Cybersecurity: Why it matters more than ever right now
Tuesday, September 1, 2020
Where there’s a crisis, there are those malicious enough to exploit others. With so many businesses still shifting to remote working, cybersecurity continues to be a huge concern – for businesses large and small.
In fact, it’s even more critical as we emerge from COVID-19 lockdown and prepare for whatever the new normal brings– including the proliferation of staff working from home, yet needing to be connected.
While services like VPNs, firewalls, and single-sign-on go a long way to keeping users safe, awareness needs to be at an all-time high here and now. Discover what your customers need to know, and what they need to do to protect their users and their data.
While often overlooked, emails provide a fertile hunting ground for hackers – with phishing being one of the most prolific threats.
Threats to companies come in all shapes and sizes, and range from hacking networks to the most obvious forms of email-based attacks: phishing. This is massive and is growing, with viruses attached to emails providing the simplest way to access people’s systems. Effective protection means having effective controls around email.
Phishing is so easy to do and hard to defend against, and COVID has ramped up the risk. Furloughed and remote staff immediately provide a tempting target group for attackers, whose motives are simply monetary gain – sometimes through extortion.
Just by sending forms and directing people to bogus websites, dressed up as banks or even government schemes, cybercriminals use the threat of losing money to force actions, email responses, or clicks on sites without due consideration.
Protect & Deserve
No one deserves an attack, and there are many things that can be done to provide protection. As a bare minimum end users must definitely make sure they have good quality email security software. But there is more that can and should be done to defend their data.
Lots of people use Microsoft 365 for email – it’s the fastest growing software suite. However, many make the assumption that security is covered all-in. Microsoft 365 as with any other suite, needs to have additional security, which is available from Microsoft and a range of other third party providers.
Think Before You Act
The weakest link in all security breaches are humans. We often do things without thinking, especially in the unusual times we’re in, so putting in place a security policy is essential.
That means working with customers to understand the rules, rolling out training to ensure they understand it, and making them broadly aware of the risks. There are lots of online training solutions available including phishing simulations, in the form of a company driven test, to keep their staff on their toes, and to explain the benefits to them.
Stand & Deliver
Another popular attack comes in the shape of ransomware – where criminals worm their way into a system, lock users out, and hold them to ransom. This tactic was on the rise before COVID and attacks are becoming more frequent.
These ‘stand and deliver’ attacks can effectively wipe out a company by deleting data -and all of your customers’ company data, with the prospect of losing access forever.
Hackers can steal any information and use it against a company or individual – such as bank or credit card details. By pretending to be the finance director, they can try to panic others into making an immediate payment.
Major concerns include data privacy laws (GDPR), business reputation, and, of course, loss of finances; which can be significant in many cases.
COVID has increased the threat, and lots of criminals are taking advantage of working from home, and using it as a way in – such as phishing scams.
Remote working brings lots of challenges – such as employees using their own equipment which does not have correct security software installed. Also, if systems are not set up for remote working, assembled in a rush or not properly configured, that could raise security issues too.
How At Risk Are Small Businesses?
Big companies will always be a target – but as they spend millions on security, have large dedicated teams, and can afford the solutions, they’re seen as too tough to target (except by the most hardened hackers, perhaps).
But, as small companies don’t always understand the risks and importance of investing in security, or just don’t have the time or money to have in-house experts -- they need an external partner: a Managed Service Provider (MSP) like you.
Because smaller companies are easier targets, this is absolutely crucial. As you know, MSPs can act as an advice line and provide online training, email security, and antivirus software. It is not a case of one solution fits all, but depends on how sophisticated a particular system is.
Top Tips To Keep Data Secure
Some advice you can give your customers;
- Keep data in central locations which are backed up and secured by your IT team or MSP.
- Cloud is fine for this. Don’t have data locally where it is not backed up and less secure.
- Ensure staff only use company equipment.
- Make sure policies are clear for remote working and policed.
- Conduct regular professionally managed cybersecurity online training and testing
- Multi-factor authentication is important to ensure the right people have access to the right system -- the best way is to use a VPN.
Ultimately, hackers get smarter in line with technology itself. Being a step ahead might not be possible, but there are many ways to protect your customers’ businesses from harm.
Security in this sense, is a multi-faceted effort – one that continues to evolve; something that all businesses need to stay on top of.