When it comes to cyber security risks for businesses, it can be hard to know where to begin to stay safe online. The cyber threat landscape changes as new technologies emerge and when world events impact businesses. The way a business grows and adopts new technology will also affect what threats pose a risk to them.
Types of Business Cyber Security Risks
Phishing / Smishing / Vishing
Phishing (email), smishing (messager/txt), and vishing (voice/calls) are methods cybercriminals use to trick targets into releasing sensitive company data such as passwords. This can be done by encouraging people to click a link to a fake website to capture login details. Or by a threat actor can call and pose as someone that needs credentials such as a Manager or IT Professional. Once they have a piece of information they are looking for, they can use it to breach accounts or launch even more sophisticated cyber-attacks.
Some phishing and smishing attempts aim to trick the user into downloading a malicious file or application which will then cause damage to their device or network.
Cyber Security for Business Training – To defend against the latest online crimes and scams, staff must understand what the threats are and what to look out for. A business can invest in cyber security solutions, but without training their staff, they can leave themselves vulnerable. Engaging and effective training is key to building a holistic cyber culture within an organisation.
Cyber Gap Analysis and Usecure Training – By running a cyber gap analysis on members of the team, you can identify areas where they need support when it comes to cyber threats like phishing. Usecure will then continue to monitor their knowledge through online questionnaires so staff are supported in their cyber security development.
This is software that contains malicious code that has the potential to cause damage to a device or network. There are many types of malware, one of the most common and disruptive is ransomware.
Ransomware attacks encrypt data, preventing user access. Once it infects a network, it can bring a business to an immediate halt. The cybercriminals will ask for a ransom to be paid to release the data, but there is no guarantee they will. They also have the potential to expose the data, regardless if demands are met or not. It is a common myth that only corporations are targeted by ransomware attacks, but the reality is that small businesses are prime targets also.
Microsoft Defender – Preventing emails containing malware from reaching inboxes in the first place is a great way to stop these cyber attacks from happening. Microsoft Defender scans emails for suspicious links or files and stops them in their tracks.
Bitdefender Endpoint Security – As a military-grade threat defence solution, Bitdefender will stop any malware causing damage if it is exposed to a network by acting quickly to block it before harm is done.
Lookout Mobile Threat Defence – You protect your business computers, so why not mobile phones? Mobiles are often where personal data meets business data meet. That is why cybercriminals are turning their attentions to them, especially when they remain unprotected. Lookout Threat Defence is suitable for Android and iPhone users, offering protection from malware, malicious applications and dangerous websites.
Man in the Middle / Wi-Fi Spoofing
When working on the go, staff are likely to connect to public Wi-Fi using multiple devices. Therefore, they become the perfect attack grounds for bad threat actors. Wi-Fi from airports, coffee shops, hotels etc can easily be spoofed so it looks like a legitimate connection. Once connected, cybercriminals can steal credentials and intercept private conversations (man in the middle).
Wi-Fi Spoofing Solutions
Mi-Fi Mobile Broadband – This is a fantastic investment for staff working flexibly and on the go. It offers a secure connection that they can log onto and share with other team members when travelling together. This prevents the need of finding other wi-fi connections and can be used abroad.
Account Compromise / Email Hijacking
Phishing is a common way of getting credentials to compromise important business accounts. However, overusing passwords is another common method to gain access. When credentials are exposed on the dark web after a third-party breach, hackers can then test other accounts with the same login details. Once the account is compromised, hackers can steal data, change passwords, and launch other attacks on the business or their customers/suppliers.
Account Compromise Solutions
Cyber Security for Business Training – This will help staff to understand the importance of not reusing passwords and to build a healthy cyber culture that puts processes such as two-factor authentication into place.
Having a good password manager is great for generating strong passwords and then storing them safely. Passportal is one of the leading password managers on the market. A useful feature for businesses is the ability to run audits to see what accounts staff have access.
Customers and suppliers want to know their data is handled with due diligence. Cyber Essentials and Cyber Essentials Plus are Government endorsed certifications that help businesses to put the right measures and controls in place to build their online resilience. By focusing on five key controls, businesses can gain a deeper understanding of their cyber security and identify any vulnerabilities.
At Linten Technologies, we are dedicated to helping businesses defend against cybercrime and scams. When it comes to online security, businesses should never adopt a one-size fits all approach. We will work with businesses to understand their cyber security needs and then offer the very best guidance based on growth strategies, workforce demands, and online activities.