What is Cyber Essentials and Why is it Great For Your Business?

The vast majority of cyber attacks can be classified into a few different types that businesses can protect themselves against.

Understanding what your cyber security risks are and how to mitigate them is not just something you should be worried about because of the potential damage to your systems. You have a legal duty of care to protect data pertaining to the customers you provide products or services for.

Small and medium-size businesses on strict budgets are just as much at risk as larger organisations when it comes to cyber crime. Initiatives such as Cyber Essentials are integral in ensuring that these companies are able to put in place real solutions that help reduce the risk of a security breach.

What is Cyber Essentials?

Cyber Essentials is a UK government-backed initiative that has been in place since 2014. The scheme outlines the basic steps your business can take to mitigate up to 80% of the risks that it might face from external and internal malicious influences.

It’s a recognised scheme that has been designed specifically with small and medium-size businesses in mind and is a relatively low-cost IT security framework that any company can employ.

The Benefits of Cyber Essentials

It’s not just businesses that are concerned about cyber security. Consumers are worried too and they are more likely to choose a business that can demonstrate it’s taken precautions to protect data rather than one which hasn’t. Cyber Essentials certification gives you an easy way to show what your business is doing to keep your customers’ data safe.

If you are a B2B organisation, in particular, one seeking to bid for government projects, Cyber Essentials certification is the evidence that proves you are serious about mitigating cyber security risks in your company.

5 Ways to Improve Your Cyber Security through Cyber Essentials

The five main ways to improve your cyber security means having these important controls in place:

1. Secure your Internet connection

You should protect your Internet connection with a firewall to create a secure buffer between your company network and devices and external networks and the Internet. This allows you to have more control over remote access to internal systems and data, as well as outbound access to the Internet.

Most businesses will have a boundary firewall on their router and a personal firewall on devices, but few understand how they work or how to configure them to better protect data and software. The Cyber Essentials scheme is designed to give businesses more control and greater knowledge in this area.

2. Secure your devices and software

Most new devices will come bundled with pre-installed software applications, have auto-run features enabled, or even have a manufacturer default password. All of which give hackers an opportunity to exploit common settings.

By removing any unnecessary software applications, disabling unused features and changing default passwords to something secure you will make the device far more secure. Where applicable, using two-factor authentication will increase security further.

3. Control access to your data and services

Another important part of security is understanding what data and sensitive information relates to your business and who has access to it. To minimise the damage if a user account were to be misused or stolen, staff should only be given permissions to access the data they need to do their job. This goes for senior managers and directors too, as giving full access rights to this type of account will make them a prime target and will cause the most damage if they are breached.

4. Protect from viruses and other malware

Malware can come in many forms and you need to make sure that your computers and devices are protected by suitable anti-virus software.

Infection can come from Internet worms and viruses, hacked websites, ransomware, botnets and spyware and each of these present their own challenges. Modern day malware attacks are designed to deceive computer users and bypass common methods of protection. Often, a multi-layered approach to securing your systems is more effective. Cyber Essentials will help you to choose the appropriate protection for your business.

5. Keep your devices and software up to date

It’s surprising the number of businesses that don’t download updates and patches for operating systems when they are available. This often happens when older systems are being used in the company.

These software updates are vital in combating cyber-attacks and businesses need to ensure that systems download and install at the earliest opportunity. The easiest way to do this in most cases is to initiate automatic downloads.

If a manufacturer no longer supports hardware or software, new updates are not available. In this case you should consider replacing the hardware.

What Should You Do Next?

Once you have taken the time to investigate your security needs and have put these five basic controls in place, you will put your organisation on the path to better cyber security. Cyber Essentials Certification should be your next target, but you can work towards that goal at a pace which suits you.

Improving your online security by obtaining Cyber Essentials certification won’t guarantee you will never be the victim of an attack but it should help mitigate about 80% of the risks at a relatively low cost to your business.

Cyan Solutions can guide you through the process and work with you to deliver a more secure future for your company or organisation. Contact our expert team today to find out more.

Cybercrime Is On The Increase

 

Businesses have been facing a growing threat from data breaches, ransomware and supply chain weaknesses in recent years. According to the annual report of the National Cyber Security Centre, the number of cyber-attacks on UK businesses increased in the last year and is only expected to continue to rise.

Cybercrime is a very real issue that businesses today must address and protect themselves against, especially with the newly introduced General Data Protection Regulations (GDPR) that took effect in May this year. IT infrastructures and systems are continuing to grow and evolve rapidly and the more technology systems a company has, the more potential there is for a security breach.

Cybercriminals are continually finding new and innovative ways to hack IT systems and to keep your business safe; it is essential to stay one step ahead.

The growing cybercrime problem

Cybercrime among businesses is a growing issue, with almost half of UK firms being hit by a cyber breach or attack in the last 12 months. Organisations of all sizes are under threat from cybercriminals, with firms that hold personal data the most likely to be a target for cybercrime. These cyber-attacks can come in many shapes and sizes, and cybercriminals are getting more intelligent in carrying out these attacks subtly and quickly.

The most common types of attack from the last 12 months were fraudulent emails, closely followed by viruses and malware. In 2017, The Cyber Security Breaches Survey identified that nearly seven in ten large businesses came under a security breach or attack during the year, and these attacks cost each firm an average of £20,000.

It is no secret that cybercriminals are targeting businesses across the UK on a daily basis, and this threat is continuing to grow. A serious security breach can not only be costly to a company but also have a significant impact on customer confidence, and many big brands have been hitting the headlines recently for being victims of massive data breaches. Dixons Carphone recently admitted a considerable data breach where 5.9 million customer bank cards and 1.2 million personal records were compromised, resulting in the most significant data breach ever in the UK.

GDPR and cybercrime

In May 2018, the new General Data Protection Regulations (GDPR) came into effect, in a bid to protect customers personal data and help individuals have more control over how and where their personal data is used and stored. The new regulations mean there are some drastic changes for businesses, as there is now a much higher level of responsibility for how customer data is stored and managed.

The main impact on businesses in the UK from GDPR is the vast fines that can be enforced should a data breach occur. Following a data breach, a firm can either be fined €20 million or 4 per cent of their global turnover, whichever is higher.

Compared with the previous fines, this is a considerable increase and could land a lot of small businesses in trouble should a data breach occur. In 2016 TalkTalk was fined £400,000 for a security breach that gave hackers access to their customer’s data, today that fine would have been a huge £59 million under GDPR.

With the risk of fines that are large enough to put many companies out of business and the increase in security attacks on businesses in recent years, it is more important than ever to make sure your data and security are safe and protected.

How to protect your business from cybercrime

In this day and age, no matter what size your business is or what industry you operate in, someone will try to steal your data, use your systems to spread viruses or hold your computers for ransom. Smaller companies are often considered better targets for cybercrime, because cybercriminals expect them to have weaker security systems in place, and they probably have a point.

Smaller businesses often have less money to spend on protecting themselves than their larger counterparts, but cybersecurity is a vital investment. It can be a struggle to know where to start, especially if you aren’t an expert in the IT. Technology systems are becoming increasingly complex, making protecting them from attackers ever more challenging.

Enlisting the help of an expert such as Cyan for your businesses computer and data security needs is beneficial and well worth the extra money involved. A professional in the field of cybersecurity will be top of the game and the first to know about new viruses and issues, giving them the ability to stay one step ahead of the cybercriminals and implement security patches before a breach has the chance to occur.

It is also vital to remember that under GDPR you are also responsible for how all your chosen suppliers and providers handle your customer’s data. When employing third-party companies to run systems or software for you, be sure to understand exactly how they are working to protect themselves from cybercrime. You could have the best cybersecurity in the world, and if one of your external suppliers doesn’t keep the same standard, you can still be at risk of a cyber attack or data breach.

10 basic (but essential) business tech security tips

Being aware of basic IT security isn’t just the first step towards a safer network for your business, it is essential knowledge. Hacking is both lucrative and more common than we know.

For any professional serious about protecting their tech, we’ve put together 10 basic, but essential, security tips:

1. Leverage Cloud technologies

The cloud is an incredibly useful tool for small and medium sized enterprises as it allows easy-access to a secure data centre. By utilising cloud-based computing, you can rest easy in the knowledge that the protection of your important data has been outsourced to a larger company with heightened security capabilities. For this reason, be sure you know all the facts before signing up to any service, especially where their data centres are stored.

2. Use a good Firewall

Firewall’s may seem like a bit of a no-brainer, but really they are the epitome of frontline protection against network intrusions. Rather than opting for free software, it is very much recommended that medium-sized businesses invest what they can into a good Firewall to ensure the best protection.

3. Keep it clean and tidy

Clean and tidy is the way! In order to ensure that your computer isn’t at risk of security breaches through old software exploits, keep all of your primary software updated and remove any unused applications. This has the added bonus of keeping your systems running at optimum speed for longer.

4. Have your webmaster enable HTTPs on your website

This sounds over-complicated but with a little Google search you’ll soon see that it’s really not. The benefit is that HTTPs websites have an SSL/TLS Certificate installed onto their servers. This encrypts all data transmitted from browser to server. They also have the added bonus of tying your brand identity to your web presence, which encourages visitors to engage with your site safe in the knowledge that it isn’t a phishing attempt.

5. Keep passwords strong and secure

Passwords are very valuable to hackers. To ensure they don’t get yours, create longer passwords with more variety of numbers and special characters, and never use the same one twice.

6. Create level-specific user accounts for your network

Whenever you create a new user account for your business network, bare in mind what that person will need access to and limit their privileges. Admin privileges should be reserved only for IT administrators and the like. Alongside this, create a limited account for guest access for those who don’t work with you.

7. Understand what data is most important – and lucrative

Perhaps one of the best ways to ensure tech security for your business is to get better and understanding what data of your is the most lucrative. Once you understand this, you can work on ensuring that it is well protected.

8. Create social media guidelines for employees

Social media sites can be something of a cornucopia of information. Using social media advocacy can be a great way to increase your brand’s marketing reach. Ensure you create social media guidelines for your employees to ensure that they know what they can – and can’t – share.

9. Hide your business Wi-Fi network

Hiding your Wi-Fi network is a simple way of reducing hacking attempts. This can be done by editing the SSID display options on your router settings.

10. Train your team on identifying phishing

Finally, nothing beats training to ensure the best practice by your team. Alongside password and basic cybersecurity training, ensure that they are able to identify and know how to report email and web phishing attempts.