As we enter 2022 a lot of businesses will be starting the year with a much greater online presence with many companies having made big investments in technology throughout 2020 and 2021. Whilst we may be inching closer towards the end of the pandemic, the changes it brought are here to stay, with remote work becoming common place the need for an online workplace and cloud storage has become a necessity, with many companies heavily investing into their IT infrastructure
Many businesses have had to rapidly digitalise due to the pandemic; this in turn has left a lot of businesses more vulnerable, with staff not trained to safely mange data risks from their remote workplace and cyber-criminals becoming more sophisticated by learning how to capitalise on this greater online presence the need to be in control of your business’s security is more important than ever.
Now that business have had a year to put these online productivity tools in place the security of their online workspace has become a top priority with a report conducted by PWC stating “86% of business owners agree that the complexity of their organisation IT infrastructure was creating concerning levels of risk, with third-party cyber risks being a glaring blind spot.”.
It’s clear to see that cyber-security will be a top priority for businesses this year so were going to go through some of the main ways you can go about increasing your company’s cyber-security as Its important to stay one step ahead of criminals that would do you harm.
What's at Risk?
It goes without saying that security should be of maximum importance, allowing a cyber-criminal to access your companies’ data can be devastating as it can put a complete halt to your business’s operations, will affect the reputation of your company, and can cost hundreds of thousands to recover from.
A recent report from IBM stated “The average cost of a data breach in 2021 was £3.13 million per incident which is the highest it’s been in 17 years” its clear to see that cyber-criminals are taking full advantage of this new online wave so being prepared is essential.
Businesses data only becomes a target when it is of value to a cyber-criminal, Different kinds of data are more or less valuable to a cyber-criminal and there will be different approaches taken to gain access to certain types of data. The different types of data that a criminal would be looking to gain access to would include the following:
- Financial Information – This can include things like card numbers, bank accounts, company outgoings and investment plans
- Intellectual property – This will involve company software, drawings/Illustrations, company guidebooks, marketing text, pricing lists and competition information
- Personal Information – This will be data such as contact information, social security details, income amounts, education history, and health information like medical records and conditions
- Legal Information - This includes documentation on court cases the company may be pursuing, legal opinions on business practices, acquisition details and more.
- General IT Data – Will include passwords and usernames, security strategies, encryption keys, and software details
Keeping Your Remote Workspace Secure
Working from home has been a saving grace for many businesses as it has allowed them to continue running through the pandemic. Even after restrictions have been eased the use of remote work has continued to stay high with 84% of UK businesses planning on having a hybrid/remote workforce according to a study done by Owl Labs.
Being able to work remotely is great and gives employees and business owners more freedom in the way they work but working from home often means employees are using personal devices at a place where hardware and general IT security cannot be monitored as closely, this paired with people feeling more comfortable when working from home can mean employees are less vigilant to security threats.
According to the IT security service company Purplesec the number of phishing emails being sent has gone up by 600% since the start of the pandemic, this is one of many scary statistics that show a correlation between the working from home spike and cyber-attacks. So how do people go about being more security savvy when working from home? Bellow we’ve listed some great ways to start increasing your business remote work security:
- Use multifactor authentication – This can reduce the chance of an unauthorised individual being able to access your network
- Enforce password rules – Making regular mandatory password updates and implementing password rules such as character minimums and symbol inclusions can help to keep hackers out
- Use antivirus and internet security software – Investing in an antivirus software for your employees can be massively beneficial for keeping data safe
- Educating employees – Teaching employees how to identify and deal with security threats can be one of the most affective ways to counter cyber-attacks because often security breaches can be caused by a lack of understanding from and employee
- Keep software up to date – Having your businesses software up to date should be a top priority, the methods hackers use to access company data will frequently change so updates are needed to counter these new methods
- Implement VPNs – Now that the use of public Wi-Fi for work is becoming more common having a virtual private network (VPN) is almost a necessity, if an employee use’s public Wi-Fi this can allow cyber-criminals to intercept the connection which grants them access to the employee’s data.
The Main Methods Used by Cyber-Criminals
One mistake can cause a ripple of data breaches, all it takes is for one employee to click an innocent looking link on an email or chat box to download a malicious program that could have devastating effects on your business.
The following is a list of different hacking tactics that are used by cyber-criminals that you and your employees should be wary of.
Phishing
We’ll start with the most common tactic used which is phishing, these are either emails or messages usually made to look like a well-known organisation, colleague, or business partner with a written narrative attached in the hopes that they will seem real enough for someone to click an attached link which will then download a virus or malware.
The narrative within the message will normally be one of the following:
- Informing you that you are entitled to a refund
- Informing you that someone has attempted to log into your account and that you will need to verify your details
- Informing you that there has been a payment error on a recent order
- Pretending to be the NHS looking to confirm or re-book appointments (Recently has been common due to the pandemic)
- Fake invoice
- A friend or colleague wanting to show you something
When it comes to phishing attacks the best defence is being cautious and having your employees educated on how to identify these emails, sometimes even a 20-minute online course can be the difference between a data breach or not.
Viruses and Trojans
These are applications that when downloaded have the ability to lock your files, send data to the hacker and can then spread to other devices connected to the same network which can quickly get out of control.
A great way to combat this is to have a trusted anti-virus software and be cautious when clicking links and downloading documents.
Bait and switch attack
A bait and switch involves a cyber-criminal using a trusted marketing approach such as paid advertising on websites. Attacks will purchase advertisement space on these websites and have them lead the clicker to a ‘Bad’ link that will download malware and infect their system. Attackers can also replace links on legitimate advertisements to perform the same attack.
Due to these attacks being hidden behind what seems like real advertisement, they can be harder to spot, we advise that if on a work device to avoid clicking advertisement links all together as this will not normally be necessary when working.
Fake Wi-Fi
Hackers can impersonate public Wi-Fi’s in an attempt to have you connect which in turn will give the attacker access to your data. These will normally have unsuspecting names like “Costa free Wi-Fi” or “hotel guests”.
The best way to know your connecting to a legitimate Wi-Fi is to check with an employee that works for the business the Wi-Fi is associated with or avoid connecting to public Wi-Fi all together and instead use a private connection like a secure hosted workplace, VPN, or 4G.
Why a Reliable MSP is Essential?
With most businesses having a much larger online presence than they did a year ago it’s no surprise cyber-security ranked as the number-one IT funding priority in Red Hat’s Global Tech 2021 report, with 45 percent of respondents listing it as their top funding focus.
With remote work and general online use only increasing all these security considerations can seem daunting, it could be time for your company to partner with a trusted MSP that takes cyber-security seriously, taking the pressure of cyber-security off your shoulders.
Here at entrust IT we see cyber-security as a top priority that’s why we obtained and continue to maintain our ISO 27001 accreditation and only use UK based datacentres which also have their own ISO 27001 certification. In addition to this all the cloud services we provide are encrypted, including our hosted desktop and application products. To find out more on how we keep our customers data secure please feel free to click the linked image bellow.
Alternately you can contact us directly to by getting in touch on 0330 002 0045 or emailing enquiries@entrustit.co.uk to be put in contact with one of our experience consultants.
