How Can Small Businesses Protect Themselves From Cybercrime?

Created: Monday, September 16, 2019, posted by Geetesh Bajaj at 10:00 am



1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

By Mike Ianiri, Redsquid

As 43% of cyber attacks are directed at small businesses there is no question that business owners need to ensure that their businesses are protected.

Cyber attacks are widespread. Consumers are frequently targeted, as are businesses, both large and small. Consumers and micro-businesses may have some protection from the new agreement the banks are signing up to, but, with a recent BBC article saying some banks still haven’t signed up to the voluntary agreement around payment scams, they need to ensure they protect themselves as much as they can.

Cyber Crime Hacker 2300772
Image: Pixabay

Here are some steps you can take to get your business protected:

The People Issue

Unfortunately, it is still the case that the weakest link in any cybersecurity protection plan is the human element. A busy team has to get a huge amount done during the day and so people simply do what they believe to be the right thing.

One of the biggest cyber threats aimed at small businesses are impersonation emails and most people will do what it says in the email. For example, we know of companies who have lost £100,000 because a supplier, reputedly, emailed them with a change to their bank details.

Big businesses can be a caught by these attacks too. The Italian football club, Lazio, reportedly lost £1.75 million when they believed they were making the final payment for a new player.

Getting Staff Trained

The key to reducing the threat is training. By training your team in what to look out for you can help them to help you protect the business.

  • Check email addresses carefully. The fraudsters use addresses and URLs that are very similar to the legitimate person.
  • Don’t open emails you don’t recognize or if the topic is worrying. Cybercriminals want to make you feel worried. They will say, for example, that your emails aren’t getting through or you’ve run out of Microsoft licenses. These are fake claims. The fraudsters want you to open attachments or click on links designed to infect your machine and your network.
  • Be careful with new contractors. Some cybercriminals will brazenly walk into your premises and try to infect your machines. So, if the visit is unexpected, or if anything makes you suspicious, stop and check.
  • Double-check requests for large, or urgent, payments. It’s not in our nature to query senior management, for example, but it will protect your business – as an email claiming to be from, say, a Finance Director is a common form of cyber attack.

An effective way to check how well your team is absorbing the training they receive is by using simulated phishing attacks. With regular, controlled attacks you’ll be able to identify who is following what they’ve learned and who needs a little more training. We’ve done this at Redsquid and, in only three months, click-throughs reduced from 54% to just 4%.

Getting Your Network Protected

Your network needs to be protected in numerous ways:

Firewalls

If your firewall is a few years old, we recommend you update it. Its ability to protect your network needs to be upgraded as the threats to your network will have increased. Sophos is an example of a good provider of such devices.

Patching

Keep your PCs fully patched. Your operating system provider regularly publishes security updates to protect against the latest cyber threats. By not patching, you run the risk of not being protected. We know you don’t want to lose the time it takes for the patches to be installed (usually not more than 10-15 minutes, unless you’ve not done it for a while), but surely it’s better to lose the time and be protected? It will take you far longer to recover if you are attacked.

Windows 7

Microsoft stops supporting Windows 7 on January 14th, 2020. If you are still running Windows 7 after that date, you are seriously risking your network and your business.  You must upgrade to Windows 10. We recommend you upgrade your hardware too, to benefit from the physical security and performance enhancements built into new machines.

Vulnerability and Penetration Testing

There are many different ways to get into your network and the data it contains.

Vulnerability Scanning is the intelligence-driven deployment of scanning engines, updated with information from the latest threat intelligence feeds. These help to ensure the security of your systems, services, and applications from a number of common attack vectors, exploited by both automated and manual attackers. Vulnerability testing should ideally be done continuously, but at least every month.

A penetration test is an authorized simulated cyber attack on a computer system, performed by a suitably qualified third party. It is designed to evaluate and ultimately to fortify the security of a target system through the identification of security vulnerabilities. We recommend these are done at least once a year. The investment, in an independent body (not your IT provider), is worth it for the peace of mind it provides.

These tests also mean you are properly ticking the GDPR box. You need to be able to show you are protecting Personally Identifiable Information (PII) you hold on your customers and staff. If a breach does happen and you cannot prove you have taken reasonable steps, the Information Commissioners Office (ICO) can fine you up to 4% of annual global turnover.

Web Applications and APIs

Most businesses are using multiple web applications and APIs to streamline productivity, but have you checked whether the ones you use have been tested for intruder prevention? They can easily become a back door into your network for cybercriminals.

Email Gateway

Email gateways are a great way to reduce the opportunity for people to make mistakes. By passing all your email through a gateway, such as Cyren’s email security, you block the malware, phishing and spam emails that threaten your network.

Insurance

Protecting your network is always the first step, but we also recommend you insure your business against cyber threats. Whilst it cannot replace what is stolen, cyber insurance will help you recover. In the event of a ransomware attack, for example, they may consider which is more beneficial – paying the ransom or paying the costs of getting you back running. Some may even pay any ICO fines. As with all insurance, we recommend you take advice on what you should have and you read the small print carefully.

 Multi-factor Authentication

Multi-factor authentication (MFA) uses multiple devices to protect your network. Your phone, which isn’t more than a meter away from you right now, can act as confirmation you are who you say you are when you are logging into your laptop or into an application. By using multiple layers of security, you make it harder for unauthorized users to get into your network.

Keep updating your protection and keep training your staff. If you fall victim to a cyber attack remember to report the crime and fulfill your GDPR obligations. Reporting is also important to help stop others from having their security breached in the same way.


Mike Ianiri
    
Mike Ianiri is Sales Director at Redsquid, one of the UK’s leading independent providers of business Voice, Data, ICT, Cyber Security, and IoT Solutions.  Redsquid is not tied to a single supplier but rather helps clients boost productivity, reduce costs, and protect and grow their business by creating bespoke solutions from the best technology available in the marketplace.

The views and opinions expressed in this blog are those of the authors and do not necessarily reflect the official policy or position of any other agency, organization, employer or company.


Related Posts


Filed Under: Guest Post
Tagged as: , , ,

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Microsoft and the Office logo are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.

Plagiarism will be detected by Copyscape

© 2000-2023, Geetesh Bajaj - All rights reserved.