Helping to ensure you stay safe from Cyber Crime


Cyber Security definition

Cyber Security can be a daunting and confusing area of business.  In essence, it is Computer Security and Information Assurance.  Computer Security is all about securing the IT hardware and software. Information Assurance is all about the people and processes – the governance around the use of the IT.

IT Support – Managed Service Providers (MSPs)

A really good way of keeping your IT up to date and working correctly is to use a Managed Service Provider (MSP).  These used to be called IT Support Companies, but they mainly provided ‘break fix’ service.  I.e., when something broke, a technician turned up and fixed it.

MSPs are more proactive and allow businesses to outsource their IT to qualified third party vendors.  These ensure that the IT equipment runs as expected. Several support options include e-mail hosting, network back-up and monitoring, storage and much more.  If you do not have a competent IT professional inside your business, consider commissioning an MSP.  They usually charge around £25 per computer per month plus other services like backup, disaster recovery, etc.

The use of a good IT MSP can help you secure and protect your digital assets.  Let the 3rd party experts maintain your digital systems, while you and your team get on with what you are good at.

Password management

According to the Enterprise Management Associates research in 2020:

42% of respondents indicating their organization had been breached as a result of a user password compromise

49% employees simply change or add a digit or character to their password when updating their company password every 90 days

Implementing a password manager solution will increase the security of service and application accounts that are accessed.  Password security is a leading factor of Business compromise due to weak, patterned, and reused passwords throughout different sites. Password managers such as LastPass provide the ability to store complex, lengthy passwords without the need to remember them. They can also be shared with other employees, without them being able to see the password.  Ensure that all passwords are unique and of strong complexity that differ significantly across each service.  This will reduce the risk of password attacks compromising legitimate user accounts, and save you a lot of time and worry and potentially money too.  It may even save your business.

Phishing

The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.

According to Security Boulevard research conducted in 2020:

Phishing attacks target all sectors and accounted for 22% of all breaches in 2019 and 85% or all organisations have been hit by phishing attacks.

A phishing campaign is a targeted email attack against your employees to find weaknesses in staff awareness. Focusing on the human aspect of security, mock attacks against your employees are conducted to fool them into clicking a link, entering their credentials (username and password), or opening an attachment, which executes some code and runs a malicious program. A phishing test identifies employees (including Directors and Managers too) who are susceptible to phishing attacks. They then receive security awareness training to reduce the risk of social engineering attacks compromising your business critical data.   After training, another mock attack is performed, hopefully with a better outcome.

Tips for staying safe:

  • Phishing emails are generally sent from people where English is not their main language, so check for grammatical and spelling errors
  • All legitimate companies will contain a piece of information which is not available to people sending phishing emails and will not address you as ‘customer’
  • Be cautious when clicking a link from a colleague/friend, their account could be compromised
  • If in doubt phone the sender to verify

E-mail Security

Setting up SPF, DKIM and DMARC rules will make emails appear more legitimate.  This will help prevent them being caught by a spam filter. SPF can prevent ‘domain spoofing’ by enabling your mail server to determine if a message was sent by the correct server for that domain.  DKIM ensures that the content of your emails remains trusted and has not been tampered with or compromise. DMARC is used to verify the authenticity of an e-mail.

Conclusions

If your business is growing it is worth outsourcing your IT to an MSP.  For a few hundred pounds per month, you’ll be in a much better position than trying to do this yourself.  Use an expert.

Get an independent security check (penetration test) of your systems and arrange a phishing test.  You will be surprised at who in your company is fooled into providing their credentials!

Author

Steve Borwell-Fox
Founder and MD of borwell Ltd.
www.borwell.com
www.cybx.co.uk

CYBX is their digital security brand.  Their software and cyber teams have digitised and secured customers around the world for over 18 years.