We are always hearing about cyber criminals have attacked a company’s data or there has been a security breach that has leaked data from a website that you have recently signed up for or used to order something. Have you ever wondered how they cyber criminals got access?
Most of us will have received an email claiming to be from Microsoft or a Parcel company or a company that has a document waiting for you to download it. It maybe something that you are expecting. There is often an urgency in the email, or have you really found someone in a far-off country who wants to share millions with you?
Click bait scam emails have been around before the millennium bug and yet some users are still happily clicking on anything an everything that arrives in their mailbox with the assumption that the system will protect them, even if they willingly provide their email credentials or download something onto their PC that provides full access to the entire company.
The number of emails which are professionally written so are harder to spot is on the increase.
In our experience most small businesses are as likely to be hacked as the larger corporate companies. The attackers do not care how large or small your company is and some even target the elderly who are not able to spot the scams easily.
How to protect ourselves from the cyber threats?
There are several ways to protect our businesses from cyber threats:
Ensure your systems are up to date
When developers write applications, they do now always test every scenario that may occur now or in the future, with millions of different devices in multiple hardware configurations it is not possible to test every combination so the developers will have to provide updates and fixes to issues found after they release their product. They may provide a these on a weekly, monthly, annual release or as a hot fix for critical security patches. In Windows use “check for updates” regularly to ensure your device has the latest updates.
Setup your systems with the least privileges required
If you have access to everything and you have an infection, then so do the cyber attackers. However, if you have only the rights to access your files and cannot install software by default then neither will the cyber attackers. It is certainly easier to fix one PC on your network rather than every PC and server. Normally we will setup users without local administration rights so they need to enter additional username and password, or they would need to call their IT support for them to enter the credentials. Although this may slow down some work-related activities, it will prevent most malicious attacks.
Enable 2 Factor Authentication
Single passwords have been used for decades to allow or deny access to systems. As technology has developed, the rate that an attacker can brute force a password has also increased. Using graphics cards to increase the processing power, a password of 8 characters takes less than an hour. Adding a 2nd method of authentication which can be an app on your phone or a physical device connected to your PC will prevent the attacker gaining access even if they can brute force your password.
Security Awareness Training
There are several providers of SAT so we can help provide training in a method to suit your business needs:
- class/teams based
- regular training videos
- regular test attacks
In todays technological work, having a training process and running regular testing to see who needs assistance or maybe vulnerable to attacks will allow your business to protect itself from cyber threats.
If you need assistance with your cyber threat protection then give our team a call on 0333 332 6600.