Richard Andreae, CEO of SupPortal UK Ltd discusses cybercrime threats and how to efficiently protect your business with cyber security
Cybercrime statistics are escalating, both in scale and complexity. Attacks affect everyone from essential services, such as the NHS, to multinational businesses, SMEs, and private individuals.
Each year, cybercrime causes significant financial losses and reputational damage.
As business is conducted increasingly online, it’s essential to put effective cyber security measures in place to protect you and your organisation from the effects of cyber-attacks.
Are you prepared?
In our post-pandemic digital age, most businesses conduct their business online, using systems, networks, software, and apps that instantaneously connect them to every corner of the world.
While this connectivity enables business operations from anywhere, this increased use of connected platforms presents increased risks.
As technology advances and our use of it evolves, so does cybercrime and the way criminals capitalise on vulnerable security systems for their gain.
Un-targeted cyber-attacks such as phishing and ransomware have seen rampant growth in the last 2 years as more opportunities present themselves to cybercriminals. Reports of ransomware attacks increased over 3000% from 171,000 in 2019/20 to more than 5.5 million in 2020/21 (Source: ActionFraud).
While the importance of cyber security increases, many are still unaware of measures they can implement and actions they can take to mitigate risk, combat crime, and protect their future.
The reality is that the best way for businesses to protect themselves against cybercrime is to invest in cyber security.
SupPortal UK’s principal 5 controls to improve your company’s cyber security
1. Firewall
All connected devices run network services, which communicate with other devices and online services. By restricting access to certain services, you will reduce your exposure to attacks. This can be achieved by using firewalls and data flow policies.
Firewalls can restrict network traffic and protect against cyber-attacks by blocking traffic according to a defined set of rules. Every device that accesses your network should be protected by a firewall.
2. Secure Configuration
Brand new, out-of-the-box computers and devices aren’t always secure in their default configurations. They often include weak points such as admin accounts with insecure passwords or come without multi-factor authentication enabled.
Default installations provide cyber criminals with easy opportunities to gain access to an organisation’s sensitive information. By applying some technical controls when setting up your computers and devices, you can minimise vulnerabilities and increase your protection against cyber-attacks.
3. User Access Control
User accounts are now required for multiple device access and internet- based services. Every active user account facilitates access to sensitive business information. By ensuring that only authorised individuals have accounts and are granted only as much access as they need to perform their role, you reduce the risk of information being stolen or damaged.
All user accounts should be protected with multi-factor authentication. Passwords should be strong with minimum password lengths of 12 characters, and a password deny list should be used to automatically block the use of common passwords, such as “Password123!”.
4. Malware Protection
The act of downloading software and files from the internet can expose a device to a malware infection. Malware, such as viruses, worms, and spyware, is software that has been written and distributed with malicious intent.
Potential sources of malware include email attachments, app downloads, and the installation of unauthorised software. If your systems get infected with malware, you will likely suffer from data loss, malfunctioning systems, and ongoing infections.
5. Security Update
Any device that runs software can be exposed to vulnerabilities that are regularly discovered in all software. Once discovered, malicious individuals move quickly to exploit them. They use the weaknesses in software to attack computers and networks.
Using only licensed and supported software and enabling automatic updates will protect your business from many potential cyber-attacks.
With the Government Cyber Essentials scheme, it is easier and more affordable for businesses to protect themselves.
What are Cyber Essentials?
Cyber Essentials is a simple, yet effective Government approved scheme that helps protect organisations from the most common cyber threats.
By holding a Cyber Essentials certificate, you demonstrate your commitment to IT security, whilst also protecting your business and your clients from the potentially devastating effects of an attack.
Certification gives you peace of mind that your defences will protect you, simply because the most common attacks look for targets which do not have these technical controls in place. Cyber Essentials shows you how to address the basics and prevent the most common attacks. Should you wish to enhance your certification, you can choose Cyber Essentials Plus, which still has the Cyber Essentials Trademark and approach, but with Cyber Essentials Plus, a hands-on, technical verification is carried out.
Why should you get Cyber Essentials?
Cyber Essentials certification provides you with certified cyber security. It reassures customers that you are working to secure your IT systems against cyber-attacks. It helps attract new business and provides you with a clear picture of your organisation’s cyber security level.
If you would like to bid for central government contracts which involve handling sensitive and personal information, you will require a Cyber Essentials certification.
How much does it cost for a Cyber Essentials Assessment?
With SupPortal UK, Cyber Essentials Certification costs start from £300 p.a. and Cyber Essentials Plus costs start from £1100 p.a.
About SupPortal UK
SupPortal UK offers over 25 years of experience in the IT industry. We work with companies of all sizes to reduce their vulnerability to cyber-attacks. With the rise of cyber security issues, we focus on protecting customer data. Today, we offer a range of services including Cyber Essentials and Cyber Essentials Plus certification and IASME Cyber Assurance. To complement this, we also undertake Penetration Testing, Vulnerability Assessments and Cyber Security Audits.
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International.