8 min read

Cyber Tuesday at Birmingham Tech Week

Featured Image

Birmingham has much to celebrate, with a thriving technology sector. Cyber Tuesday, as part of Birmingham’s Tech Week, hosted some fantastic speakers and guests with tips, ideas, and the conundrum for small business owners: “Where do I start with cyber security?!’

Here are key takeaways from the event:

1. Cyber security - where do I begin?

This is a question that comes up time and time again. It’s clear that cyber security poses a steep learning curve but an essential one for business owners and senior decision-makers. Having a standard approach is sought by business owners, but we struggle as an industry to break cyber security down. The good news is there are lots of resources available:

  1. Free cybersecurity resources online

    As a starting point, Stuart Peters Head, Cyber Resilience Policy TeamDepartment for Digital, Culture, Media and Sport (DCMS) recommended the National Cyber Security Centre’s website. It contains many free resources and government guidance on best practices. I would also suggest joining the West Midlands Cyber Resilience Centres free membership to get regular, relevant updates.

  2. Get a risk assessment

    The next step is to look at your business’ unique security. Get a risk assessment from a reputable security company to uncover your security gaps. Security doesn’t have to be expensive, but the most vulnerable areas of your business should be secured, with staff following good security practices. We can help you get started. If you're looking to get a free risk assessment, schedule a convenient time using the link below.

    Schedule Risk Assessment

  3. Cyber Essentials

    Next, become Cyber Essentials certified. This has become a standard supply chain requirement for blue-chip and government organisations to prove your business' cyber security. A gap analysis will highlight the areas of your business that need improvement to meet the standard. Many businesses join forces with a reputable security company in order to meet the criteria, however, don’t assume that your IT company is an expert in security.

Birmingham Tech Week Alastair Speare-Cole Cyber risk and insurance, Racheal Percival, Chris Woods, Bill Orme at Cyber Tuesday
Birmingham Tech Week, Cyber Tuesday panel (left to right): Alastair Speare-Cole,  Racheal Percival, Bill Orme and Chris Woods.

2. Cyber Security: Not budgeted for. Scared. Black art.

How do you think and feel about cyber security? Not budgeted for, scared and a black art were the responses and relates to the first initial point. Cyber security is misunderstood. There are many misconceptions about cyber security which the industry needs to overcome.

3. ransomware, Ransomware, RANSOMEWARE!

This was mentioned by nearly every speaker. Ransomware attacks are on the rise, with the frequency increasingly over COVID19. Ransomware is tearing businesses apart and the problem is only getting worse.

Do you have preventative measures? Do you test them? Would your staff know what to do if you were hit by ransomware (disconnect your computer and devices from the network), whom they would need to report the incident to (IT dep.), and by what means (emails are likely to be down during a ransomware attack). 

4. Do we have a cyber security candidate shortage or do employees lack cybersecurity knowledge?

A great question posed by Hugo Russell, Digital Projects Manager at Cyber Quarter (tweet from @mrjeffman). We are edging towards the latter – every business and every individual needs to take responsibility when it comes to cyber security. This is the only long-term solution to prevent cyber-attacks. Cybercriminals are light years ahead of SMEs and we need to increase our awareness and readiness.

5. Too little data to predict the future and severity of cybercrime

It’s hugely difficult to predict the future because the past is not relevant – technology and cybercriminals are moving fast. Many will not report a cyber-crime or are simply unaware that they have been hacked. Alison Hurst, Director of the West Midlands Cyber Resilience CentreWest Midlands Police, explained how cyberattacks are under-reported so we can’t get a full picture. Without this knowledge, there is a lack of clarity for the future.

We are blind to what might happen. We are complacent. We lack any anticipation. This is also true for the cyber insurance industry as Alastair Speare-Cole, President of Insurance at QOMPLX explained.

6. Excel should be banned 🎉

This will bring joy to the spreadsheet 'haters' out there, data is too easily shared/lost/stolen through Excel files, in turn breaking GDPR legislation. Use your ERP and CRM instead.

7. Only a major cyber-attack affecting many small businesses will change attitudes

Today, big attacks, like Solarwind, have mainly affected the public sector, detaching the issue from the private sector – particularly for small and medium-sized businesses. This is an out of sight, out of mind approach to cyber security. It may take a catastrophe, affecting many SMEs for cyber security to be taken seriously.

8. Future predictions: A nationalised cyber-attack helpdesk?

It’s too early to say, but could this be the only way to deal with cybercrime? Following the example and the inception of the nationalised fire service back in the1800’s, which transitioned from having lots of independent fire responding units (managed by insurance companies), to a nationalised fire service to deal with the wide-reaching issue. Or will we have a cyber version of Ofcom in the future?

9. Chrome extensions are the devil 😈

Check out the security settings of your Chrome extensions... it’s quite scary. They can potentially access your credit card details. Only have extensions you truly need and limit the information you share with them.

10. Businesses are Silently failing

82% of cyberattacks could have been prevented by having systems properly configured, as Bill Orme, Sales Director at UK+I - AttackIQ, explained. Default settings and passwords need to be updated and maintained! Business leaders - hold your IT department and IT company to account. Run a mock cyberattack to expose your weaknesses. Test your response. Don't look for the easy way to get your team working, look for the most secure. Remember, practice makes perfect!

11. scary facts and figures about cyber security

There were many stats and figures shared, here are a selection:

  • 40% of businesses don’t update software and don’t have back-ups.
  • Only 14% of businesses are aware of Cyber Essentials certification.
  • 20% of businesses are aware of the fantastic resources available from the National Cyber Security Centre’s website.
  • 96% of businesses use the internet.
  • Online banking has increased over COVID19, with over 80% making online payments.
  • There is an annual 20% increase in reported cybercrimes year on year and increasing.
  • 46% of UK businesses report having major cybersecurity breaches or attacks within the last 12 months.
  • A small UK business is hacked every 19 seconds.

12. Be careful of what you share online

Everywhere you surf online leaves a trace or footprint. Businesses should be wary of what they post and the details they leave on their website and social media. Companies House provides some really detailed personal and business information that a cybercriminal could use to sound legitimate. Each detail can be used to create a profile of you, guess your passwords and convincingly impersonate you or another team member.

There you go - I don’t want to see another birthday notification on LinkedIn!

13. AI and voice impersonations

AI is so advanced now that even your boss's voice could be impersonated by using AI. While this is not an everyday occurrence, we can see where cybercriminals are heading. Ensure to verify any ad hoc, last-minute or urgent payment requests by senior managers, even when convincingly made over the phone.

14. Businesses are getting more and more exposed, increasing the likelihood of a cyberattack

As more business operations move online, the risk of becoming a cyber victim increases. Everything is digital nowadays, with 96% of businesses using the internet. The more digital you become, the bigger the ‘surface area’ and the more entry points and threats there are to your business. This means risk is steadily increasing.

15. Being prepared is the best preventative action

This can be the difference between your operations being down for 20 minutes or 20 days. A well-practiced threat response plan, as well as implementing good security can make all the difference.

16. IOT devices have very weak security generally

The blueprints for IOT devices do not differ too much. This makes them rather easy to hack - so be aware. Do your research and look out for, for example, cheap smart doorbells that have been hacked time and time again. Change default passwords, otherwise, your device can easily be hacked.

17. Update the software on everything, even your EV charger!

Software updates are one easiest and biggest preventative measures to secure your home and business. Accept those updates, don’t delay! Even your EV charger needs a software update, as Leigh Nigel Purnell, Founder & CEO at Petalite, explained. Everything with software needs to be updated in order to be secure.

In factories where equipment is not frequently replaced but the equipment still has software, they will need to be carefully managed, from a security perspective. These machines rarely receive a security update and will need to be essentially isolated from the rest of your IT.

 

So there you have it. A great day and some great insights. Find out what simple business cyber security packages Superfast IT offer to small and medium-sized businesses in Birmingham and the West Midlands.

Schedule Risk Assessment

CYBERSECURITY PACKAGES

8 min read

Cyber Tuesday at Birmingham Tech Week

Birmingham has much to celebrate, with a thriving technology sector. Cyber Tuesday, as part of Birmingham’s Tech Week,...

10 min read

Cybercrime tips and facts for West Midlands businesses

Last week, DI Hinesh Mehta from the West Midlands Cyber Resilience Centre and I  presented the webinar: ‘Cyber Security...

2 min read

Are you missing out on Home Office-funded Cyber Security?

Business leaders encouraged to take advantage of Home Office funded cyber security in virtual networking event.  

...