How cyber security can make or break your business

Covid-19 and cyber security resilience

Though many of us are no longer physically in the office, our work has not stopped. In fact, the sharing of information virtually has increased rapidly since the beginning of the pandemic. As a result, the concerns for many is that information is no longer centralised, controlled, and accessed in one or a few locations; now it is stored in the cloud and accessed remotely, from anywhere in the world.
 
As businesses continue to adapt and diversify, using more innovative ways to promote and sell their services can leave many vulnerable to cyber security attacks.

What cyber security attacks could you encounter?

Cyber attacks have not come from new methodologies or techniques. We are more vulnerable to them because our digital footprint has extended from the confines of our offices.
 
Below we have outlined some of the most common cybercrimes affecting businesses, so you can watch out for and safeguard against these:
 
1. Phishing attacks - phishing is a form of cybercrime whereby hackers mimic emails, texts, phone calls, forms or websites to get victims to input their personal information voluntarily. Hackers are exploiting the current crisis to trick vulnerable people affected with new scenarios to lure them.
 
Types of phishing include:
 
• Email - Phishing: spear (emails directed at specific targets), clone (a legitimate email has been replicated containing a malicious link sent from a spoof email) or whale (directed at high profile targets) phishing.
 
• Other - Smishing (SMS texts) likely to appear as a legitimate source from the sender name or Vishing where they will use publicly available information from your social media accounts to generate a realistic profile and use personal information about you or a supplier on the call to deceive users into running malicious software or supplying secure credentials. Staff working remotely are more likely to fall for vishing calls at home.
 
2. Ransomware - Ransomware is a particularly destructive form of malware, it is designed to encrypt a business’s data until a sum of money is paid. Recent ransomware attacks have also threatened the release of data should the payment not be made by the given deadline. These attacks have affected nearly every sector and are increasingly successful. The accessibility of ransomware drives this as a service which has lowered the technical complexity of such attacks. As a result, privately owned businesses are just as likely a target for these attacks as large companies are.

How to prevent cyber security attacks

1. Cyber security awareness training (i.e. Educating your employees) - Ensuring your employees are appropriately trained is crucial as many cyber attacks involve attempted contact with them (like phishing). Employees should be aware of security threats so that they can be trusted as the frontline defence. This training should involve principles that can be implemented daily and can be offered to staff remotely and successfully.

2. Cyber security policy - This comes hand in hand with cyber security awareness training, it means creating a set of rules and behaviours that everyone has access to. This living document should also aid staff in understanding threats to the business. This is particularly important during Covid-19 as isolated staff should be aware of how to report any suspicious email. Businesses need to create an environment where staff are extra vigilant and encouraged to report any phishing attempts even if they are unsure.
 
3. Ensuring strong password usage and multi-factor authentication - It is well known by cyber criminals that passwords are extremely stagnant but heavily relied on due to their comfortability. We have the technology available to no longer use passwords but implementing this into an organisation is not as easy as it seems. On top of strong passwords, multi-factor authentication is vital in creating more barriers for a hacker trying to infiltrate an organisation. It adds an extra layer of security to protect highly confidential and sensitive material.
 
4. Cyber security-based testing - In order to understand if your cyber security framework is sufficient, it is essential to invest in regular penetrations tests, or if you have specific concerns scenario-based testing; such as simulated phishing. Businesses that regularly test infrastructure may wish to augment their cyber security testing with a Red Team which analyses a wider range of scenarios and is representative of a cyber attack. Testing not only includes infrastructure but can also include physical location testing, incident response procedures, phishing, social engineering and replicate threats from a malicious insider, such as a disgruntled member of staff stealing information or disrupting services.
 
Large, high profile businesses are no longer the only targets, all businesses need to guarantee to their clients and customers that they are effectively protected from potential cyber attacks. Putting in place pre-emptive cyber security measures can stop a breach before it occurs, the reputational and financial loss associated with cyber attacks can devastate businesses. It is more important than ever to rethink your cyber security strategies and reassess what you already have in place.

Get in touch

Please get in touch via the button below if you would like to more or require assistance with your business's cyber security.

Get in touch