This week’s news is a reminder that the need for cyber-security never goes away. According to a recent BBC article, the UK Government’s National Cyber Security Centre (NCSC) has warned UK organisations to be better-prepared for any potential threat.
The immediate cause of this is a series of cyber-attacks in Ukraine, which are alleged to originate in Russia. Most threats to UK businesses aren’t so dramatic, but they can be highly damaging. Online fraud and cyber crimes have increased significantly since the pandemic, mostly targeting companies that do a lot of business online and with remote workers.
These latest stories from Ukraine, although they may seem remote, are a reminder that threats can come from anywhere, any time, and target anyone. As IT and cyber-security specialists, we at Biscuit have a long history of protecting businesses from cyber-crime. So we’ve written this blog to go over some of the fundamentals. These are some of the vulnerabilities that criminals will look to exploit …
Not knowing the threats
Before we go into specifics, let’s get some basics out of the way. A lot of people imagine cyber-crime as a bunch of lone hackers targeting huge multinational companies and government institutions. This happens, of course, but it’s not the bulk of cyber-crime.
More commonly, cyber-criminals work in groups, sometimes connected to organised crime. And they frequently target smaller businesses. This is for the simple reason that they’re often easier, less protected targets and they attract less publicity. They may have less cash, but unless they’re protected, criminals can defraud them very quickly and move on to the next. So the first thing to know is that any company that does any business online is a potential victim.
Poor password management
To this day, there are many businesses that don’t update passwords – even when employees leave. This is the digital equivalent of leaving a spare set of office keys under the doormat. All it takes is for one bad actor to find out, and your whole system is breached.
It’s not just people who actually know your passwords either. Hackers have all sorts of sophisticated techniques for getting your passwords. The key is to avoid very obvious passwords (“password1” is not good!), and to update them at regular, set intervals. If we’re looking after your security, we can set this up.
Lack of staff training
You may have the best cyber-security software going, and you may be aware of the major threats. But what about your team? If they’re not trained up on best practice, any one of them is a potential vulnerability. It’s the details that matter.
For example, if a remote worker leaves a logged-in device unattended without locking it, your whole infrastructure is at risk. Training them up is vital, because you can’t afford to have any weak links. As your outsourced IT manager, Biscuit can provide expert training to your whole team.
This is pretty much when cyber-attackers trick you to into ‘doing the wrong thing’ – like revealing sensitive information, clicking an unsafe link, or allowing backdoor access to your systems. The criminals will then use this to get in to your IT infrastructure. It’ll normally come in the form of an email. They might pose as a legitimate organisation asking for bank details, or they might trick you into downloading malware.
It’s important to be aware of the threats, which is where our point about training comes in. But phishing is getting more and more sophisticated, and what you really want is to prevent it from getting to you at all. At Biscuit, we offer advanced anti-spam protection that scans all email and will block anything unwanted.
Unprotected personal devices
More and more businesses operate to some extent on a BYOD (bring-your-own-device) basis. This just means that at least some of your team work on their own devices like their personal laptops, tablets or mobiles.
It’s easy enough to install something like anti-virus software on your company’s hardware, but how do you know that your team are similarly protected? If they’re accessing your systems on vulnerable devices, that makes you vulnerable. At Biscuit, we can install and maintain all the protections your business needs, on any device – including mobiles.
Not having a firewall
A firewall is basically protection for your network. And unfortunately, there are plenty of businesses out there that don’t think they need one. Anti-virus and anti-spam protection is essential, but without a firewall your whole business could be vulnerable.
Your network is the nervous system of your business – it links to everything you do. If criminals get in there, there’s no limit to the damage they can do. A firewall is the only way of preventing unauthorised access.
How can Biscuit help?
First off, we hope we’ve convinced you of the need to take this seriously. Without proper protection, businesses can have their accounts cleared in a matter of seconds. The financial loss is bad enough. But even if you can get it back through insurance or the police, the reputational damage can be ruinous. Cyber-crime can destroy your livelihood – but we can help you stop it.
Biscuit are a Yorkshire-based team of IT and cyber-security experts with decades of experience. We’re not just another IT company – we believe in doing business in the straight-talking, honest way that Yorkshire’s famous for!
Over the years, we’ve seen new threats come and go, and we’ve helped countless businesses protect themselves. It’s no exaggeration to say we can do it all. Of course, we can install and maintain firewalls and protection against spam and viruses. But more than that, we believe in being proactive, rather than reactive. We can monitor your IT infrastructure 24/7, flag any threats, and stop them before they become a problem.
We’re also more than happy to assess what you currently do, consult and advise. If you’re not sure how well protected you are, the worst thing to do is nothing and end up regretting it. If you want to be sure, get in touch.