Entrepreneurs trying to grow their businesses are juggling so many demands on their time that they may find themselves unwittingly leaving the back door open to cybercriminals, and become victims of Cybercrime.
Cybercrime is fast emerging as the number one threat to new businesses – and the government is listening.
In 2016 the government established the National Cyber Security Centre to help protect UK businesses against cyber criminals.
The Cyber Security Breaches Survey 2018 by the National Cyber Security Centre found 43% of businesses had experienced a cyber security breach in the previous 12 months.
Protecting your young business against cyber criminals doesn’t have to be a Sisyphean task.
Sebastian, who runs Birmingham based Serviceteam IT, says his company’s own research, ‘Beyond the Cloud: UK Technology Research, 2018’, has shown Russia and China are the main sources of Cybercrime.
Sebastian explained: “Although this is unsurprising, other unexpected sources included South America and South Africa and shows the location of cyber-criminals is expanding, especially in places where detection and prosecution for cyber-crime is limited or non-existent.”
IT security expert Sebastian Jesson-Ward shares six simple rules with BQ that will help protect your business.
Sebastian suggests six simple rules to protect your company against Cybercrime:
Rule number one: Use Multi-Factor and Two-Factor Authentication
By using two security layers you make it virtually impossible for an attacker to access your data. Anyone with a mobile phone banking app will already be using multi or two factor authentication. By using something you know, such as your password, combined with something you have, such as your phone or fingerprint, your data is practically impossible to crack.
Rule number two: have many different passwords
Sebastian says multiple passwords and constant password changes are exhausting and create security holes. You can eliminate password fatigue with a centralised vault for password storage and access. Sebastian explained: “There are many free and very inexpensive tools available, we recommend and use Nervepoint.”
Rule number three: coffee shop beware
Don’t use a common Wi-Fi code like you would be offered at a typical coffee shop as those Wi-Fi routers are easily hacked. Instead create a Remote Access Dial-in Service or RADIUS.
Sebastian said: “This means your or your company’s IT department sets up a unique username and password. Most large companies, government and academic bodies adopt RADIUS as the preferred process for allowing access to their network.”
Rule number four: don’t pay a ransom
Last year’s cyber Wannacry attack on the NHS, where cybercriminals managed to paralyse hospital computers, highlighted the risk of a ransomware attack. Fortunately, Sebastian says the risk can be simply reduced with back up protection.
He said: “The way it works is the backup protection constantly scans for the presence of any ransomware software like the Wannacry, while constantly backing up your company’s data.
“This means if your computer is hacked the most data you can lose is from the latest backup. It’s like a mountain climber who attaches a rope to the side of the mountain as security. If the climber falls he will only fall as far as the last attached point.
“The same goes with your data, and with the latest versions of backup protection you may only lose 10 minutes of data.”
Rule number five: protect yourself against phishing
Sebastian says cloud-based email such as Office 365 has a filtering service that helps protect your organisation with extensive use of machine learning to detect risky attachments and web-links such as phishing, scam and fake emails which can be discovered and destroyed before they even reach your inbox.
A good, common sense practice is the cheapest and easiest cyber-protection you can deploy. Sebastian said: “Tracing the source of that invoice, not clicking on the link in that email because the fonts and layout look unusual.
“There are many technological tools that can help protect you, but fundamentally if something feels not quite right, it usually isn’t.”
Rule six: stay updated
Always ensure your devices are updated with the latest security patches and hot-fixes from the vendor. If you have a lot of devices you should use a real-time monitoring tool to audit them, monitor them, and roll-out updates automatically.
You can also discover unknown devices on your network, and block or allow those devices subject to their suitability, for instance, whether or not they have updated anti-virus installed.