Cybercrime has become an epidemic where nobody’s data is safe anymore. With cybercrime skyrocketing since the Covid-19 pandemic, criminals have found new innovative ways to manipulate the vulnerable for their own gains. Would your business be prepared for such an attack? Cyber criminals only targeting large companies is a very common misconception, your business is never too small for a cyber-attack, which is why we want to dive in with some eye-opening examples and best practices to protect your business from cyber criminals.
Real life examples of security disasters we have fixed: Cyber security is extremely important to our business and our specialised security team work hard to make sure that all of our team are security compliant. As you can imagine over the years our team have helped recover security disasters within businesses and we want to give you some real-life examples to show you just how common cyber-attacks can be. We worked with a business where lots of users got an email from a known employee asking to open a OneNote file shared on OneDrive. Once investigated and confirmed to be a phishing link disguised in a genuine OneNote document, we were able to confirm the users account was compromised and the user was able to change password and set up MFA to regain control of his Office 365. An email was set to all employees informing them of the situation and asking if anybody had followed the link. Nobody had, thanks to our quick response and we were also able to block the link from our DNS filter neutralising the possibility of someone accessing the link on a work network or work device. Another simple but deadly example we dealt with would be where an end user was phished and asked to purchase gift cards by a scammer. They were then asked to email back the codes so they could be redeemed. Thanks to our security awareness training we haven’t had a successful repeat of that kind of attack as all the users are now more aware of what to look out for & this is why it is so incentivised and encouraged to train your employees. Train your employees Threats are definitely not only external - Did you know that human error is still the number one cause of most data breaches? This, making up almost 90% of these breaches, so, how well are your employees equipped against highly skilled criminals/malicious hackers that aim to steal data and other valuable information? How can employees identify, report, and remove a security threat if they are unable to recognise it in the first place? Despite Anti-virus protection, firewalls and everything in between, employees are still the most common entry point for phishers & as these cyber criminals are consistently evolving their scamming techniques, all employees should have up to date training on recognising and eliminating cyber threats thus protecting themselves as well as strengthening any vulnerabilities within your business. Make online cybersecurity training mandatory for all new employees as well as updated and repeated training regularly, not a once-in-a-blue moon event. This gives a sense of shared responsibility and accountability of the company’s safety from attacks (from a human factor). A few topics that should be covered in your employee training:
Different forms of cybersecurity threats
How to identify and report cybersecurity threats
Importance of password security
Removable media (e.g USB’s)
Email, internet, and social media policies
Have a secure backup plan/disaster recovery plan Disasters can, more often than not, happen within a couple of seconds/minutes and can eliminate your entire corporate network or database suddenly. This is the main reason why there is no time for hesitation, when saying this we also have to consider that studies have shown that people who are in an anxiety-inducing stressful situations (much like a security disaster) are more likely to make bad decisions. Therefore, it is vital for you to prepare for the worst at all times with a secure disaster recovery plan. Not only is this plan important for your business but ensuring that your team all have knowledge of this procedure and doing drills will make the process second nature if a disaster was to happen. Having this well-oiled machine for disaster recovery is beneficial in many ways but especially helping to decrease downtime and all the costs that come with this. According to the Federal Emergency Management Agency (FEMA), 40-60% of businesses never reopen after a disaster, this is mainly due to the inability to restore data. This reinforcing the implantation of a Disaster recovery plan as it can quite literally save your business. Our specialised team at Total IT offer exceptional levels of support & we aim to make the risk of security threats minimal, but we also have the expertise to provide managed continuity services to help prevent data loss. We work with you to understand your business’ needs and tailor the best security and disaster recovery plans best suited for you.