Now more than ever, businesses both large and small must proactively maintain their cyber security, to prevent data breaches and the high cost that comes with it. In 2021, there were three times as many ransomware attacks in the first quarter alone, than there were in the whole of 2019, according to UK National Cyber Security Centre.

With the cost of cybercrime hitting a jaw-dropping $6 trillion in the global economies in 2021, prevention has become a key theme in 2022.

Gartner predicts that by 2025, 60% of organisations will use cybersecurity risk as a "primary determinant” when choosing who to conduct business with. So, not only will your cyber defences affect your internal security but also your future growth plans.

So, what attacks should you be aware of and what defences can you toughen up to deter those hackers and keep your data safe?

1. Social engineering

Social engineering uses your personal information to attack.

The attack: The attacker will research you and use information you have provided online such as on social media, Personal identifiable information (PII), contacts, location data, billing info, education and employment.

The defence: You need to be in control of your data.

  • Providing regular cyber security training to ALL your employees will keep them aware of social engineering indicators such as an unusual sender address, poor language in emails, and requests for sensitive information.
  • Check permission and privacy settings of any software or apps you use by disabling the location data and by not providing any PII.

2. Phishing, vishing, smishing

These are delivery methods for an attack, which use time pressure and emotions in an email or message. This causes us to react and will trigger a fight or flight response.

The attack: They want you to share personal details such as passwords and bank details, open malicious links, or send money to them.

  • Phishing: This usually happens in emails or messages impersonating big names. It often includes a link for you to click. 95% of all cyber-attacks include phishing.
  • Spear phishing: This is a message curated just for you as a targeted and researched attack.
  • Vishing: This is voice imitation via voice messages or phone calls that try to steal identities.
  • Smishing: This happens via text message with a link, and it harvests your data.

The defence: Firstly, take 5 minutes to STOP fraud before actioning anything. Make sure you have an email security solution like Mimecast to stop business emails being compromised.

  • Always use the official contact details from the sender or company, if you need to contact them.
  • Always check the full sender's address, ask yourself were you expecting it and was the request out of the ordinary?
  • Think before you click links or open attachments that look unfamiliar
  • Use a search engine to see whether someone has previously flagged the message or text as malicious.
  • Use an 'I will never' list. For example, never ask for a pin code by this device.
  • Report any spam or anything suspicious-looking emails to your IT team or email security provider

3. Account security

Passwords. They might be simple to you but 59% of people reuse the same password, according to Spycloud. These are easy to remember, but also exceptionally easy for hackers to hack.

The attack: Bad passwords are the easiest way to compromise a system.

The defence:

  • Use a password manager where you can store, generate and recall all your passwords. Trusted password managers include Google password manager, Apple Keychain, NordPass and Bitwarden.
  • Use Multi-Factor Authentication (MFA) for the things you care about the most. Microsoft can vouch that 99.9% of attacks can be prevented with MFA. Even if your account is compromised, criminals cannot access your account.

Keep 3 passwords outside of password manager (email, password manager, MFA account) in order that you don’t lose complete access!

4. Secure connections

You are most at risk when using public Wi-Fi and insecure websites; in fact, 1 in 4 Wi-Fi hotspots are insecure.

The attack:

  • Some tampered Wi-Fi boxes can listen in to your phone calls and look the same as free Wi-Fi names.
  • Don’t enter data in websites that do not use HTTPS in the address.

The defence:

  • Use a secure VPN, which acts as an encrypted tunnel across your network.
  • Use your cellular data when out and about as opposed to free Wi-Fi.
  • Use HTTPS websites, they have an added layer of security.

5. Malware

Malware interferes with the normal function of software and hardware; it typically includes viruses and can infect any device.

The attack: The most common attack is ransomware where hackers cease control of computer systems using code. Often hackers will demand you pay a ransom to get your data back.

The defence: Keep devices updated.

  • Only install apps from official app stores
  • Turn on automatic updates so you are always running the latest software version
  • Back up important data in the cloud.

6. Internet of things (IoT)

This applies on a more individual level. We all have smart devices in our homes – whether it is an Alexa, smart fridge or coffee machine. The number of connected devices (IoT) is forecast to hit 18 billion by 2022, so the opportunity for hackers is enormous.

The attack: Smart devices can be infected with bots (malware).

The defence:

  • Always read security reviews before buying a device and only buy from trusted companies.
  • Change default passwords on your device and router, to make that first line of defence very tough.
  • Ensure you have a firewall or that it is switched on to secure your network.
  • Use MFA on your devices.
  • Take work calls in a secure location where no prying devices could be listening.

Prevention is the key to reducing the risk of a cyber breach. By investing in cybersecurity software, using a VPN, and being aware of the common attack methods, businesses can continue to operate without interruption, whilst having strong defences in place to reduce any risk. If you are a victim of any fraud, please report it to Action Fraud.

There are lots of actions to take in order to ensure your business is fully equipped with the best defences in place. Review your strategy and invest in protection and security before it is too late. Get the experts in and achieve the government recognised Cyber Essentials Plus certification. Performing email phishing assessments, internal and external penetration testing, and web app testing will give you insights into how strong your protection is, and areas for improvement. Train your people using simulations and email security awareness training so they are prepared if a breach was to occur. 

We can help you with all of this. Get started today.

___________

Resources

Action Fraud. https://www.actionfraud.police.uk/

UK National Cyber Security Centre. https://www.ncsc.gov.uk/

NCSC advice: Mitigating malware & ransomware attacks: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks#stepsifinfected

Report a phishing email to: report@phishing.gov.uk

Report a smishing Text message: forward the message, phone number or company name to 7726. This is a free service.

Password strength check: https://howsecureismypassword.net/

Password breach check: https://haveibeenpwned.com/

Government Code of Practise for Internet of Things (IoT) devices: https://www.gov.uk/government/publications/code-of-practice-for-consumer-iot-security

OTHER NEWS

Is your data collecting dust?

Approaching the challenges around data is often complex and difficult to tackle head on. In a recent poll, 90% of accountants agreed that their data quality is poor. A lot of accounting firms find they have limitations when it comes to data, and...

READ MORE

How to gain a competitive edge through a smart IT budget

In this year's Your Business Magazine, our latest feature reveals what you should be spending your IT budget on in 2022, with 5 key elements to help you reach your business goals. 

READ MORE

Automation is shaking up the accounting profession, here’s how

Automation has for too long been plagued with the consensus that it is complex and complicated, whether that be it is too difficult to install or will take jobs away from staff. 

READ MORE

Fire up 2022 with these latest Office 365 tips

Office 365. The best of breed, modern workplace, cloud solution. This powerful platform is driving productivity and efficiencies to new levels. Can you imagine hybrid working now without these tools?

READ MORE

The wait is over. Your T-Tech 2021 Wrapped is here.

What a rollercoaster year it’s been for the T-Tech team. What started off a bit bleak in our secluded home offices, turned into a bright and prosperous year with lots to be thankful for.

READ MORE

The business benefits of cloud accounting

In the digital era, it is vital that accountancy firms modernise, in order to keep up with increasing consumer demands. Investing in cloud accounting solutions is an effective way to increase your efficiency and streamline your operations.  

READ MORE

An award winning night for T-Tech at the ITE Awards

In the 12th year of the prestigious European IT & Software Excellence Awards, T-Tech were crowned with the Innovating Managed Service Solution of the Year award. 

READ MORE

Strong IT Systems + Tech Savvy Accountants = Safe, Secure and Satisfied Clients

READ MORE

Level up with Windows 11

The wait is over. Windows 11 has launched today – 5th October – and if you’re on a Windows 10 PC, you are eligible for a free upgrade right now.

READ MORE

Common IT Challenges in the Accountancy Sector

From performing basic accounting functions, to automating repetitive tasks, technology is vital to improving efficiency and productivity within the accountancy sector.

READ MORE

Perfect an Accountancy IT Strategy with Document Management

The most complimentary things we hear accountants say about their practice’s Document Management system are: “It's all right” & “It does the job.” Read on to learn why and how this must change.

READ MORE

Zoom vs Teams: Tale as old as time, but is there really a winner?

Since the start of the great shift to working from home, we have all become very familiar with two essential collaboration & communication platforms: Zoom and Teams. Naturally, this has led to an obsession of pitting the two against each other in a...

READ MORE

T-Tech ranked for fourth year on Channel Futures prestigious MSP 501 list

For the fourth year running, T-Tech is delighted to be named as one of the world’s premier managed service providers in the prestigious 2021 Channel Futures MSP 501 rankings.  

READ MORE

7 common cyber security mistakes that are easily fixable

Cybercriminals and hackers are always trolling businesses. They exploit common mistakes and flaws to systems, then steal or hold the business ransom. These scenarios are increasing and at an alarming rate, so don’t let your business be an easy...

READ MORE

Your Business Magazine: 5 top tips to solve your IT headaches

In an exclusive feature for 2021's Your Business Magazine, we spill our secrets on the long-term monetary savings and gains in efficiency, when IT is handled by the right people. 

READ MORE

Getting good foundations in with T-Tech

In an exclusive interview with Chris Cairns, partner at Alliotts LLP, Chris reveals what it's like to work with T-Tech as their MSP, how they collaborate across the business, their reaction to Covid-19, and what the future of technology looks like...

READ MORE