Cyber-attacks are widespread – consumers are targeted, as are businesses of all sizes. However, 43% of cyber-attacks are aimed at small businesses so SMEs need protection, Mike Ianiri from Redsquid gives his top tips to protecting small businesses from cyber crime
Unfortunately, humans are still the weakest link in cyber security protection plans. This means that threat reduction requires employee training.
- Don’t open emails you don’t recognise or if the topic is worrying. Cyber criminals want to worry you. For example, they’ll say your website has crashed. They want you to open attachments or click on links designed to infect your machine/network.
- Check email addresses carefully. Fraudsters use addresses and URLs that are very similar to legitimate ones.
- Query requests for large, or urgent, payments. It’s not in our nature to query senior management but it will protect your business if your team is trained to do this, as this is a common form of cyber-attack.
- Be watchful of new contractors. Whilst most will be legitimate, some cyber criminals will simply walk in and try to infect your machines. So, if you are not sure, stop and check.
By making sure your team know what to look out for, and has permission to query/challenge things, you are protecting your network and your business.
You can check the effectiveness of the training by using regular simulated phishing attacks. This can identify who is following their training and who needs a little more. Redsquid implemented this training and reduced click-throughs from 54% to just four per cent in only three months.
Protecting your network
Your network protection can come in many guises:
If your firewall is a few years old its ability to protect your network needs to be upgraded as the threats to your network will have increased.
Keep your PCs fully patched. Your operating system provider regularly publishes security updates to protect against the latest cyber threats.
Microsoft stops supporting Windows 7 on January 14th 2020. Running Windows 7 after that date means seriously risking your network and your business. You must upgrade to Windows 10. Upgrading your hardware is also recommended. You’ll benefit from the physical security and performance enhancements built into new machines.
Vulnerability and penetration testing
There are many ways to get into your network and the data it contains.
Vulnerability scanning helps to ensure the security of your systems, services and applications from a number of common attack vectors, exploited by both automated and manual attackers. Vulnerability testing should ideally be done continuously, but at least every month.
A penetration test is an authorised simulated cyber-attack on a computer system, performed by a suitably qualified third party. It’s designed to evaluate and ultimately to fortify the security of a target system through the identification of security vulnerabilities. We recommend these are done at least once a year by an independent body (not your IT provider) for the peace of mind it provides.
These tests also mean you are properly ticking the GDPR box. You need to be able to show you are protecting Personally Identifiable Information (PII) you hold on your customers and staff. If a breach does happen and you cannot prove you have taken reasonable steps, the Information Commissioners Office (ICO) can fine you up to 4% of annual global turnover.
Email gateways are a great way to reduce mistakes. By passing all your email through a gateway, such as Cyren’s email security, you block the malware, phishing and spam emails threatening your network.
APIs and web applications
Most businesses are using multiple web applications and APIs to streamline productivity. Have you checked whether the ones you use have been tested for intruder prevention? They can become a back door into your network for cyber criminals.
Multi-factor authentication (MFA) uses multiple devices to protect your network. Your phone can act as confirmation you are who you say you are, for example, logging into an application. Multiple layers of security make it harder for unauthorised users to access your network.
Protecting your network comes first. We also recommend insurance against cyber threats. It can’t replace what’s stolen, however, cyber insurance will help you recover. With a ransomware attack, for example, they may consider which is more beneficial – paying the ransom or paying the costs of getting you back running. We recommend you take advice on the cover you should have and always scrutinise the small print.
Don’t forget to follow Dealer Support on Twitter!