our data being stored on tablets and smartphones. What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office (and home), they need even more protection than ‘desktop’ equipment.
There are 5 key steps:
- Switch on Password protection
- Make sure lost or stolen devices can be tracked, locked or wiped
- Keep your device up to date
- Keep your apps up to date
- Don’t connect to unknown Wi-Fi Hotspots
5. Using passwords to protect data
Passwords… a persistent problem! Everyone hates them. We all have too many of them. Yet they represent the keys to the kingdom!
Your laptops, computers, tablets and smartphones will contain a lot of your own business-critical data, the personal information of your customers, and also details of the online accounts that you access. It is essential that this data is available to you, but not available to unauthorised users.
Passwords – when implemented correctly – are a free, easy and effective way to prevent unauthorised users accessing your devices. Layered with Two-Factor Authentication (2FA) you make a massive increase to your cyber security.
Importantly – help your staff make good password decisions
- Encourage good personal Cyber Security – they will then bring this into work
- Get them to read our guidance on creating STRONG PASSPHRASES
- Make sure your password policies allow them to create Strong Passphrases as per our guidance
- Stop making them change passwords for the sake of it – this only makes them use rubbish passwords with a number or letter changing each time. Even Microsoft has come round to this and removed the requirement
- Use a Password Manager & 2FA solution
6. Avoiding phishing attacks
Phishing remains the NUMBER ONE SOURCE of data breaches and the most common route for malware to make it into your company.
In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bad websites. They might try to trick you into sending money, steal your details to sell on, or they may have political or ideological motives for accessing your organisation’s information.
Phishing emails are getting harder to spot, and some will still get past even the most observant users. Our seeming inability to keep ourselves private online means that the criminals can find out a lot of information about us and about our organisations which they can use to craft targeted phishing attacks – so called SPEAR PHISHING. Legitimate websites such as Hunter.io (which aims to improve marketing leads) have real intentions but can be abused by cyber criminals to build a picture of your organisation.
Get In Touch
Please enter your details then click on the submit button to get in touch. *By filling in your details you are consenting to us holding your data and you will be invited to subscribe to our mailing list.