Is Cyber Security essential for my Business?
it’s 2023, Cybersecurity is one of the fastest growing areas in IT. Is it worth the risk of being unprotected?
Throughout 2022, Cybersecurity as an industry grew by 60%. Fighting the complexities of malware, network penetration, DDOS attacks, exploitation and phishing has become a group effort, even Microsoft has had loopholes found in their applications and they’re a market leader in software. Follina was a Zero day loophole that lay dormant for ages and then eventually Russian Hackers started to implement arbitrary code mixed with phishing to gain access to devices and infect them with malware, you can read more about it here.
[qcld-ilist mode=”one” list_id=”2184″ column=”2″ upvote=”on” disable_lightbox=”true”]
One of the biggest causes of Cyber Security breaches is user error. Simply replying to phishing emails or being conned into performing out of the ordinary actions.
For instance, A HR department receives an email from an ’employee’ from their personal email, stating they wish to change their bank details. They’ve already put forward a template to request the change and the HR employee acts on the request. Easy.
Now come to pay day. The employee is concerned to why they haven’t been paid, but HR have paid out all of the wages. We can now come back to that email and pick it apart.
Our attacker has spent 3-4 hours scraping emails/gaining access to an account to find out details of our real employee. Looked at the information filled in when they first started and has taken that template to ask for their bank details to be changed. That’s now one victim down a months wages, a company also fallen victim to an easy scam and an attacker up a months wages for a few hours work.
What could have be done differently?
This is where we come in. We gain an insight into how outside attackers work and look at putting things in place to minimise the risk of a company falling prey to an attack. Where we can pick some of the best AntiVirus software, pick the most effective backup solutions to help you with disaster recovery or simply give you tips and tricks on spotting fake emails and then blocking them in the future.
Here’s what we would of implemented to help;
- Have a 2 step policy to authenticate any changes to personal details (Written and verbal).
- After an employee has joined a company, all changes to personal details (address, bank, WFH requests) are to only be acknowledged via internal emails via a secure method (HR ticketing system).
- A constantly updated block list in Microsoft Exchange. Don’t work with companies outside the UK? Then we can move to immediately block free domains with .fr .pl. ru etc. email addresses.
- Ensure modern 2FA is set up on every device and every end user uses it. If you suspect physical security has been breached (stolen laptop, spoofing etc), then we can force sign out everyone from their accounts so they have to sign in again. Making sure our attacker who’s gained access to your internal systems.
In 2021, Small businesses in the UK lost £736 million through business cyber crime. It doesn’t matter if you have 1 employee or 1000. Malicious offenders prey on the fact that you’ll feel that you won’t be worth getting hacked. But if they attack 100 small businesses and score £1000 through fake invoicing, credit card details, ransomware or other methods, then for a few days work, they’re up £100,000.
Baseline cyber security is inclusive in every single one of our packages. We don’t compromise on security and never will. We make sure we pick the most responsive, up date and pro active players on the market.
You can contact us for more information on any of the service offered for a free consultation.