Tag Archives: cybersecurity

News

What SMEs can learn from high-profile cyber-attacks

Just under half of all cyber-attacks are aimed at small to medium-sized businesses but, the risk isn’t limited to just those organisations. It is a risk that everyone faces, even national and international brands.

This week, budget airline company, EasyJet, fell victim to a cyber-attack. Around nine million people’s travel information and contact details were hacked in the breach along with 2,208 customers’ credit card details.

In a statement, EasyJet clarified to its customers that “issues of security are taken extremely seriously” and customers who have had their credit card details accessed are being contacted.

The news of the cyber-attack came just days after UK Foreign Secretary Dominic Raab highlighted the rise in cyber hackers looking to exploit vulnerabilities and steal valuable information during the coronavirus pandemic.

EasyJet is not the only high-profile organisation to fall victim to such highly sophisticated cyber-attacks. The likes of the NHS, British Airways and cleaning company ISS World have all been at the centre of huge hacks or data breaches. 

What is a cyber-attack?

As defined by the National Cyber Security Centre, cyber-attacks are “malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means”.

Cyber-attacks can come in many guises. Being aware and taking preventive steps against them are the best ways to protect business from an attack.

What are the different types of cyber-attack?

There are two different categories of cyber-attack; targeted and untargeted. Each category contains different ways that hackers can target an individual or organisation.

Untargeted attacks are not specifically aimed at any one type of person or organisation. They seek out multiple revenues for exploitation. These include:

Phishing – whereby emails are sent out to a large number of people asking for personal data or containing fake links which often contain harmful material

Water holing – compromising a legitimate website or creating a fake one for users in order to exploit them and their personal details

Ransomware – a type of malware which criminals use to gain access to and lock users out of files. Files that have been locked will often be used as leverage for ‘ransom’ to have the files returned

Scanning – searching a large area of the internet randomly to find sites to attack

Targeted attacks are aimed at an individual or organisation that has been singled out and often more thoroughly thought out and damaging. These include:

Spear phishing – similar to phishing however the emails are sent to targeted individuals

DDoS extortion distributed denial of service attacks are attempts to overwhelm a website by supplying it with a large amount of traffic. This typically results in a server crash. Criminals will contact organisations and threaten to subject them to a DDoS

Subverting supply chain – this involves attacks on software or other suppliers that the organisation relies on

How do I protect myself or my organisation from cyber-attacks?

The variety of cyber-attacks and the ways in which hackers operate can be daunting, however you can protect yourself and your organisation. Bigger companies, such as EasyJet, are more at risk from more sophisticated and targeted attacks while SMEs are more likely to fall victim to untargeted attacks. SMEs can protect themselves against these types of attacks by taking preventative measures.

Not all measures to protect yourself from cyber-attacks have to be complex. Simple steps such as having secure passwords and installing security software all go a long way to protecting your computer or devices. Read our blog for six top tips for increasing your computer security.

During COVID-19 we are providing our clients with access to training, including topics such as cyber security, to pass onto their employees. Internal training on matters such as this can reduce the risk of attacks which include a decision made by an employee, for example, opening a scam email or attachment.

In a society where cyber threats are evolving at a rapid pace, the need to keep on top of cyber-security, is vital and even the most experienced computer users can run into issues. If you need advice, feel free to contact us.

News

Top tips for working from home security

The coronavirus pandemic has changed the working landscape for everyone. Many people are working from home having set up makeshift offices in their dining room.

Working from home

But working from home has its risks. In a Government daily briefing, Foreign Secretary Dominic Raab, highlighted the rise in cyber hackers looking to exploit vulnerabilities in an attempt to steal valuable information.

“Whilst the vast majority of people have come together to defeat coronavirus, there will always be some who seek to exploit a crisis for their own criminal and hostile ends,” he said. “We know that cyber criminals, and other malicious groups are targeting individuals, businesses and other organisations by deploying Covid-19 related scams and phishing emails.

“We are working with the targets of those attacks, with the potential targets and with others to make sure that they are aware of the cyber threat, and that they can take the steps necessary to protect themselves or, at the very least, mitigate the harm that could be brought against them.”

Here are SMY IT Service’s top tips for minimising the threat of a cyber-attack.

1. Secure your Wi-Fi network

When you set up your home Wi-Fi network or receive your free router, did you change the default name and password for the admin console? If it still has the original details, your network is highly vulnerable.
We also recommend you change the network’s name (sometimes referred to as SSID) and password to something unique which will prevent a cybercriminal from accessing your network.
When carrying out sensitive tasks such as online banking, it is safer to connect via your mobile data than using public and free Wi-Fi connections.

2. Provide employees with cybersecurity awareness training

More than 90% of all data breaches are caused by human error due to inadequate training in cybersecurity risks. One wrong click from an employee in a phishing email or fake website can bring down the most robust of IT systems. Therefore, employees should be the greatest security asset and act as a ‘human firewall’ in being the first line of defence in preventing an attack. Those using the system need to understand the risks, what a cyberattack looks like and what they should do in the event of an attack.
Be as wary, if not more so of any email you receive remotely, especially those claiming to be from a manager or the boss where it can be harder to verify its authenticity.

3. Firewalls and antivirus software

Firewalls act as a defence to prevent threats accessing your system. They create a barrier between your device and the internet by closing off ports of communication. A strong antivirus programme acts as the next line of defence by detecting and blocking known malware. Even if malware does find a way onto your device, an antivirus can detect this and usually remove it.

4. Regularly install updates

You might find that regular software updates are a nuisance, but they are vital. Updates often include patches for security vulnerabilities that have been found since the previous software update was installed. The majority of the time, updates can be set to run automatically while you are on a lunch break or overnight.
We suggest checking the status under Settings\Update & Security for Windows or under System Preferences\Software Updates for Apple Mac and install any that are missing.

5. Backup data

Your data is one of your business’ most prized assets, so it is imperative that it is backed up. Data can be lost in several ways including human error, physical damage to hardware or a cyberattack. One of the most convenient and cost-effective ways to store your data is in the cloud. This has the added benefit of allowing you to access your data remotely and on different devices.
Many users often save their files to their desktop of local PC for convenience, however this means that the file is no longer backed up by the server.

6. Lock your device

It sounds very simple, and it is. By using a password on your device, it prevents anyone from accessing the contents. If you have to work in a public space, or if you live with people who you cannot share work information with, it is important to lock your laptop, tablet, or other device when it is left unattended. For Windows users, this would be by pressing the Windows key and L.
It is also advisable to avoid working on computers directly facing windows where people walking on the street can see your screen.

7. Strong and secure passwords

When choosing a password, ensure it is long and complex. We always advise clients to use a passphrase rather than password and for it to contain a mix of upper and lowercase letters, numbers and symbols as well as to change them every few months. You can simplify your computer security by using effective password management. Check out our top tips for a secure password in our World Password Day blog.

8. Device and data encryption

Encryption is a cybersecurity measure that protects computers and their content by basically scrambling the data. The data, whether it is a message, image, email or other file, is converted into an unreadable format. This means that the data is readable only to the person authorised with the physical encryption key, and not cybercriminals.

If you need advice on working from home securely, don’t hesitate to get in touch with us.