Cyber Security affects everyone
The news often mentions high level security breaches within big named firms. You rarely hear about the effect a cyber security breach has on a small business – but it happens daily to many businesses in different ways.
Be aware of fraud
Jason, in charge of the accounts at a small business paid thousands to a wrong supplier, all due to changed bank details – or so he thought. £8000 lost, the money was unrecoverable. To make matters worse, his business still needs to trade and suppliers still need paying. How? His email account was breached. It turned out that he used his login details elsewhere.
Unattended remote computer access
Fiona, a HR assistant occasionally likes to work from home. She had a call from her credit card company from fraudulent spend. How? She installed Teamviewer to work from home and left the computer unattended. Someone went on a shopping spree, remotely, overnight as if sat at her computer. She lost £6000 on spending that she hadn’t authorised simply from using insecure login details. To make matters worse, she had access to nest pensions and Government web sites to report PAYE figures. These sites contained private details of the staff and as a result, their personal information was also compromised.
Ransomware – stay up to date, backup regularly and be informed
Dave was subject to ransomware. He didn’t have a backup, his data was encrypted. He lost everything. He thought he had a backup but found that it was 4 years out of date. The ransomware came in by email, he didn’t use spam filters and the email looked genuine. Put a value on your work.
Staff data access
Natasha also lost money. She used chrome to syncronise her logins for convenience on multiple computers. An ex-staff member knew the password. This password was used everywhere. The ex-member logged in to chrome on another computer. These details were used to shop for items on well known shopping sites. She had multiple breaches because every time she changed the passwords, the breach re-occured a short time later. Why? Chrome synchronises all new passwords. Natasha also had logins to common PAYE government sites saved within the chrome password manager.
Minimise the risk of a cyber attack
Firbanks IT offer a variety of services to help minimise the risk of a breach. Proactive training and understanding your systems are key to minimising the risk of a hack and can pay dividends. Ask about our security assessment visits. It doesn’t stop here, look at your current IT support situation and assess how secure your IT company is. What data do they have access to and how is their information about you stored?
Cyber security post attack
Firbanks IT also offer a reactive post breach service. If you have been subject to a breach, we can locate the breach, secure the systems and minimise the risk of any subsequent attack.
Firbanks IT also provide a range of security products from virus and malware filtering, spam filtering and secure mail services as part of our daily IT support services.
IT system security comes under 3 different categories:
- Physical access to equipment and stored data
- Technical – firewalls, security, encryption and other means
- Administrative – permissions and policies in place, actively set and followed by staff
Security is often a very overlooked, ticking time bomb for businesses of all sizes. Your IT system security should be actively reviewed, assessed and revised. Many companies that we approach initially are unaware that they have multiple risks and very simple methods of accessing their data internally and externally by using unauthorized and unknown methods of entry.
IT security covers many aspects. A secure system can still be compromised by simple logins, or replicated passwords used on other websites. Ransomeware is a growing industry with multiple points of entry. Data leakage and the passing of sensitive and confidential information may be hidden by staff intentionally for distribution to third parties. Internal company servers may have services accessed externally used by home users and remote offices. Staff leave a company yet their accounts stay active. Staff may unknowingly sign up to fake websites using their work email address and ‘memorable’ password for online shopping. Another alarming and dangerous discovery is the number of companies not using encryption either for their data storage and or remote access. Sending a username and password unencrypted is similar to sending your login details on a post card! We can help work with you to ensure that common best practices are adopted to further decrease the risk of a system compromise and data leakage. There are many steps to take safeguard your system are often simple in approach and frequent re-assessments and revisions to your approach.
Firbanks take a fresh, third person approach and with your permission, seek to gain remote entry to your systems and report on any potential software vulnerabilities and exploits. An exploit is not only a system issue, but can be caused by a simple staff mistake also. A report is compiled for management and key technical administrators to focus on ensuring that a system is secure by all reasonable precautions.
We can also assist with compliance questionnaires and suggest and deliver improvements to further increase the level of protection from a breach.