CyberWar

In a traditional combat scenario, professional forces are engaging with the enemy. There are those on the attack (the enemy) and those on the defence. But when it comes to cybercrime, your business risks being the first casualty.

Hackers and cybercriminals traditionally aimed their activities at wealthy, large organisations or those they wished to embarrass or damage politically. And while wealth acquisition ("theft") or political interference is still the primary driver for these groups, they now know that there is an easier way to get their money or foot in the door. And that's via an SME business like yours.

If the cybercriminals can breach your systems or extract a copy of your data, they'll not only have a hold over your business but all your customers as well. And that's why, as a business owner or director, you must be aware that it's not a case of IF a cyber attack will occur, but when – and what you are going to do to mitigate it.

The secret here is to recognise that there will be an attack at some point. Whether it's a targeted attack, a "spray and pray" attack, or just a member of staff falling for a scam, initial defence methods are very similar.

1. Secure backups

Assume the worst, and ensure you have secure copies (backups) of your data.

Those backups must NOT be permanently connected to the I.T. systems you wish to protect or secured with passwords used elsewhere.

2. Implement a "Zero Trust" strategy

This is possibly one of the more complicated sides of cybersecurity. Still, in essence, zero trust means that a secondary process or person must approve any access or change to your I.T. systems.

Your zero-trust strategy might be to have two-factor authentication on your logins (those little six-digit codes generated by a phone app or keyfob you use to log in). Or that no software can be installed or run before it's been checked and approved. There are automated ways of doing this. These even have the benefit of preventing a trusted piece of software from being hijacked, which can quickly happen in a ransomware attack, for example.

3. Anti-virus/anti-malware software

Layer your security by adding commercial anti-virus/anti-malware software to your I.T. system and have it installed, where possible, on every device. We always recommend the enterprise versions of this software, not the "home" versions, and most definitely not "free". It isn't worth risking your business for the sake of saving £3 per month. Once installed, it needs to be kept up to date and monitored.

4. Firewall

If you have a fixed office, protect your network from Internet threats with a robust, regularly updated firewall appliance. Don't risk your business on the "free" £50 router your Internet Service Provider supplies, which will probably never be updated from the day it's shipped to you.
And while we're talking of updates, make sure your software is always kept up to date. Apply patches/updates regularly and know when your software versions become "end-of-life", even if they still appear to be usable. That's because when a vendor stops supporting the version of software you are using, updates and security fixes are no longer released, putting you at extreme risk.

5. Awareness, training and procedures

Cybersecurity isn't just about implementing defence technology, though. Its also about awareness, training and procedures and processes. Consider looking at CyberEssentials certification to help with this – with the bonus that CyberEssentials certified businesses are much more likely to win customers by increasing that level of trust and providing reassurance that their data is safe with you.

You've worked hard to build your business, so don't risk a cybercriminal taking it all away. Whether they steal your cash, destroy your systems, or damage your reputation, a cyberattack could put you out of business.

If you'd like to know more about how you can protect yourself in the cyberwar, do reach out to me, Darrin Salt; darrin@thetechnologiesgroup.com, or call The Technologies Group for free on 0808 196 8130.