Posted on 02 September 2020 in Help & advice
Today, technology is so entwined throughout our daily lives that it’s hard to imagine a world without it. In business, it improves efficiency, streamlines processes, and perhaps most crucially, allows us to communicate faster than ever before. Unfortunately, as those same devices have become more sophisticated, so too have the threats, and our dependability on technology leaves us perpetually susceptible.
As the UK officially enters recession, the economic pinch of COVID-19 will be felt for months to come. A cyber-attack during this crucial transitioning period (the ‘new normal’ of remote working) could make or break many organisations trying to stabilise.
Threats to watch:
Cyber-crime is a serious business – and it’s on the rise in the UK. This year we’ve already seen millions of customer records stolen from the likes of Virgin Media and Facebook, or EE where a disgruntled employee stole and manipulated a customer record for malicious intent. With the latter being the exception, most breaches occur due to a lack of understanding, or human error. The most common threats are listed below, followed by what you can do to thwart those pesky criminals.
In the UK, attacks involving some form of phishing are roughly 20% higher than the global average, and as gov.uk tells us, that number is increasing - from 72% in 2017 to 86% in 2020. With phishing attacks, the target receives a ‘harmless’ communication from a criminal posing as a legitimate source or organisation in a bid to steal sensitive data. Typically they’ll seek your bank details, passwords, or other information that identifies you personally.
In 2017 ransomware wreaked havoc in the UK, infecting over 300,000 victims, including several NHS trusts. While the number of reported attacks has decreased, the threat has evolved, not dissipated. In the past criminals used the scatter-gun approach of sending ransomware out into the world and hoping for a catch. Much like phishing, attacks today are more targeted and intelligent, and seek to encrypt your infected device until you pay a ‘ransom’.
Now that remote working’s the new normal, a serious threat comes in the form of a Man in the Middle Attack. Hackers will typically hide in plain sight at a coffee shop, hotel, or anywhere with free public Wi-Fi access with a tool called a ‘Wi-Fi pineapple’. This device imitates a Wi-Fi hotspot and tricks your devices into thinking it’s a genuine Wi-Fi connection. Once connected, any data being sent to and from your phone will be stolen by the hacker – and it can take just 2 minutes for them to do so.
Brute Force Attacks
One of the most common types of website-hack, Brute Force Attacks seek out credentials such as passwords. Essentially, the hacker must know how long your password is, and then they let an automated tool to do the rest. The tool will run every possible password until it finds a match, and unfortunately, these tools are readily available on the internet. What’s more, there was a 400% increase in Brute Force Attacks between 2017-18, showing that this route into your website is rising in popularity amongst criminals.
Halt the hackers – what can you do?
The best way to stop hackers in their tracks is to implement a multi-layered approach to your business’ cybersecurity, with multiple if not all of the below:
Prevention with education
Still today, 45% of UK workers say they receive no cybersecurity training, and unfortunately the weakest links in a business are the people that work there. The world’s most secure IT landscape can be stung by cyber criminals simply due to a lack of understanding - any business’ first port of call should always be to educate their staff. Show them what a malicious email might look like, and teach them to check with a colleague in IT if they’re unsure – before opening anything that looks dodgy.
Part of your education phase, the next step should be to implement a policy that requires staff to set unique (and difficult to crack) passwords. Passwords are our first line of defence against cybercriminals - should attackers gain access via unsecure passwords you could face hefty fines under the General Data Protection Regulation, brought into law in 2018. Nowadays, given the increased threat from hackers, two-factor authentication (2FA) is becoming exponentially popular. 2FA adds an additional layer to your password security so that if your password is cracked, hackers can’t gain access.
Businesses are often so wrapped up in securing their mobiles, computers and laptops that they often forget about printers and photocopiers. Just like the one on your computer, a photocopier has a hard drive – and it stores an image of every document that is scanned, copied, or emailed to and from the device. When getting rid of a copier, a must for any business is ensuring the hard drive is wiped.
Additionally, user identification/authentication is another sure-fire way to protect your sensitive business data – all too often we leave our documents to sit on the device before collecting them. Authentication stops this by requiring the user to approve the prints at the device before they’re released, either with a staff ID badge, fob, or fingerprint.
Protecting the network that each of your devices sit on is also vital. Methods such as IP or MAC filtering secure your network by restricting access through specified IP addresses.
Disaster Recovery plan
Simply put, a Disaster Recovery plan is designed to recover your data in the event of ‘disaster’, ensuring business continuity through trying times. Sadly, with the above cyber threats, natural disasters, hardware failure and human error in mind, it really is a matter of when you’ll need it, not if. With any disaster recovery plan, you should: decide on management, establish a specific committee, assess the risks, set priorities, collect the necessary data, and finally document and test your plan.
Backups & the Cloud
Backups should be the final step of your cybersecurity plan, and should only be called upon should the rest of your measures fail. A three-prong approach to backups should be adopted – onsite, offsite, and cloud backups. Each is designed as a failsafe should one of your backups fail (for example if there’s a fire at your office, your onsite backup could be compromised). The Cloud is also great for remote workers by allowing staff to securely access their desktop and business files remotely, on any internet-ready device.
To discuss your business IT, Print or comms security requirements contact firstname.lastname@example.org for more information.