Cybercrime tips and facts for West Midlands businesses
Last week, DI Hinesh Mehta from the West Midlands Cyber Resilience Centre and I presented the webinar: ‘Cyber Security for Small Businesses’. We...
Birmingham has much to celebrate, with a thriving technology sector. Cyber Tuesday, as part of Birmingham’s Tech Week, hosted some fantastic speakers and guests with tips, ideas, and the conundrum for small business owners: “Where do I start with cyber security?!’
Here are key takeaways from the event:
This is a question that comes up time and time again. It’s clear that cyber security poses a steep learning curve but an essential one for business owners and senior decision-makers. Having a standard approach is sought by business owners, but we struggle as an industry to break cyber security down. The good news is there are lots of resources available:
As a starting point, Stuart Peters Head, Cyber Resilience Policy Team for the Department for Digital, Culture, Media and Sport (DCMS) recommended the National Cyber Security Centre’s website. It contains many free resources and government guidance on best practices. I would also suggest joining the West Midlands Cyber Resilience Centre’s free membership to get regular, relevant updates.
The next step is to look at your business’ unique security. Get a risk assessment from a reputable security company to uncover your security gaps. Security doesn’t have to be expensive, but the most vulnerable areas of your business should be secured, with staff following good security practices. We can help you get started. If you're looking to get a free risk assessment, schedule a convenient time using the link below.
Next, become Cyber Essentials certified. This has become a standard supply chain requirement for blue-chip and government organisations to prove your business' cyber security. A gap analysis will highlight the areas of your business that need improvement to meet the standard. Many businesses join forces with a reputable security company in order to meet the criteria, however, don’t assume that your IT company is an expert in security.
Birmingham Tech Week, Cyber Tuesday panel (left to right): Alastair Speare-Cole, Racheal Percival, Bill Orme and Chris Woods.
How do you think and feel about cyber security? Not budgeted for, scared and black art were the responses and relate to the first initial point. Cyber security is misunderstood. There are many misconceptions about cyber security that the industry needs to overcome.
This was mentioned by nearly every speaker. Ransomware attacks are on the rise, with the frequency increasing over COVID19. Ransomware is tearing businesses apart and the problem is only getting worse.
Do you have preventative measures?
Do you test them?
Would your staff know what to do if you were hit by ransomware (disconnect your computer and devices from the network)
To whom they would need to report the incident to (IT department), and by what means (emails are likely to be down during a ransomware attack).
A great question posed by Hugo Russell, Digital Projects Manager at Cyber Quarter (tweet from @mrjeffman). We are edging towards the latter – every business and every individual needs to take responsibility when it comes to cyber security. This is the only long-term solution to prevent cyber-attacks. Cybercriminals are light years ahead of SMEs and we need to increase our awareness and readiness.
It’s hugely difficult to predict the future because the past is not relevant – technology and cybercriminals are moving fast. Many will not report a cyber crime or are simply unaware that they have been hacked. Alison Hurst, Director of the West Midlands Cyber Resilience Centre and West Midlands Police, explained how cyberattacks are under-reported so we can’t get a full picture. Without this knowledge, there is a lack of clarity for the future.
We are blind to what might happen. We are complacent. We lack any anticipation. This is also true for the cyber insurance industry as Alastair Speare-Cole, President of Insurance at QOMPLX explained.
This will bring joy to the spreadsheet 'haters' out there, data is too easily shared/lost/stolen through Excel files, in turn breaking GDPR legislation. Use your ERP and CRM instead.
Today, big attacks, like Solarwind, have mainly affected the public sector, detaching the issue from the private sector – particularly for small and medium-sized businesses. This is an out-of-sight, out-of-mind approach to cyber security. It may take a catastrophe, affecting many SMEs for cyber security to be taken seriously.
It’s too early to say, but could this be the only way to deal with cybercrime? Following the example and the inception of the nationalised fire service back in the1800’s, which transitioned from having lots of independent fire responding units (managed by insurance companies), to a nationalised fire service to deal with the wide-reaching issue. Or will we have a cyber version of Ofcom in the future?
Check out the security settings of your Chrome extensions... it’s quite scary. They can potentially access your credit card details. Only have extensions you truly need and limit the information you share with them.
82% of cyberattacks could have been prevented by having systems properly configured, as Bill Orme, Sales Director at UK+I - AttackIQ, explained. Default settings and passwords need to be updated and maintained! Business leaders - hold your IT department and IT company to account. Run a mock cyberattack to expose your weaknesses. Test your response. Don't look for the easy way to get your team working, look for the most secure. Remember, practice makes perfect!
There were many stats and figures shared, here are a selection:
40% of businesses don’t update software and don’t have backups.
Only 14% of businesses are aware of Cyber Essentials certification.
20% of businesses are aware of the fantastic resources available from the National Cyber Security Centre’s website.
96% of businesses use the internet.
Online banking has increased over COVID19, with over 80% making online payments.
There is an annual 20% increase in reported cybercrimes year on year and increasing.
46% of UK businesses report having major cybersecurity breaches or attacks within the last 12 months.
A small UK business is hacked every 19 seconds.
Everywhere you surf online leaves a trace or footprint. Businesses should be wary of what they post and the details they leave on their website and social media. Companies House provides some really detailed personal and business information that a cybercriminal could use to sound legitimate. Each detail can be used to create a profile of you, guess your passwords and convincingly impersonate you or another team member.
There you go - I don’t want to see another birthday notification on LinkedIn!
AI is so advanced now that even your boss's voice could be impersonated by using AI. While this is not an everyday occurrence, we can see where cybercriminals are heading. Ensure to verify any ad hoc, last-minute or urgent payment requests by senior managers, even when convincingly made over the phone.
As more business operations move online, the risk of becoming a cyber victim increases. Everything is digital nowadays, with 96% of businesses using the internet. The more digital you become, the bigger the ‘surface area’ and the more entry points and threats there are to your business. This means risk is steadily increasing.
This can be the difference between your operations being down for 20 minutes or 20 days. A well-practiced threat response plan, as well as implementing good security can make all the difference.
The blueprints for IOT devices do not differ too much. This makes them rather easy to hack - so be aware. Do your research and look out for, for example, cheap smart doorbells that have been hacked time and time again. Change default passwords, otherwise, your device can easily be hacked.
Software updates are one easiest and biggest preventative measures to secure your home and business. Accept those updates, don’t delay! Even your EV charger needs a software update, as Leigh Nigel Purnell, Founder & CEO at Petalite, explained. Everything with software needs to be updated in order to be secure.
In factories where equipment is not frequently replaced but the equipment still has software, they will need to be carefully managed, from a security perspective. These machines rarely receive a security update and will need to be essentially isolated from the rest of your IT.
So there you have it. A great day and some great insights. Discover the simple business cyber security packages Superfast IT offer to small and medium-sized businesses in Birmingham and the West Midlands.
Last week, DI Hinesh Mehta from the West Midlands Cyber Resilience Centre and I presented the webinar: ‘Cyber Security for Small Businesses’. We...
Managed IT service provider, Superfast IT, has become the first IT company to gain the West Midlands Cyber Resilience Centre Business Start...
Responding to Increased Cyber Threats Following the Ukraine Invasion Thu 30th June 2022Virtual networking event ...