Posts

Protecting Your Business with Cyber Essentials Qualification

Without the amazing benefits and capabilities provided by IT, modern business would look very different. Accordingly, the need to protect your organisation’s IT equipment such as networks, data storage systems and workstations should be a major priority. You only have to take a quick look at the technology headlines to see that hacking makes for big business in the digital age.

How, though, can your business protect itself from the threat of hackers and their arsenal of tools which include DDoS attacks, malware and ransomware? Understanding what those last three terms mean is tough enough, but combatting them is on another level. Thankfully, the Cyber Essentials qualification is a Government-backed scheme that aims to help businesses protect themselves by enhancing their cyber security.

What is the Cyber Essentials Qualification?

Cyber Essentials is there to help protect your organisation from the very real threat of cyber-crime by focusing on the following areas:

  • Securing your internet connection to ensure that only authorised traffic is allowed to enter and leave your network
  • Ensuring that any device on your computer network is correctly configured and secured to reduce the risk of any security vulnerabilities that may be present
  • Underlining the importance of protecting your applications and hardware from the threat of malware
  • Working to differentiate the various levels of access that should be assigned to different computer users across your network.
  • Best practices for patch/update management to give your software the best chance of being protected from vulnerabilities

What Does Cyber Essentials Mean For Your Business?

Cyber Essentials is a form of certification which demonstrates your understanding of cyber security. It not only reassures your customers that you’re reputable and trustworthy, but it also ensures that any potential downtime is significantly reduced. Allowing you to become more proactive with risk management, the visibility that the qualification grants you in the chaotic world of cyber security is priceless. With enhanced knowledge comes the ability to spot risks early on and reduce the impact they could have on your business and its customers.

Not every organisation, of course, has the necessary skills in house to achieve the Cyber Essentials qualification on their own. However, this doesn’t mean that your business has to head out into the digital landscape without the protection afforded by Cyber Essentials. A successful cyber strategy can easily be put into place by teaming up with an external partner who has the Cyber Essentials certification and can help to craft a strategy which suits your organisation and its unique needs.

Cyber Security A Necessary Addition to Your Business

Clearly, the need to protect your IT infrastructure in the modern age should be a paramount concern for all contemporary businesses. After all, the sheer amount of data now held by organisations is staggering and the need to protect this increases with each passing cyber scandal. Despite IT being a niche that is notoriously complex and unfriendly to newcomers, Cyber Essentials represents a fantastic opportunity to start taking back control of your IT defences and keeping your infrastructure online.

Find out more about Cyber Security Services...

What is a spear phishing attack?

What is Spear Phishing?

Spear phishing has been present in the digital landscape for over 20 years, but it’s only in the last 10 years that it’s started making headlines.

Primarily using email to deliver its malicious payload, spear phishing presents a very real and current threat to any business with an email account. Key to combatting the threat of phishing is by educating your business on the signs and symptoms of such an attack, so let’s take a look at what you’re up against.

Spear Phishing Techniques

A number of techniques are employed when launching a phishing technique and these can include:

  • Macros contained within Microsoft Office documents that, once activated, allow hackers to gain remote access of the infected PC
  • Tricking employees into disclosing sensitive data such as login details for company emails or databases
  • Redirecting victims to malicious websites where malware can be downloaded to their PC

What’s Different About Spear Phishing?

Phishing is frequently in the headlines, so many businesses are aware of this threat and know how to protect themselves. Spear phishing, however, is a little different.

Where phishing emails tend to target large numbers of individuals with generic content, spear phishing is a much more personalised attack. For example, rather than starting an email with “Dear Sir/Madam”, a spear phishing email will use the recipients exact name to engender trust and move the recipient closer to taking the malicious bait.

What are the Characteristics of a Spear Phishing Attack?

Phishing attacks are generally executed by sophisticated hackers, but there are still a number of telltale signs which characterise spear phishing such as:

  • Multiple Levels of Attack: Phishing attacks businesses on a number of different levels following the initial infection, so further attacks are likely to involve malware downloads, logging keystrokes and capturing screenshots.
  • A Combination of Threats: To enhance the chances of outwitting standard web defences, spear phishing incorporates a number of different techniques to deliver their payload including infected URLs, documents and unauthorised downloads.
  • Exploiting Zero Day Vulnerabilities: Spear phishing specialises in exploiting the numerous zero day vulnerabilities that can arise in browsers, apps and the various plugins that are found within desktop PCs.

Spear Phishing Examples

If you take a look at the IT headlines from the last couple of years then it doesn’t take long to find a mention of spear phishing.

In 2016, an employee of Snapchat fell victim to a spear phishing scam which involved an email being sent which claimed it was from the Snapchat CEO. Falling for the scam, the employee duly followed the request within the email and forwarded on payroll details to a spoof email address.

However, the most famous example of spear phishing is the attack launched on the US Democratic Party in 2016. Hackers sent spoof emails claiming to be from Google representatives and advising recipients to update their email passwords to strengthen security. However, the links contained within these emails merely led the victims to malicious websites which allowed the hackers to take control of their email accounts.

Rather than becoming the next victim of phishing, it’s important that you understand how such an attack is likely to be launched against your business. Knowledge is a valuable currency when it comes to cyber-attacks, so it’s crucial that you educate yourself and your employees to not only protect your sensitive data, but also maintain your productivity.

Ransomware Protection

Using IT Security to Mitigate the Costs of Ransomware

Ever since we have had widespread use of computers, we have had people trying to exploit users using viruses and other malware. One common type of malicious software is ransomware, which is designed to block the user’s access to a computer system until they are paid a sum of money.

This started off as a relatively small-scale issue, but hackers have now figured out ways to hit financial markets with this ransomware.

When ransomware is used, hackers can gain access to:

  • Emails
  • Addresses
  • Phone numbers
  • SSNs
  • Other customer information

Cyber crime is a major problem, and is expected to get worse as the difference in terms of technological expertise widens. What this is means is you have many hackers with a huge amount of expertise, and governments with not nearly the same ability to play defense to these hackers.

The scale of these attacks has increased because major financial institutions serve as honey pots to these hackers, and they are incentivized to invest more resources in order to gain the information of many people at one time.

Using Cyber Security to Improve Ransomware Security

By implementing proper IT security, it becomes possible to manage the risk associated with ransomware. Every company which holds its customers’ information has a huge potential liability should that information be compromised.

A cyber security strategy can help to protect your company in a number of ways including:

  • Enforcing strict password policies, requiring a mixture of letters, numbers and special characters makes it more difficult for hackers to break in via the front door
  • Control internet access, by blocking access to suspicious sites and maintaining a list of sites that other companies have flagged as inappropriate
  • Prevent external hardware use, like USB drives, this makes it easier to control how files enter and exit your network
  • Firewalls and intrusion detection make it more difficult for hackers to break in via more unscrupulous methods

Invest in IT Ransomeware Security

IT security can help make sure that ransomware doesn’t hurt your company in an irreparable manner. The trust you have built with your customers is important and you want to do everything you can to maintain that.

Cyber crime will always be a reality in the world we live in, but it doesn’t have to be a constant threat to your company. The two best things you can do to prevent the effects of ransomware are:

  • Implement comprehensive IT security to prevent massive ransomware cost
  • Train your employees to make the correct decisions in risky situations

By following through on these two steps, you can increase your cyber security and save your company a ton of money and time as the potential cost of ransomeware damage is incalculable. This may seem like a hassle now, but as you watch more and more players become compromised, you are going to be happy you took the time to invest in yourself.

Want to know how to do more to improve Ransomware Security?

Cyber Security Threats

Are You Taking The Cyber Security Threat Seriously?

The threat of cyber-attacks has been talked about with increasing frequency in the media over the past few years, and recent incidents have brought to light how real this threat is. In May 2017, the WannaCry ransomware attack disrupted computer systems around the globe, and a similar style attack was announced at the end of June, impacting sites such as the Chernobyl nuclear power plant.

Despite the fact that these attacks were over a month apart, many companies still seem to have been caught off guard, suggesting that they failed to take necessary precautions.

This is indicative of a problem within cyber security circles. Even when the threat is well known, people often don’t think that it will happen to them, and put off making the strategic decisions about how best to protect their systems.

Is Cyber Security just a “nice to have”?

Although companies are increasingly aware of the risks they are exposed to, when it comes to justifying investment in security, it can be very difficult to get the business case through. Investment prioritisation exercises tend to favour revenue generating initiatives, without fully appreciating that a cyber threat could cripple the business entirely.

One method to help raise the profile and importance of cyber security is to look at the types of attacks that could occur and consider the impact each will have on your business.

For example:

  • You are hit by a ransomware attack that downs your systems and prevents you trading. What is the cost to your business if you can’t trade for even one day? How many days could you survive without trading while you tried to fix the problem?
  • Your customer data is stolen by hackers. Could your brand survive the reputation damage and legal fines for not properly securing customer data? How long would it take you to regain customers trust?

The Likelihood of a Cyber Attack

Calculating the likelihood of a cyber security threat occurring is difficult, but understanding the devastating effect they can have on your business helps to justify the comparatively small investment you would need to make in cyber security to help prevent them occurring.
Going a step further and looking at the exposure of each of your individual systems will enable you to decide which risks you want to mitigate, and which you are happy to live with.

If you don’t have the expertise in house to carry out this analysis, it is worth getting a security audit from an external provider. An independent review of your systems could also help to support your business case for investment in cyber security initiatives.

Create a response plan in advance

Whatever level of cyber security you decide to opt for, it is worth crafting a response plan should the worst occur.

Many companies have been praised for how swiftly they shut off corporate email in the wake of the WannaCry attack to stop the virus spreading. If you know what steps to take in advance and act quickly, it can make a huge difference to the outcome of the attack.

Cyber Security – Understanding the Threat of Cyber Attacks

Cyber Attacks

The recent ransomware cyber attack brought to light the damage that can be done by hackers targeting vulnerable IT systems. While the NHS has received a lot of attention in the press, this attack in fact impacted organisations and individuals around the world.

A 2017 survey by the British Chambers of Commerce revealed that 20% of UK businesses have fallen victim to a cyber-attack in the past year.

While larger companies and well-known brands are the most likely to be targeted, small businesses are also under threat. 18% of small companies (with fewer than 99 employees) also found themselves hacked in the past 12 months.

Before taking the necessary precautionary steps to protect your website, your data and your business, it is worth investing some time to educate yourself as to the types of attacks that you could be exposed to.

Some of the most common cyber attacks include:

  • DDoS attacks –

    Distributed denial of service attacks prevent real customers from using your website or service, by flooding you with traffic from multiple different sources.

  • Malware –

    Malicious Software, or Malware, includes a number of different types, all of which are intended to disrupt normal computer operations. Specific examples include:

    • Adware – Displays unwanted adverts to users, with users often being inundated with pop up ads.
    • Spyware – Tracks usage information and sends it to third parties
    • Ransomware – Blocks access to the data on your machine until you agree to pay a randsom to unlock it.
  • Phishing –

    Phishing attacks can include emails, websites or even phone calls, where hackers impersonate trusted organisations to try to convince you to hand over personal information, or install suspicious software on your machine. For example, you may receive an email that appears to be from your bank, asking you to reset your password. This could then redirect you to a site where you would input your password and other personal data that could be used to access your accounts.

  • Password attacks and credential reuse –

    Phishing is just one way hackers can steal your passwords. Other techniques include brute force password attacks, which involve using automated software programs to try to guess your password. As many people use the same password on multiple sites, once they have your password, hackers will try to compromise and steal data from other sites using the same log in details.

  • Man in the middle –

    This type of attack occurs when a hacker positions themselves between two people or systems communicating over a network. This allows them to intercept data that is being transferred between the two parties, without either side knowing. Conversations that were meant to be private are at risk of MITM attacks, as are sites that require users to login, as the log in data can be compromised.

Protecting Yourself from a Cyber Attack

By working with security experts to understand which type cyber attack you are most exposed to, you can build a secure and effective strategy to help keep cyber criminals at bay.

Though some businesses may see cyber security as an unwanted and unnecessary cost, the true cost to your business of a full cyber attack will be far greater if you fail to take sufficient precautionary action.

See this blog on How to Prevent Cyber Attacks  or for more information and advice Contact Us: 0844 770 0199

How To Prevent Cyber Attacks

How Businesses Can Prevent Cyber Attacks.

Cyber security has become a key focus area for IT leaders over recent years, with many now citing it as their primary concern. The increased reliance on information technology to run our businesses, coupled with the rise in external threats, means that failing to properly protect your systems could be extremely costly.

For companies in the public eye, the immediate damage to systems is greatly overshadowed by the impact to the company’s reputation in the wake of a data breach.

Thankfully, as cyber security has matured, experts have developed a multitude of tactics to detect suspicious activity and prevent further damage being caused.

Measures to Prevent Cyber Attacks

  • Firewall – Firewalls act as a barrier between your network and the external world, giving you the opportunity to monitor incoming and outgoing traffic. For additional security, many companies are now looking to dual layer firewalls, increasing the difficulty for criminals to find their way in.
  • Intrusion prevention and detection – Intrusion detection systems monitor network traffic and look for suspicions and malicious activity. This information is then logged and used to alert the necessary people so that appropriate action can be taken. Prevention systems go beyond this, proactively blocking traffic that looks to be suspicious.
  • Antivirus – Antivirus software detects and prevents systems from the harmful effects of viruses and other types of malware such as key loggers, Trojan horses, spyware and adware.

Cyber Security Hygiene

While external attacks pose the greatest threat, often it is the behaviour of internal users and hygiene of internal systems that allow these attackers to get a foothold on your network. Under the broader cyber security umbrella there are several things you can directly control that will make it more difficult for intrusion to occur in the first place.

  • Access management – Staying on top of access management ensures that access privileges are assigned to users at the correct level. Limiting the number of users with administrator access prevents further damage if usernames and passwords become compromised.
  • URL filtering – Controlling and filtering the content that can be accessed on the internet helps to limit exposure to sources that could potentially be harmful.
  • Data leakage prevention – Data filters can be used to recognise particular data types such as credit card numbers or account numbers, and prompt users before this information can be emailed outside the organisation.

Cyber Security Technology

Technology to prevent cyber attacks has come a long way, but it is still important to educate users as to the role they have to play in protecting the organisation.

Creating a culture where internal users are aware of the dangers of cyber attacks, and the damage that can be caused by clicking suspicious links or downloading suspect files is a key part of keeping hackers at bay.