This week, there are some interesting lessons we can learn from the IT and security headlines. Learn from other businesses mistakes so you you don't have to:
- Remote working – it’s here to stay
Do you have long-term cybersecurity measures for remote learning?
- UK courts can protect your reputation after a ransomware attack
Have you heard of an interim order?
- Legacy IT systems could be the downfall to security When to upgrade your IT infrastructure
- Data breaches rising because of remote working Perform a gap analysis to check where you stand
- Increase in copycat websites Don't get scammed! Be careful when making online payments
- 15 Derbyshire schools forced to suspend online teaching following a cyber attack
Having protocols in place so you have a plan following a cyber attack
- Early education on password security
Keep your home devices safe
Remote working – it’s here to stay
Remote working – it’s here to stay, even after June 21st. Make sure your IT and security is set up to prevent unwanted attacks. We’ve created a quick guide to highlight the key steps to remote working cybersecurity – download the guide and let me know what you think.
UK courts can protect your reputation after a ransomware attack with interim order
Did you know that the UK courts may be able to protect your most sensitive data from being reported by the press?
Ransomware is about cybercriminals threatening to leak your sensitive data – data such as internal investigations that could damage your brand and reputation.
You could protect your most closely guarded secrets from entering the public domain. There is an application known as an 'interim order', through the High Court, which can prevent disclosure of sensitive data.
So, if a hacker got hold of your data in a cyberattack and released it, the press could not report or disclose the information that is protected.
Source: New Foods Magazine
Legacy IT systems could be the downfall to security
A recent report has found that 86% of national infrastructure companies in the UK have been hacked in the past 12 months. Many of them use legacy systems – One third are between 11 - 20 years old. UK infrastructure is set to modernise, making them more connected, but at the same time widening their attack surface.
The report suggests that a lack in cyber skills is increasing the issue.
Dealing with old IT infrastructure
You can modernise your IT infrastructure while undergoing digitalisation and tech plans. If you have no major technology improvements to make, then make sure your IT doesn't get left behind. A 10-year-old server is past its prime and needs to be replaced – why not look into cloud alternatives?
Training everyone to have a fundamental grasp of cybersecurity is going to help reduce the entry point of a cyber-attack. Lean on an expert if you do not have any employees that have IASME or equivalent cybersecurity training.
Source: Info Security Magazine
Data breaches rising because of remote working
Computer Weekly report that a huge rise in data breaches over the past few months are due to remote working and businesses relaxing their normal security protocols. Cyber criminals are targeting these new vulnerabilities in defence.
How should I respond?
Anyone involved in security and compliance should carry out a gap analysis for risk assessments, processes and policy. Identify where risks have been or could be introduced and then you can begin to address them. Get in touch if you want advice on identifying and bridging security gaps.
Rise in copycat websites
Google has registered 2,145,013 phishing sites as of January 17, 2021, this is up from 1,690,000 on January 19, 2020 (up 27% over 12 months).
What can we learn?
This highlights the importance of website filtering as a cybersecurity control. We hear about more incidents of company websites being copied – looking almost identical to the authentic ones. It’s actually quite easy to find out a websites coding – if you ‘right click’ now on our webpage and select ‘source code’, you can see some of ours.
What can’t be copied is the exact url. This is how you can tell whether a website is legitimate or not.
Aside from having awareness of your business website being replicated, pay close attention when making payments online or providing your bank details. If you need to make a payment online, Google a brand to find their website rather than following a link from an email.
15 Derbyshire schools forced to suspend online teaching following a cyber attack
It’s reported that 15 schools in the Nova Education Trust have been forced to shut down its systems and postpone virtual teaching because of a cyber attack. They cannot use email, phones or their website.
A bug was discovered in the early hours of this morning.
Luckily their text messaging service must be separate to their other communications channels, as pupils were informed by SMS.
Their Twitter page reads: "Please do not access your emails or open documents from your lessons as we are aware of the internal cyber issue and are working hard to fix it."
Lessons we can learn
If you had a cyber-attack, do you have a procedure in place to inform your staff and customers? Bear in mind that normal communications channels like email may not be accessible.
Head teachers and school boards should check what protocols they have in place at their school. This links with my next news item about teaching children about passwords. Carrying out a security and compliance gaps analysis is a good starting point.
Get in touch with me if you need any help defining what good process and protocols look like.
Source: Derbyshire Telegraph
Early education on password security
Leading on from the previous news story… Amidst of the coronavirus pandemic, our kids have plunged into hours of unsupervised internet access. They face a multitude of risks, opening the door to malicious cyber-attacks on family devices.
So, remember to tell your children:
- Don’t use the same password twice
- Don’t share your passwords
I advise installing the free version of Last Pass to securely store your passwords. It also monitors the dark web to see if your details have been stolen.
Subscribe to our newsletter for more IT, Technology and Cyber news and tips: