Tech Watch: Get ready for a phishing trip


With the recent heat, we all felt the need to open the windows. But you would never dream of leaving the house without closing them first, lest you lure an opportunistic thief into your home to steal your belongings.

Do you also ensure that the “windows are closed” in your company? Or are you inadvertently opening yourself up to a potential thief?

A report by the Government’s Department for Digital, Culture, Media and Sport in March 2022 stated that “nearly one in three (31%) businesses and a quarter (26%) of charities who suffered attacks said they had suffered violations or attacks at least once. one week”.

Keep a log of the systems and sites you use and who has access to them

We’re all pretty used to reading data breach horror stories and have images in our minds of hackers working in dark rooms, doing their best, and that’s not an unfounded thought at all. Businesses face huge threats: not only traditional “hackers” trying to disrupt or steal your data, but now also ransomware attacks, where malicious software is installed to prevent a user or organization from access files until a ransom payment has been made. was made in exchange for the decryption key.

Data breaches come in all shapes and sizes and come from the most unlikely sources, affecting all sizes of businesses. We’ve all at some point received a “suspicious” email from a contact and contacted them to let them know they might have a “problem”.

Attacks from within

Data breaches can and do come from within. Diminished vigilance on the part of staff can lead to so-called phishing emails that trick them into divulging details and can be extremely problematic. In some companies, IT departments send fake phishing emails to test their employees’ response and help educate.

It’s the things you put in place before a potential incident that could make the biggest difference

While that might sound a little harsh and no one likes to think they’re in place, it’s not unwarranted considering that according to the government survey, 83% of cyber breaches or attacks on companies in the UK were phishing attacks in which staff received fraudulent information. emails or have been directed to fraudulent websites.

Of course, malicious attacks can also come from trusted people within the company; those who have had access to the data as part of their role who then decide to plunder, motivated by revenge or greed. These types of violations are difficult to predict and nearly impossible to prevent.

While this may seem like a problem for your IT department, the security of your systems and data is an issue much closer to home, and the consequences of data breaches affect every part of the business. Many small businesses don’t have the luxury of having an IT department, so what?

Consider your reaction measures when you encounter a problem. What are your backup plans?

There are small but important steps anyone can take in a business to control risk. Keeping a log of the systems and sites you use, and who has access to them, is a good start. These include things like personal email accounts, but can also include generic email accounts like [email protected] and [email protected], and even social media accounts that many people have access to.

Protocols

You should consider having rigid protocols in place to remove or restrict access to these on an individual’s resignation or, for sure, on their last day. Regularly reviewing these logs and removing access where no longer needed is also good practice.

Frequently encouraging your staff to change their passwords seems obvious, but when they are not prompted, the practice is something that rarely happens in the busy day. Staff should consider using phrases or even sentences as passwords, making them harder to guess. A good way to avoid using the same password for each account is to set up a system where the password is different each time but easy to remember; for example, ££sitename99!

Many small businesses don’t have the luxury of having an IT department, so what?

Finally, you should consider your reaction measures when you encounter a problem. We’re all for regular fire drills, but you’re more likely to suffer a data breach than your office to catch fire. What are your backup plans? How will you communicate to customers that there has been a problem? Are you familiar with the Information Commissioner’s Office “self-assessment” procedures for reporting a breach?

These measures may seem tiny in the grand scheme of the problem, but they could have the greatest impact.

It’s the things you put in place before a potential incident that could make the biggest difference to your resilience and ensure a quick recovery should the worst happen.

Nicola Firth is Founder and Managing Director of Knowledge Bank


This article originally appeared in the July issue of MS.

If you would like to subscribe to the monthly print or digital magazine, please click here.

Previous Fixed rates continue to rise at record pace: Moneyfacts
Next Blog: Delays and obfuscation | Mortgage strategy