Cyber Threats- What steps can you take to protect your business

What can you do to protect your small business from cyber threats?

It is unfortunately the case that cyber attacks are widespread. Consumers are targeted, as
are businesses of all sizes. However, 43% of cyber attacks are aimed at small businesses so
SMEs need to protect themselves.
Consumers and micro businesses may have some protection from the new agreement the
banks are signing up to, but, with a recent BBC article saying some banks still haven’t signed
up to the voluntary agreement around payment scams, they need to ensure they protect
themselves as much as possible.

What steps can you take to protect your business?

Training
Unfortunately, humans are still the weakest link in cyber security protection plans. This
means that threat reduction requires employee training.

 Don’t open emails you don’t recognise or if the topic is worrying. Cyber criminals want
to worry you. They’ll say your website has crashed, for example. They want you to open
attachments or click on links designed to infect your machine/network.

 Check email addresses carefully. Fraudsters use addresses and URLs that are very similar
to legitimate ones.

 Query requests for large, or urgent, payments. It’s not in our nature to query senior
management but it will protect your business if your team is trained to do this – as this is
a common form of cyber attack.

 Be watchful of new contractors. Whilst most will be legitimate, some cyber criminals will
simply walk in and try to infect your machines. So, if you are not sure, stop and check.

By making sure your team know what to look out for, and has permission to
query/challenge things, you are protecting your network and your business.

You can check the effectiveness of the training by using regular simulated phishing attacks.
This can identify who is following their training and who needs a little more. We did this
internally at Redsquid and reduced click-throughs from 54% to just 4% in only three months.
Protecting your network

Your network protection can come in many guises:

Firewalls
If your firewall is a few years old its ability to protect your network needs to be upgraded as
the threats to your network will have increased. Sophos is an example of a good provider of
such devices.

Patching
Keep your PCs fully patched. Your operating system provider regularly publishes security
updates to protect against the latest cyber threats.

Windows 7
Microsoft stops supporting Windows 7 on January 14 th 2020. Running Windows 7 after that
date means seriously risking your network and your business. You must upgrade to
Windows 10. Upgrading your hardware is also recommended. You’ll benefit from the
physical security and performance enhancements built into new machines.

Vulnerability and Penetration Testing
There are many different ways to get into your network and the data it contains.
Vulnerability Scanning helps to ensure the security of your systems, services and
applications from a number of common attack vectors, exploited by both automated and
manual attackers. Vulnerability testing should ideally be done continuously, but at least
every month.

A penetration test is an authorised simulated cyber attack on a computer system,
performed by a suitably qualified third party. It’s designed to evaluate and ultimately to
fortify the security of a target system through the identification of security vulnerabilities.
We recommend these are done at least once a year by an independent body (not your IT
provider) for the peace of mind it provides.
These tests also mean you are properly ticking the GDPR box. You need to be able to show
you are protecting Personally Identifiable Information (PII) you hold on your customers and
staff. If a breach does happen and you cannot prove you have taken reasonable steps, the
Information Commissioners Office (ICO) can fine you up to 4% of annual global turnover.

Gateway Prevention
Email gateways are a great way to reduce mistakes. By passing all your email through a
gateway, such as Cyren’s email security (https://www.cyren.com/products/email-security-
gateway), you block the malware, phishing and spam emails threatening your network.

APIs and Web Applications
Most businesses are using multiple web applications and APIs to streamline productivity.
Have you checked whether the ones you use have been tested for intruder prevention?
They can become a back door into your network for cyber criminals.

Multi-factor Authentication
Multi-factor authentication (MFA) uses multiple devices to protect your network. Your
phone can act as confirmation you are who you say you are, for example, logging into an
application. Multiple layers of security make it harder for unauthorised users to access your
network.

Cyber Insurance

Protecting your network comes first. We also recommend insurance against cyber threats. It
can’t replace what’s stolen, however, cyber insurance will help you recover. With a
ransomware attack, for example, they may consider which is more beneficial – paying the
ransom or paying the costs of getting you back running. We recommend you take advice on
the cover you should have and always scrutinise the small print.
If you do become a victim of a cyber threat, remember your GDPR obligations and report
the crime. Whilst it may not help the police catch the attackers, it will help prevent others
from being attacked in the future
When you protect your small business from cyber threats, you are protecting your
reputation as well as your living. Even if the cyber security breach doesn’t damage your
business, any damage to your reputation can be equally, or even more disastrous. Take the
necessary steps to protect your business and keep your staff and yourself up to date.

ABOUT THE AUTHOR

Mike Ianiri is Sales Director at Redsquid, one of the UK’s leading independent providers of
business Voice, Data, ICT, Cyber Security and IoT Solutions.  Redsquid is not tied to a single
supplier but rather helps clients boost productivity, reduce costs, and protect and grow their
business by creating bespoke solutions from the best technology available in the
marketplace. Web: www.redsquid.co.uk

Share this...
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *