How Often Should You Audit Your Business Cybersecurity?

For many businesses, cybersecurity tends to sit in the background. It’s something we often seem to have a lot of confidence in without really fully understanding it. The only time we pay attention and question its suitability is when something goes wrong.

As it is one of the more important parts of running a modern company or organisation, it pays to step back and have a review of your cybersecurity processes, software and hardware on a regular basis.

According to Forbes recently, cyberattacks are only like to get smarter over the next few years and we all need to be on guard to prevent breaches.

Why You Need Regular Cyber Security Audits

The first thing to note is that you can’t say whether your business cybersecurity is performing as expected unless you carry out an audit. Most IT services will advise that this needs to be done on a regular basis, either monthly, quarterly or even just twice a year as a bear minimum.

A lot will depend on the size of your organisation or business, of course, and how many different departments you have. It’s much easier to keep track of a company that has ten employees than one which has thousands. Another factor is the amount of confidential data you handle and the sector you operate in.

What is a Cybersecurity Audit?

A regular audit is something that can be carried out fairly easily and, in some cases, remotely. It’s a service that many outsourced IT support companies provide nowadays. If there has been an incident or issue with your IT infrastructure, however, it pays to have a more in-depth audit that considers a wider range of parameters.

This kind of audit tends to use more advanced technology and will not only look at the software installed but the practices that you employ in your business.

You may have had a security breach or data loss, for example. It’s important to discover how this occurred and what processes you need to put in place to improve security. Or you may have updated or put in a new system, in which case, you’ll want to ensure your cybersecurity is working well with it.

There can be plenty of other reasons to carry out a more intensive audit. For example, if the compliance laws change for your business (as happened for many companies with the new GDPR). Perhaps you’ve merged with another business and want to ensure IT services across the board are uniform.

Outsourcing Your Business Cybersecurity Audit

It’s important to work with a partner that is able to deliver the kind of audit you are looking for. There are off-the-shelf auditing packages available but these may not be entirely suitable, especially if your company has specific cybersecurity needs.

Outsourcing your business cybersecurity audit to a third party is the most popular route and has a number of advantages, not least that you have access to the appropriate level of expertise. It’s not easy to find suitable companies that have a track record of delivering security testing within a range of organisations.

You should be looking for one that has a deep knowledge of operating platforms and understands how your business security fits into these and other IT deliverables. The other thing you will want is an IT audit service that will give you clear reports which you can then act on. Good communication is key.

While you may be able to undertake at least some of this internally, for a deeper audit most companies will lack the appropriately qualified staff. Even using the latest auditing software, it can be difficult to decipher the results and come up with appropriate recommendations if you do not have expertise in this area.

A competent audit team will be able to:

  • Interpret the data from your audit and understand how to action any changes to your systems.
  • Prioritise which are the most important factors and what steps you need to follow to improve your business cybersecurity.
  • Understand if information is missing and what other software and scans need to be applied to provide a full picture of your current cybersecurity.
  • Set benchmarks so that you have a baseline for future audits and a clear understanding of what you need to achieve.

At Cyan Solutions, we work with a wide range of businesses across different sectors. We understand that each company has its own set of requirements when it comes to fulfilling strong cybersecurity. Our team works closely with all stakeholders to ensure that we deliver a robust audit that keeps your business safe.

Contact us today to find out more.

Managing Cybersecurity Solutions for SMEs

Small and medium size businesses have particular challenges when it comes to cybersecurity solutions. Size doesn’t always equate to vulnerability but the fact that SMEs have lower budgets can be a major issue when it comes to protection.

Making the right choices when managing your cybersecurity needs, therefore, is important and the most recent statistic back this up.

In a 2018 survey by Ipsos Mori, two out of five small businesses identified a cybersecurity breach in the previous year. In 17% of these cases, the breach prevented the company from operating properly for at least a day. The more troubling statistic, however, is that only 58% of small businesses are likely to have sought out information or advice about cybersecurity.

Cybersecurity and GDPR

One major change your small business needs to understand is the General Data Protection Regulation. This was brought in last year and basically means that any business that holds data (which means the majority of companies or organisations) has a duty of care to protect it. That includes having the appropriate cybersecurity solutions in place, including what to do if there is a breach.

The problem is that hackers and malware developers generally unleash their nefarious activities indiscriminately and smaller, less protected businesses are a target. It’s not unusual for a hacker to specifically target a certain corporation or larger organisation but it’s rarer than the millions of attack attempts that take place on small and medium size businesses as a whole around the world.

How to Manage Your Cybersecurity Solutions

A data breach or cyberattack can happen to any business and the consequences is not just loss of customer information but damage to reputation. It can take a long time to recover. That’s why your business needs to have certain building blocks in place to help combat any potential online attack.

Here are the vital components that you need to have for your business to mitigate the risk of cyber-attack.

  • Patch management: While they might be slightly annoying on older devices, patches are there to make sure your operating system is up to date and properly protected. You’d be amazed at the number of businesses that turn automatic updating off and leave their systems open to hacking and virus attacks.
  • Regular back-ups: Another mistake that SMEs make is not backing up their data regularly. This is relatively easy to do nowadays and there’s really no excuse for not doing it. If your system crashes or your data is stolen or infected with malware, back-up allows you to recover everything and get back up and running.
  • Data encryption: This should be standard for any business, whatever it’s size. It ensures that any information in transit is kept protected, particularly when it comes to financial data.
  • Firewalls, anti-malware and anti-phishing tools: The tools that we use for our home computers are not necessarily the same that we should be using for a business that has a lot of data. Working with your IT supplier is vital to ensure that you have the appropriate software to suit your industry.
  • Mobile device management: With so many of us using our own smartphones and tablets nowadays, your business needs to understand the risks that this involves. You should have a clear, set policy for staff who use BYOD and regularly make checks to ensure this is being complied with.
  • Two factor authentication: This is where an additional authentication such as an SMS text is used above and beyond the standard password to ensure the identity of the individual looking to gain access to your data. It’s now the industry standard when it comes to logging in to accounts.
  • Secure collaboration tools: Many SMEs make use of a range of collaborative tools including Office 365, Google Docs, Dropbox and the like. Mitigating the risks of using these tools is vital in maintaining the security of your company.
  • Incident response: How you respond to an incident such as a data breach is almost as important as having the processes in place to prevent it happening. Especially since the introduction of GDPR, small businesses have a duty of a care and obligation to have the appropriate steps in place.

How to Review Your Cybersecurity Solutions

It can be pretty easy to pay less attention than you should to your IT and cybersecurity. As a small business, you probably have a lot more to worry about. Failure to spot issues or make sure your security is up to date can, however, have catastrophic consequences.

If you would like to review your current cybersecurity practices, contact the team at Cyan Solutions today to see how we can help.

Cybercrime Is On The Increase

 

Businesses have been facing a growing threat from data breaches, ransomware and supply chain weaknesses in recent years. According to the annual report of the National Cyber Security Centre, the number of cyber-attacks on UK businesses increased in the last year and is only expected to continue to rise.

Cybercrime is a very real issue that businesses today must address and protect themselves against, especially with the newly introduced General Data Protection Regulations (GDPR) that took effect in May this year. IT infrastructures and systems are continuing to grow and evolve rapidly and the more technology systems a company has, the more potential there is for a security breach.

Cybercriminals are continually finding new and innovative ways to hack IT systems and to keep your business safe; it is essential to stay one step ahead.

The growing cybercrime problem

Cybercrime among businesses is a growing issue, with almost half of UK firms being hit by a cyber breach or attack in the last 12 months. Organisations of all sizes are under threat from cybercriminals, with firms that hold personal data the most likely to be a target for cybercrime. These cyber-attacks can come in many shapes and sizes, and cybercriminals are getting more intelligent in carrying out these attacks subtly and quickly.

The most common types of attack from the last 12 months were fraudulent emails, closely followed by viruses and malware. In 2017, The Cyber Security Breaches Survey identified that nearly seven in ten large businesses came under a security breach or attack during the year, and these attacks cost each firm an average of £20,000.

It is no secret that cybercriminals are targeting businesses across the UK on a daily basis, and this threat is continuing to grow. A serious security breach can not only be costly to a company but also have a significant impact on customer confidence, and many big brands have been hitting the headlines recently for being victims of massive data breaches. Dixons Carphone recently admitted a considerable data breach where 5.9 million customer bank cards and 1.2 million personal records were compromised, resulting in the most significant data breach ever in the UK.

GDPR and cybercrime

In May 2018, the new General Data Protection Regulations (GDPR) came into effect, in a bid to protect customers personal data and help individuals have more control over how and where their personal data is used and stored. The new regulations mean there are some drastic changes for businesses, as there is now a much higher level of responsibility for how customer data is stored and managed.

The main impact on businesses in the UK from GDPR is the vast fines that can be enforced should a data breach occur. Following a data breach, a firm can either be fined €20 million or 4 per cent of their global turnover, whichever is higher.

Compared with the previous fines, this is a considerable increase and could land a lot of small businesses in trouble should a data breach occur. In 2016 TalkTalk was fined £400,000 for a security breach that gave hackers access to their customer’s data, today that fine would have been a huge £59 million under GDPR.

With the risk of fines that are large enough to put many companies out of business and the increase in security attacks on businesses in recent years, it is more important than ever to make sure your data and security are safe and protected.

How to protect your business from cybercrime

In this day and age, no matter what size your business is or what industry you operate in, someone will try to steal your data, use your systems to spread viruses or hold your computers for ransom. Smaller companies are often considered better targets for cybercrime, because cybercriminals expect them to have weaker security systems in place, and they probably have a point.

Smaller businesses often have less money to spend on protecting themselves than their larger counterparts, but cybersecurity is a vital investment. It can be a struggle to know where to start, especially if you aren’t an expert in the IT. Technology systems are becoming increasingly complex, making protecting them from attackers ever more challenging.

Enlisting the help of an expert such as Cyan for your businesses computer and data security needs is beneficial and well worth the extra money involved. A professional in the field of cybersecurity will be top of the game and the first to know about new viruses and issues, giving them the ability to stay one step ahead of the cybercriminals and implement security patches before a breach has the chance to occur.

It is also vital to remember that under GDPR you are also responsible for how all your chosen suppliers and providers handle your customer’s data. When employing third-party companies to run systems or software for you, be sure to understand exactly how they are working to protect themselves from cybercrime. You could have the best cybersecurity in the world, and if one of your external suppliers doesn’t keep the same standard, you can still be at risk of a cyber attack or data breach.

Monitoring The Dark Web To Stop Security Breaches Fast

We are all aware that the internet is incomprehensively massive. We know about YouTube, Google, Facebook and eBay, but what many of us often don’t realise is how much deeper the internet goes beyond those respectable and user-friendly websites. The elusive dark web is something we often hear about, but very few people properly understand what it is or how dangerous it can be.

What is the dark web?

In simple terms, the dark web is content on the world wide web that exists on ‘darknets’; these are overlay networks that require specific authorisation to access them. It forms part of the deep web, which is a part of the internet that cannot be found or indexed by search engines. Research has found that as little as 4% of the internet is available to the general public, meaning a vast 96% of the internet is made up of the dark web.

The dark web provides a hidden area where cybercriminals can act with full anonymity thanks to the heavy encryption involved. This shady corner of the internet offers several layers of secrecy by encrypting all IP addresses that work within it or even access it. It is this level of confidentiality that makes the dark web a hub for cyber attacks and underground marketplaces which trade not only your personal data but also that of your customers.

Although the dark web is buzzing with illegal activity such as cyber attacks and data breaches, it is not actually illegal to access and can be accessed by anyone who wishes too. Accessing the dark web and using it legally can surprisingly provide a fantastic resource for businesses. It gives us the opportunity to monitor the dark web’s content and ensure customer data is not being circulated and traded by cybercriminals.

Data concerns

All kinds of personal data and information on individuals can be found on the dark web and are often traded between cybercriminals and used for fraud and online attacks. Just last year it was reported that a database of around 1.4 billion account login details were published online. This included account details such as usernames, passwords and email addresses from a considerable number of well-known websites such as PayPal, Netflix and Gmail.

Once hackers get their hands on these details, they are able to automate account hijacking and take over customers’ accounts easily. Many individuals will reuse passwords across all their online accounts, meaning hackers can access a terrifying amount of data.

Why you need to protect your data

Personal data on individuals is very valuable to hackers on the dark web, and it is vital to ensure you, and your company is adequately protected against any kind of data breach. There are a huge number of ways that data can be leaked from an organisation, from accidental data spills or database misconfigurations to highly sophisticated attacks that infect systems with malicious code. With such a vast number of these data breaches happening on a daily basis across all kinds of companies and organisations it is imperative that you protect your business from potential issues.

While traditional methods of having strong security to protect your database and customer information are still essential to protecting against cyber attacks, there are new approaches that are becoming increasingly popular. Recently, we have seen a trend of more and more companies adopting a risk-management mindset, where you make the assumption that sensitive data will eventually be breached and plan accordingly.

Monitoring the dark web

The dark web can be used a powerful tool in data protection; it can often provide early insights into potential vulnerabilities in your network. By monitoring the dark web, we can often detect unknown weaknesses such as misconfigured databases and malicious insiders that are leaking your customer data. By detecting these leaks as soon as they appear on the dark web you have an early warning of vulnerabilities within your network, giving you the opportunity to resolve them before a larger and more dangerous breach occurs.

The process of monitoring the dark web for potential security threats can seem extremely overwhelming for small businesses, especially to those who are not so tech-savvy. The dark web lingers on deep and difficult to locate corners of the world wide web, so even just knowing how and where to start can be a challenge.

Protect your data with Cyan Solutions

At Cyan Solutions, we take the challenge of monitoring the dark web away. We can help you to manage your online security and use our own monitoring tools to keep track of the dark web for your business. We work in partnership with you to our services so we meet your every need.

Our tools provide us with the knowledge and assets to help prevent or limit the damage of cyber attacks by alerting you to any potential security breaches. Get in touch with our professional team of experts today to book your audit and get started on protecting yourself against the dark web’s cybercriminals.

 

How to protect your business against phishing scams

Phishing is a form of online identity theft that has grown in popularity by hackers over recent years. It primarily affects home internet users, however a number of users have found themselves a victim at work, simply because they didn’t expect to see it within the confines of the office. Here’s how you can protect yourself, your colleagues and your business from phishing scams.

Phishing scams are one of the most common forms of cybercrime. In fact, it is now so widespread that it is commonly believed to be the most common form of cybercrime. It makes use of false emails and fraudulent websites in an attempt to steal a person (or professional’s) personal information. This often includes debit/credit card information and passwords.

For businesses, passwords are all the more valuable. When it comes to IT infrastructure security, information held by humans is often the weakest link, and what results in the majority of cyber attacks. Therefore, for business users, avoiding phishing scams is all the more important.

Clearly one of the most important ways to avoid phishing within a business is with high quality security rules and regulations. Be sure that these are always properly explained to new team members. Alongside this, be sure you have the finest security solutions possible installed across your systems.

Here are some of the things you should educate your team about phishing scams in order to protect your business:

Know how phishing emails work

Phishing scams occur from links in emails that appear to come from trusted sites, and often they link through to sites that mimic the actual site. Ensure your team know to be wary of anything that requests personal or business information, especially that which is financial or requires a password. Phishing commonly uses scare tactics. Luckily within a business setting individuals will usually report this kind of email.

Never click links you are uncertain about

Bad links within phishing emails can result in attacks of your IT infrastructure. While you should have the best possible security linked to your business email provider, some can get through. Be sure to let team members know that they should never click links just because they are curious.

Report all dodgy looking emails to an IT admin

Having a reporting policy in place for any phishing email attempts is the best possible way to ensure education and awareness across the whole of your business. If you don’t already have a policy in place, create one and be sure to communicate it to everybody.

The best person to deal with phishing emails is an IT admin. They should be able to report the email to any web service provider that you use, and also educate your team about the attempt.