T-Tech Blog

CYBER SECURITY DEFENCES: 6 TARGET AREAS TO KEEP YOUR DATA SAFE

Written by T-Tech | Feb 3, 2022 5:20:51 PM

Now more than ever, businesses both large and small must proactively strengthen their cyber security defence to prevent data breaches and the high cost that comes with it. In 2022, a successful ransomware attack took place every 40 seconds, with an attempt occurring nearly every 11 seconds.

With cybercrime set to cost companies worldwide an estimated $10.5 trillion annually by 2025, improving cyber security defences has become a key theme in 2023.

Gartner predicts that by 2025, 60% of organisations will use cybersecurity risk as a "primary determinant” when choosing who to conduct business with. So, not only will your cyber security defences affect your internal security but also your future growth plans.

So, what attacks should you be aware of and what cyber security defences can you toughen up to deter those hackers and keep your data safe?

1. Social engineering

What is social engineering?

Social engineering is a form of attack which uses manipulation techniques to make security mistakes, reveal confidential data or offer up your personal information.

The attack: The attacker will research you and use information you have provided online such as on social media, Personal identifiable information (PII), contacts, location data, billing info, education and employment.

The cyber security defence: You need to be in control of your data.

  • Providing regular cyber security training to ALL your employees will keep them aware of social engineering indicators such as an unusual sender address, poor language in emails, and requests for sensitive information.
  • Check permission and privacy settings of any software or apps you use by disabling the location data and by not providing any PII.

2. Phishing, vishing, smishing

What are phishing, vishing and smishing?

Phishing, vishing and smishing are delivery methods for an attack, which use time pressure and emotions in an email or message. This causes us to react and will trigger a fight or flight response.

The attack: Attackers want you to share personal details such as passwords and bank details, open malicious links, or send money to them.

  • Phishing: This usually happens in emails or messages impersonating big names. It often includes a link for you to click. 95% of all cyber-attacks include phishing.
  • Spear phishing: This is a message curated just for you as a targeted and researched attack.
  • Vishing: This is voice imitation via voice messages or phone calls that try to steal identities.
  • Smishing: This happens via text message with a link, and it harvests your data.

The cyber security defence: Firstly, take 5 minutes to STOP fraud before actioning anything. Make sure you have an email security solution like Mimecast to stop business emails being compromised.

  • Always use the official contact details from the sender or company, if you need to contact them.
  • Always check the full sender's address, ask yourself were you expecting it and was the request out of the ordinary?
  • Think before you click links or open attachments that look unfamiliar
  • Use a search engine to see whether someone has previously flagged the message or text as malicious.
  • Use an 'I will never' list. For example, never ask for a pin code by this device.
  • Report any spam or anything suspicious-looking emails to your IT team or email security provider

3. Account security

What is account security?

Broadly speaking, account security refers to any action businesses take to defend their users' accounts and their business networks from cyber attacks.

A primary example of this is passwords. They might be simple to you but 59% of people reuse the same password, according to Spycloud. These are easy to remember, but also exceptionally easy for hackers to hack.

The attack: Bad passwords are the easiest way to compromise a system.

The cyber security defence:

  • Use a password manager where you can store, generate and recall all your passwords. Trusted password managers include Google password manager, Apple Keychain, NordPass and Bitwarden.
  • Use Multi-Factor Authentication (MFA) for the things you care about the most. Microsoft can vouch that 99.9% of attacks can be prevented with MFA. Even if your account is compromised, criminals cannot access your account.

Keep 3 passwords outside of password manager (email, password manager, MFA account) in ensure that you don’t lose complete access!

4. Secure connections

What are secure connections?

A secure connection is a connection that is encrypted by one or more security protocols, allowing data to be transferred safely. By contrast, an unsecure connection refers to one that is not encrypted. You are most at risk when using public Wi-Fi and insecure websites. In fact, 1 in 4 Wi-Fi hotspots are insecure.

The attack:

  • Some tampered Wi-Fi boxes can listen in to your phone calls and look the same as free Wi-Fi names.
  • Don’t enter data in websites that do not use HTTPS in the address.

The cyber security defence:

  • Use a secure VPN, which acts as an encrypted tunnel across your network.
  • Use your cellular data when out and about as opposed to free Wi-Fi.
  • Use HTTPS websites, they have an added layer of security.

5. Malware

What is malware?

Malware is a malicious form of software which interferes with the normal function of software and hardware; it typically includes viruses and can infect any device.

The attack: The most common attack is ransomware where hackers cease control of computer systems using code. Often hackers will demand you pay a ransom to get your data back.

The cyber security defence: Keep devices updated.

  • Only install apps from official app stores
  • Turn on automatic updates so you are always running the latest software version
  • Back up important data in the cloud.

6. Internet of Things (IoT)

What is the Internet of Things?

The Internet of Things is a network of physical objects with processing ability, sensors, software or other technologies that facilitate the connection and exchange of data with other devices and systems via the Internet.

The attack: Smart devices can be infected with bots (malware).

The cyber security defence:

  • Always read security reviews before buying a device and only buy from trusted companies.
  • Change default passwords on your device and router, to make that first line of defence very tough.
  • Ensure you have a firewall or that it is switched on to secure your network.
  • Use MFA on your devices.
  • Take work calls in a secure location where no prying devices could be listening.

Prevention is the key to reducing the risk of a cyber breach. By investing in cybersecurity software, using a VPN, and being aware of the common attack methods, businesses can continue to operate without interruption, whilst having strong defences in place to reduce any risk. If you are a victim of any fraud, please report it to Action Fraud.

How can you improve your cyber security defences?

There are many actions to take to ensure that your business is fully equipped with optimal cyber security defences. Review your strategy and invest in the proper protection before it is too late.

What are the first steps? Here are a few ideas to help you start strengthening your cyber security defences. First, get the experts in and achieve the government recognised Cyber Essentials Plus certification. Then, tackle one of the most prevalent forms of cyber attack: phishing. Performing email phishing assessments, internal and external penetration testing, and web app testing will give you insights into how strong your cyber security defence is and highlight areas for improvement. Finally, ensure that you train your people using simulations and email security awareness training so they are prepared if a breach was to occur.

At T-Tech, we can help you with all of this. Get started today by booking a meeting.

___________

Resources

Action Fraud. https://www.actionfraud.police.uk/

UK National Cyber Security Centre. https://www.ncsc.gov.uk/

NCSC advice: Mitigating malware & ransomware attacks: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks#stepsifinfected

Report a phishing email to: report@phishing.gov.uk

Report a smishing Text message: forward the message, phone number or company name to 7726. This is a free service.

Password strength check: https://howsecureismypassword.net/

Password breach check: https://haveibeenpwned.com/

Government Code of Practise for Internet of Things (IoT) devices: https://www.gov.uk/government/publications/code-of-practice-for-consumer-iot-security