Securing Your Business from Cyber Crime
Barely a week goes by in the news without a headline on network Hacking or a Ransomware attack. In early June, two secondary schools in Kent had to temporarily close after hackers broke into their servers, stealing data and encrypted information. In May, the US reported a major energy company, Colonial Pipeline, had to take itself off-line after a major cyber ransomware attack. In March, the UK’s National Cyber Security Centre (NCSC) issued an alert to all UK businesses to install the latest Microsoft Exchange Server updates to thwart server attacks from a sophisticated international cybercrime gang.
It is clear that cybercrime affects businesses of all sizes and that all organisations need to be proactive in reducing their exposure to potential threats. Business operations are now almost totally reliant on a fantastic combination of tech, telecoms, software and cloud services. Protecting these technology assets and data has become a corporate priority.
This article does not examine the specifics of that latest security technology. Still, it looks at how small and medium-sized enterprises can approach cybersecurity at a time of increasing threats from cybercriminals located all over the world. If you want to implement a meaningful security solution for business, three key elements need close attention.
- Board Level Engagement
Senior management is ultimately responsible for the health of a business. Board members don’t have to be technical IT experts but have a responsibility to understand cyber risk and mitigate it through good security practice across a business. Should an incursion occur, there should be an agreed recovery plan and protocols to minimise any disruption.
What are the first steps senior management should take?
- Find out what your IT and telecoms estate looks like and identify vulnerabilities.
- Agree on what aspects of the business have value to an attacker and prioritise protection accordingly.
- Where possible, identify potential attackers and how they may target you.
- Ensure your organisation complies with current cybersecurity standards and be prepared to further integrate good cybersecurity practice across every aspect of your organisation.
In the past, cybersecurity was sometimes seen as something that clients wanted as an “add on” to a managed service contract or something to implement after a security breach. In the last two years, Excalibur has encouraged and noticed a real step-change in corporate attitudes to improving security as attacks have become a real threat to business operations and customers.
- Creating a Cyber Security Roadmap
Undertaking a thorough review of your organisations IT system and solution is a real must if you want to stay on top of security. Only then, will you have a complete picture of how to protect your business? Using an experienced service provider can really help with this process. What to look at:
- How old is your existing hardware – servers, workstations?
- What current anti-virus software and security do you have in place?
- What does your backup solution look like – how often do you back up, do you use the cloud?
- The way you work. Do you have remote working, do employees use their own devices?
The answers to these questions will enable management, the IT department or the IT service provider to build a managed cybersecurity plan that meets your specific business needs.
At the start of any new managed service contract and annually for existing customers, Excalibur undertakes a thorough review of a customer’s business practices focussing on ‘People, Processes and Technology’. The results produce a security score and a detailed roadmap on how to enhance security across the business. This audit ensures customers are aware of any potential security risks or threats and outlines what can be done to mitigate these concerns. On top of scheduled security updates, major hardware and software upgrades can be planned and budgeted to suit the needs of the business.
Excalibur has seen a 50% reduction of security incidents from previous years by selecting and implementing enhanced Anti-Virus solutions, mail filtering, MFA (multi-factor authentication), user security training and enhanced simulated phishing tests for customers. The combined use of these defence measures has significantly improved cybersecurity for our SME customer base.
- Building a security-conscious culture
Installing the right security software, regular software upgrades, effective monitoring, replacing old equipment and patching existing hardware goes a long way to making your company more cyber secure. However, it’s vitally important you take employees along with you on the security journey if you want to have a security-conscious culture. People and the operational processes they follow are critical when it comes to mitigating risk. This can be achieved in several ways including:
- Train staff on identifying potential threats e.g. phishing emails, viruses and what to do when a breach occurs.
- Establish company protocol for employees when using their own devices at work. Only authorised devices should be used.
- Improve authentication procedure when logging on to the company network such as Multi-Factor Authentication. This is particularly important now more people than ever are working remotely.
- Regularly audit equipment, including mobile devices, to track when replacements or upgrades are required.
- Back-up and data storage. If you don’t already, consider using the cloud for data storage and backup. Cloud-based backup data centres have security and recovery procedures in place that will keep systems up and running to ensure business continuity. This is a particular benefit for SMEs unlikely to have the internal resource or backup procedures to manage this effectively.
Excalibur’s Email Phishing Simulation programme sends an authorised malicious email to staff to gauge their response to phishing and similar email attacks. It not only educates staff about the most recent phishing tactics but generates a report that shows which staff are clicking on phishing emails. They can then receive additional training. This programme substantially reduces the risk of end-users clicking on phishing emails.
On top of providing effective cybersecurity to customers, Excalibur has a good track record in enabling its customers to achieve Cyber Essentials and Essentials Plus accreditations. This accreditation scheme is not only a sign of good practice but indicates that cybersecurity is embedded across all levels of a business. It also stands for Excalibur customers in good stead for being compliant when handling other peoples data. About Cyber Essentials – NCSC.GOV.UK
Excalibur implements leading security solutions for IT and mobile customers from Cisco Umbrella, Ironshare, Webroot, Sophos Endpoint, Samsung Knox, Microsoft and Phishing Tackle.
To conclude, with nearly half of UK businesses experiencing some cybersecurity breach between 2019 and 2020 (UK government Cyber Security Breaches Survey 2020), and what we read in the news today, Cyber Security must be front of mind for any business. As criminals become more sophisticated, organisations need to put more robust security to reduce the risk of exposure. This can be achieved effectively when board-level management looks at how best to implement a cybersecurity strategy that simply becomes part of ‘how they do business’, from the IT department and employees through to suppliers and customers.