Running a business is rewarding, but it come with a variety of risks
IT solutions are vital to any business nowadays. It is the engine room that keeps business moving, but this engine can be at risk of faults – faults that could steer your business into disaster. Advances in technology has brought a plethora of benefits for companies, from e-commerce to facilitating productivity and enabling remote working. As technology advances, so do the methods cyber criminals use to steal data. In order to combat this, we’ve learned that simply deploying antivirus software is not enough anymore to keep our business data secure. A cybersecurity breach can be devastating or even life-threatening to a business. From cyber-criminals stealing funds to holding your data for ransom, the cost of a cyber-attack can be incredibly high. Furthermore the implications with data security and GDPR compliance can reduce customer trust in your brand, incur hefty fines and cause legal issues. In short, the biggest threat to your business is cyber security and knowing how to prevent an IT disaster is a vital measure you can take to protect your business.
At Netcentrix, we know the impact a cyber security breach can have on a business and the threat of an attack is very much a case of ‘when’ rather than ‘if’. You have put a lot of time, money, stress and care into building your business, it’s only right that you take the time to ensure you and your team know how to avoid cyber-attacks. Furthermore, investing in effective cyber security measures is as vital as investing in protective measures for other expensive business assets, such as insurance for your business premises or vehicle fleet. Let’s explore how you can safeguard your business against cyber security threats to prevent an IT disaster and keep your business data secure.
What are the most common cyber security threats?
When it comes to cyber criminals, it’s important to always be one step ahead of them. How do we do that? By finding out what the most common cyber security threats are! At the moment there are a handful common cyber threats you need to be on your guard against – malware, phishing, weak passwords and social engineering. An innocent mistake from a team member or lack of knowledge on these cyber security threats, could be enough to allow a cyber criminal to infiltrate your network, steal your data or money or hold your business information for ransom. In order to protect both your business’s and your customer’s data it’s important to spot the characteristics of common cyber-attacks. So, let’s jump in and discover the most common cyber threats you and your team need to look out for.
Malware
Malware (short for malicious software) is any type of software that has been created with the intention to cause damage or disruption to a business or gain access to your business devices. Malware is an umbrella term for the vast array of harmful software that cyber criminals use to attack your business data. Here are some of the most common:
Worms
Worms are spread via insecurities within software or phishing through spam emails or instant messages. They are installed within the computer’s memory and, from there, they are capable of infecting a machine or your business’s entire network. There are different types of worms, so depending which one your computer is infected with and the type of security measures you have in place, they are capable of causing devastating damage including:
- Modifying and deleting files
- Replicating themselves to cause more damage and destroy your resources
- Theft of data
- Installing backdoor entry for hackers to infiltrate your network
Due to the nature of how worms work, they can replicate without any human interaction and infect a large number of devices quickly, so once one computer is infected, they could threaten your entire fleet.
Now we know how a worm can cause damage, we need to know how to look out for them. Monitor the space on your hard drive. As a worm replicates itself they will take up the free space on your computer. Secondly, if your computer is starting to slow down or you find that programmes are either crashing often or aren’t running properly this could be a sign of a worm. If you find that files either start mysteriously disappearing or new files start appearing that you haven’t installed, this is another clear sign that your machine is infected with a worm.
Viruses
Computer viruses are probably one of the most well-known types of malware. They typically infect machines via a document or an executable file (a file that has an ‘.exe’ extension). Viruses spread through file sharing, infected websites or dodgy email attachment downloads. The virus will be activated when the infected host file or programme is used. Once the virus has infected your computer, it can start to replicate itself and spread through your computer systems. Just like the type of virus that affects humans – it’s contagious. Think of file sharing from an infected computer as sneezing and coughing. Once a machine has been infected with a virus it is then capable of taking over your applications and sending infected files to colleagues or clients. The virus makes these files look like they are coming from you to increase the likelihood of somebody opening it, so the virus can continue to spread.
Similar to a worm, if your computer is infected with a virus, you will notice that your computer is performing more slowly. Apps and programmes may take a long time to load and general use of the machine will feel sluggish. You may find frequent pop-ups from random websites or pop-ups that tell you to download software, such as antivirus – be warned these will lead to malicious websites or will download malware if clicked! Pop-ups caused by a virus may also cause spyware to be installed onto your computer, which will allow a hacker to steal information from your system without you realising. Another sign is changes to your machine that you haven’t executed, such as being unable to log in or off your computer, unknown programmes starting up on your computer, security software being disabled or mass emails being sent from your account.
Ransomware
Ransomware is an especially dangerous malware as it denies or restricts your access to your data and holds it for ransom by demanding payment in return for your data. In many cases, criminals will set a time frame for payment and if it is not received a business will risk losing access to their data forever. Even if payment is given to the criminal, it is not a guarantee that you will get your data back. Not only could you be burdened with a massive financial loss due to having to pay a cyber-criminal to retrieve your information, the impact it has on your GDPR and data security compliance can be dreadful and could even result in a hefty fine. Ransomware attacks can be severe enough to shut down an entire business.
You will know if you have been infected with ransomware if you find that files or programmes on your computer are inaccessible due to being encrypted. Ransomware is often accidentally downloaded through email attachments or links from unknown sources. Although ransomware can be presented in different ways, they all have one thing in common – you will be met with a demand for money in return for your data.
Spyware
As the name suggests, spyware secretly records your online activity and collects data and personal information, such as passwords. It runs in the background, sneaking around and harvesting the data it needs without you noticing. Spyware can be used for a variety of reasons, but it is mainly used for fraud, such as stealing banking or credit card information or identity theft. This can be incredibly harmful for businesses, as important data can be stolen without your knowledge and used to steal money from your business or to steal sensitive information either about your business or your customers.
Like other forms of malware, one of the key symptoms of spyware is a device that is slow or crashes often. You may also find, like worms, that space has been unexpectedly taken up on your hard drive without you installing anything. Finally, like viruses, you may notice pop-ups on your screen asking you to click on them or download something, whether you’re online or offline.
Phishing
Did you know that 83% of cyber breaches in businesses are through phishing? If you have an email account, you may have come across an email that doesn’t look quite right. It usually looks like it’s from a reputable source, such as a supplier, bank or a governing body such as HMRC. They also may be presented in a text message or a phone call. Once you have opened the phishing email or text they will direct you to a website where you will normally be asked to fill in your details or make an online payment.
In days gone by, it was pretty easy to spot a scam email. The layout may be a clear giveaway by not looking professional or the branding not matching the company or authority they are trying to impersonate. However, nowadays phishing messages and emails can look very convincing. Criminals are taking extra, sophisticated steps to make the emails or messages and the websites that they link to look like the real deal.
Some scammers may not go to such lengths, even today, and still send out emails or messages that don’t look particularly professional, but this is due to many scammers working in bulk. They will send out hundreds or thousands of emails at a time, as they only need to trick a few people in order to gain enough sensitive information to make a financial gain.
When it comes to phone phishing, it’s the same kind of concept. You will receive a phone call out of the blue, usually from someone posing as a governing body, insurance company or retailer. They tend to threaten you with an account suspension or a fine and pressure you into giving them your payment details or ask you to go to a website or download a phone application, which is capable of taking your personal details from your device or hacking into your bank accounts.
Weak Passwords
Keeping data password protected can be an effective step in building a decent security strategy. However, it is really important that users keep up good password hygiene when it comes to creating them. When we’re talking about password hygiene, we don’t mean choosing soap-related words as a password! We mean that there should be a solid procedure when it comes to choosing passwords and looking after them.
Firstly choose a password that is difficult to guess. The key to a strong password is one that a hacker can’t easily guess or use software tools to crack. Your password should use a combination of uppercase and lowercase letters, as well as symbols and numbers. Avoid common phrases, words or common passwords like birthdays, family names, addresses or famous names. Ensure that your password is at least 8 characters long. The more characters you use and the more symbols and numbers you incorporate, the harder it can be to guess the password. Random codes using letters, numbers and symbols work the best.
When it comes to looking after your passwords, do NOT use the same passwords across multiple accounts and never allow your browser to save your passwords. If a device is stolen, all someone needs to do is open your browser to find out your passwords! Avoid writing passwords down, share them with anyone or allow other people to watch you log into devices, programmes or websites. Once you’ve picked a password, it is important to change them regularly, to decrease the likelihood of a hacker cracking them. Ensure you log out of websites and devices when you are done using them, to prevent someone else using your account. Finally, two-factor authentication (2FA) is an easy security measure that can be added to your strategy and provides an extra layer of security. After you have entered a password for a programme or device, you can then use an app where a pin, password or biometrics are required for access. Therefore, a person will need to know the password for your account, as well as your 2FA log in information.
Social Engineering
No matter how clever we are, we’re still human and therefore are capable of making mistakes. Unfortunately, it’s mistakes that cyber-criminals look out for, so they can manipulate us into offering up sensitive information. Cyber criminals will utilise social engineering, usually through digital communication and social media to find out information about their victims. They will then pose as a real person, using the information to promote trust with their victim. They will then try to persuade the victim to give up information, such as account logins, payment methods, contact information in order to commit a cyber-attack. Finally the criminal commits their attack, usually stealing money, and then cuts off all communication with the victim.
There are plenty of red flags when it comes to social engineering. The message from the criminal could come from a seemingly legitimate source, such as a brand, authority or even someone you know, but the wording of the message may look strange. The request within the message will be urgent and try to push you to do something quickly, such as pay a fine, go to a particular website, open a video or download a file. Furthermore, the message or email could come from an unfamiliar name or email address and if asked to prove their identity they refuse.
There are many steps you can take to avoid becoming a victim of social engineering. Avoid clicking on links in emails from people you don’t know or senders you don’t recognise. When using social media or online accounts, avoid sharing excessive personal information that a hacker could use to access your accounts. Be aware when talking to people online – if you don’t know them personally, do not share too much personal information with them. Furthermore, take care with how much information you share about your job and the company you work for, as a hacker can use this information to pose as a person, such as a client or supplier to try and gain information from a team member.
Protecting Against Cyber-Criminals
So now we’ve covered some of the most common cyber-attacks and some specific measures you can take to protect yourself from certain attacks, let’s look at how you can generally protect your business from a cyber security disaster.
Deploy the right tools for the job
Businesses must ensure they deploy the right security solution to protect their staff, customers and data. These tools should include products and solutions such as:-
- Endpoint security software that protects against Zero-Day exploits.
- Conditional Access & Multi-Factor Authentication.
- Advanced email threat protection
- Mobile Device Management, including remote wipe capabilities for laptops, tablets & smartphones
Phil Scanlon Quote: “as a minimum, all businesses should deploy multi-factor authentication in their protection against cyber criminals”
We say this often, because it’s true! The more educated your team is about cyber security and how to keep their data secure, the better. Ensure your team undertakes training to learn:
- How to create and look after passwords safely
- How to identify a scam email and to check links before clicking them
- Who to talk to if they are suspicious about any email or message
- How to use two-factor authentication
- Company specific policies relating to data security
Ensure all business software and systems are up to date
Software and systems that aren’t up to date will contain weaknesses and insecurities which hackers can exploit to get at your data, attack your systems or gain access to your machines and network. Ensure you regularly update any software and programmes that you use, such as firewalls, servers, software applications and operating systems on your machines and cyber security software.
Back up your data
Ensure all company data is effectively and safely backed up. Utilise the cloud to back up your data so you can recover it in the event of a cyber security breach.
Keep Your Data Under Lock and Key with Netcentrix
At Netcentrix, we know how important security is when it comes to your business data. From secure data backup to next generation endpoint security, we can help you to ensure that your data is safe today and in the future. Our team of experts take the time to get to know your business, its needs and its budget to find the best security solutions for you. With security solutions from Netcentrix, your data is protected by a strong cyber fortress that keeps cyber criminals at bay.
