Small business owners have had a lot on their plates recently – with ever-changing government rules around the way in which they can trade along with their own personal concerns around Covid-19, it has not been an easy year. While these added worries obviously take up a lot of time and energy, the security of your data should remain at the very top of your business-related concerns.
Even with the cyber threat growing exponentially over recent years – especially since the outbreak of Covid-19 – most business owners don’t realise that it is one of the biggest threats they face daily. This should come as no surprise when you consider the ever-changing digital landscape that the majority of our work functions take place in in the modern world.
Cyber criminals have seen the Coronavirus pandemic as an opportunity – whilst the general public and business owners alike are distracted – to attack businesses at a vulnerable time. Statistics show that during the pandemic ‘More than 6 in 10 companies suffered a Ransomware attack’, ‘there was an increase of 64% in email threats’, and a staggering ‘79% of organisations were hurt by their lack of cyber preparedness’¹.
Irrespective of the sector in which your organisation resides, your IT system is more than likely the beating heart of your organisation – it holds your sensitive data, and it is under attack. Cyber criminals will stop at nothing to get hold of your data whatever it may be.
It is a common misconception that because a business is ‘small’ it will sneak under the radar of cyber criminals – this is completely wrong. On the contrary, cyber criminal’s target ‘small’ businesses due to their often-inadequate defences, lower budgets, and a lack of technical infrastructure – if you were a criminal looking for some easy money would you make the effort to attack a large organisation with elaborate defences and risk it not being successful or would you rather aim for the organisation that is woefully unprepared with defences that are either non-existent or easy to breach?
We don’t mean that you need to go out and spend thousands of pounds on defences that can rival Fort Knox, but the time has arrived to invest in some of the many cost-effective methods of protecting your system available on the market today – don’t go mad, purchase defences to the level at which your business will benefit from them.
The stereotypical vision of a ‘hacker’ being a tech genius in a dark hoody and sunglasses sitting in front of a laptop are long gone. Low-skill con artists are on the rise; the new age con artists are just tech savvy enough to thrive in the wake of their predecessors. Phishing and Ransomware attacks are the most common type of cyber breach that result in financial loss for a business. Obviously it has never been more important that your IT is well equipped to defend its most vulnerable parts against these types of attacks.
In order to be sure that your systems are as secure as they possibly can be, there are a variety of different tools, policies and procedures available on the market, along with IT user educational tools that need to be implemented. Small businesses have been doing their best to at least provide some protection from cyber attacks occurring within their organisation. Having such little knowledge of what they are looking at can be a perilous road to embark down, with the options for tools being many – often they just buy the cheapest option. Most businesses start with anti-virus software, a password policy in place, and perhaps a Firewall configured – is this enough to defend your systems?
Despite all the changes to workplace functions over recent years there is one thing that has stayed the same for many – email remains the main form of communication.
Cyber criminals use this reliance on email – combined with a lack of knowledge around the potential problems that come with them – to target individual users and trick them into allowing access or handing over money. It is becoming more difficult to determine a malicious email from a genuine one. Let’s take a look at two of the most common forms of Phishing attack where the cyber criminal masks themselves as different entities to force the hand of their target.
This form of attack has always been popular, but since the Covid-19 outbreak its commonality has grown exponentially. A particularly prominent brand/ company impersonated was HM Revenue and Customs (HMRC) – the cyber criminals used the lure of tax rebates and support funds – that many were in desperate need of during the pandemic – to cheat their target.
This method is not quite as popular but remains one of the more prominent ways cyber criminals are successfully completing cyber attacks. Let’s make up a theoretical example to make this one easier to understand.
A large company falls victim to a cyber attack because the criminals masked themselves as the company’s financial director. Cyber criminals are clever. They did this by sending an email to the financial team impersonating the CFO’s personal mailbox and instructed payment of £50,000 to an account – the email contained the CFO’s correct and full ‘E’ signature! This is not the employees’ fault – with the correct ‘E’ signature as well as the email coming from the correct mailbox anyone would fall for it without the proper training.
The internet is full of Malware (malicious software) – in particular, Ransomware. Ransomware is designed with the intention of removing your access to data by encrypting your files behind a secure key, which only the cyber attacker has. Once the cyber criminal has your data they then hold it to ransom (hence the name Ransomware).
Implementing the correct security measures for the technical landscape of your organisation has the power to revolutionise the way your organisation works. We can implement and maintain your security measures and look for better ways to defend your system. Our success can be attributed to one thing: TRUST. Ever since our very first year in business, our clients have been happy to recommend us to other businesses, and we have grown steadily as a result of these recommendations. We can help you to truly get the most from your IT in the most secure way possible. Don’t hesitate – contact us now!
Book a no-obligation discovery call with a member of our team today by calling 0207 993 9035 or firstname.lastname@example.org