Addressing the cyber threat: Why protecting your business against cyber criminals is a top priority.

Cyber security can often seem daunting and expensive but it doesn’t need to be. By taking simple steps such as installing up-to-date anti-virus measures and educating your team, you can help protect your business against damaging cyber attacks and breaches. Unfortunately, it’s often the human factor which puts businesses most at risk so ensuring that your employees are able to identify any suspicious content will go a long way to preventing attackers infiltrating your business. According to the Cyber Security Breaches Survey 2022, the most common cyber threat facing UK businesses is phishing which accounted for 83 per cent of identified attacks. Even some of the most damaging cyber attacks start with an initial malicious email, encouraging people to click on a link and enter credentials or download malware, giving hackers the tools that they need to escalate the attack by installing ransomware. With compromised login credentials being one of the biggest causes of network breaches, many businesses have implemented multi-factor authentication (MFA) where individuals are asked to provide other factors of information, such as a text or code, when signing in. However, even implementing MFA is not infallible.

Attackers have now discovered a number of ways of getting around MFA.
Some types of MFA rely on “push notifications” whereby an employee will receive a
notification on their phone to allow access using their fingerprint. Hackers have
discovered that spamming an employee with MFA requests until they become so
annoyed that they approve the request is an effective way of bypassing the additional
layer of security.
We have also seen instances where MFA codes sent via SMS have beencompromised due to a vulnerability. These codes can stay active for a longer period of time, giving the cyber criminals a larger window of opportunity. Our advice is to use an authentication app which provides a MFA code that changes every 30 seconds.
It’s always a good idea to have a response plan in place for an attack. This
will reduce the financial and reputational damage associated with a data breach and
ensures that you comply with GDPR. It’s also important that your team knows about
the plan and who they should report a suspected breach to within your organisation.
Businesses can access free cyber training resources via the National Cyber Security
Centre website (ncsc.gov.uk) which has step-by-step guides on how to protect
against cyber attacks – and what to do if you are affected.

You can also speak to your IT provider who will be able to tailor staff training, anti-virus software, and other measures to your individual business or organisation.

Should you want to discuss this further, please contact Ellie at em@teameco.co.uk or call 01461 500206