magazine
17
01732 759725
Maximise your budget
misco.co.uk/promotion/real-deals
Real Deals
1007375_UK_SP_Real_Deals_Campaign_Bussiness_DPS_75x210.indd 1
2017.02.13. 17:19:50
approximately 3,000 companies with
this certification, which allows us to
differentiate ourselves in the market.”
Recommended practices
Data Interchange, a provider of
electronic data interchange (EDI) and
eBusiness integration solutions, is
another company to have recently
achieved Cyber Essentials certification.
John Knights, operations director at
the company, said that growing public
awareness of the scheme encouraged
them to become certified.
“We have always had a strong focus
on IT security, as we specialise in secure
Cyber security top tips
Lawrence Jones, CEO of cloud and
dedicated hosting firm UKFast and
cyber security consultancy Secarma,
suggests five key steps small business
owners should take to stay safe in the
evolving digital landscape.
1
Use a password manager
Remembering strong passwords for all
the applications you use in your business
and personal life is all but impossible and
many people end up either using weak
passwords or re-using existing ones.
Instead, use a password manager. There
are many around, such as LastPass and
KeePass. Be aware that some password
managers have had security breaches, so
be sure to keep yours up-to-date.
2
Check your backups
One of the most damaging attacks, and
one of the most frequently deployed
against small businesses, is Ransomware.
This malicious software encrypts your
critical business files, locking you out and
demanding payment for release. Imagine
the damage that could do to a business.
Ransomware is allowed intoWindows
systems when users click on malicious
links, downloads or attachments in
spoofed emails. Users should never open
email attachments from sources they
don’t recognise. Malicious emails used to
be less sophisticated, with basic looking
templates and spelling mistakes. Now
they are branded with company logos
and a forged email address. Attackers
often tailor the email for their victim
using information they know about their
business. Personalised attacks, of course,
have a higher success rate.
The frequency of this kind of attack
has exploded in the last 12 months
because criminals are getting results.
Now’s the time to fight back. Ensure
you keep regular backups in a separate
location, so that if you’re held to ransom
you can recover your critical files without
having to pay the attackers.
3
Beware Internet of Things (IoT)
devices
In many cases, IoT devices have been
the weak link that has led to a security
breach that puts your home network at
risk. Like any software, you need to keep
IoT devices up-to-date.
Think carefully before setting up a
‘port forward’ that allows you to log in
to devices remotely. If you have a weak
password or vulnerable device, hackers
will be able to access it too, and if it’s
connected to devices you use for work
you’ll be leaving your business exposed.
4
Educate your team
It’s difficult to change human behaviour
and break bad habits, so it’s important
to get your team together in a group to
discuss the risks and how to avoid them.
Show them examples of ransomware
attacks and other phishing emails, and
give them the stats about what falling
for these scams costs individuals and
businesses every year. Provide examples
of how individual employees have caused
irreparable damage to a business. It may
seem far-fetched, but it’s important they
are aware of the dangers. Ultimately,
we’re all responsible.
6
Use an ad blocker
Many viruses are spread through
malicious adverts. Using an ad blocker
is a simple and quick win in helping you
to reduce your exposure and keep your
business safe.
file transfer and integration solutions,
and have previously targeted industry-
specific and international standards
for certification, like ISO27001.We are
starting to see more customers looking
for Cyber Essentials from their suppliers,
so this seemed like a good time to gain
certification,” he said.
Since the company was already on
top of its security, Knights found the
certification process straightforward.
“The whole process only took a
few hours of our time, since we were
already following the recommended
practices. Certification via a third party
auditor was under £500. Depending on
the gaps found, this could obviously
cost more, but it is better to highlight
and understand the potential risks
and mitigation than to assume that
everything is OK,” he said.