With so may changes in the world of working with technology, especially over the last year, is preventing cyber crime still at the top of the list of things to do in 2021?
We recently published a series of blogs from our Cyber Essentials Partner the IASME Consortium. The blogs provided some insight into what cyber crime is and how we can prevent it.
IASME Consortium are in charge of the Cyber Essentials Certification, amongst other certifications, which is a government backed scheme to help protect your organisation against a range of cyber attacks by applying a series of technical controls. These five technical controls cover,
- Boundary Firewalls – your outer most barrier to the web
- Secure Configuration – how difficult it is to get into your system
- User Access Control – who has permission to data and installation of software, for example
- Malware Protection – continuous detection of malicious software in place
- Patch Management – ensuring there are no flaws in software which can be a way in for the cyber criminal
These simple but effective measures can prevent the vast majority of cyber attacks. Simple measures which can prevent the devastating effects of a cyber attack on any sized business.
- Financial cost from fraudulent transfers or ransom payments
- Reputational damage loss of customer data, inability to fulfil requests
- Lost productivity downtime leaving employees unable to do their work
- Legal Liability from customer data loss or hacked web applications
When WannaCry Ransomware Global attack in 2017 hit the NHS, it was brought to a standstill for several days affecting hospitals and GP surgeries. The attack exposed a specific Microsoft Windows vulnerability; patching would have prevented the attack from happening in the first place.
More recently, 13th and 14th May 2021, the Irish health service had two ransomware attacks, both the Department of Health and Health Service Executive had to shut down its IT systems, causing a substantial number of cancellations to outpatient services, putting lives at huge risk. Its still on going, still negotiating, still trying to get the data back. The aftermath will be huge. Unknown how the attack took place.
In 2019 a School in Dorset lost GCSE coursework for a number of Year 11 students to a ransomware attack which encrypted files at the school. An email with a virus had been opened.
A hairdresser in Cheltenham, had their entire appointment system data taken and was held to ransom for £1600 worth of bitcoins. It cost the business much more, as they were unable to contact their customers. Using strong passwords, having stricter internet usage policies, employee education and a backup policy could have ensured the attack would have had minimal affect.
How can I know I'm doing everything to prevent Cyber Crime?
Are you ready for Cyber Essentials Certification?
It is difficult to know where to start. The recently launched Cyber Essentials Readiness Tool is an online tool which gauges your current level of cyber security against where you need to be for Cyber Essentials Certification. It will provide you with an action plan to making changes to your systems ready for the certification. However, if you would prefer some help from qualified Cyber Essentials assessors, our Security Operations Team can help, contact us to discuss preparing for Cyber Essentials Certification.
The Cyber Essentials Certification itself is a self assessment which is then verified by a qualified assessor. Cyber Essentials Plus includes a technical audit of the systems, testing that the five controls are in place and are working as they should, again completed by an independent qualified assessor. Our blog What's the difference between Cyber Essentials and Cyber Essentials Plus, provides even more details about the scheme.
Our Cyber Security Service, Concise Protect, on the other hand goes one step further. It includes the yearly Cyber Essentials Certification, but also includes extra toughening measures to protect your systems. Regular vulnerability testing forms part of the cyber security service to continually identify and prioritise security weaknesses. This is combined with continuous monitoring and management of your systems to ensure the safe guarding of that compliance and help protect your business. Speak to someone today about your cyber security strategy and whether Concise Protect could be the answer.
» Learn more about our Concise Protect Cyber Security service
Cyber Security Awareness Recap from IASME
Here's a recap of the 7 blog posts from IASME on cyber security awareness.
#1 Why you need to know about cyber crime - Learn about how to avoid being a victim of cyber crime by understanding what it is.
#2 Keep your wits about you while shopping online - learn about the tactics of cyber criminals whilst you shop online. Protect your accounts and secure your data
# 3 Wise up to strong passwords - Learn about having a better strategy for your passwords including having a place to store them.
#4 Ninja at the gateway - The secrets of your router - What's a router and how best to setup the first line of defence to keep the bad guys out.
#5 What and where is the cloud? - Understand what Cloud Computing is and how to protect your data when using cloud services for storing your data.
#6 Is your Computer Access under Control? - Understand the difference beween user and admin accounts and why each one is important for keep your network and data safe
#7 Don’t be caught out by a Phishing attack - what's a phishing attack and how to recognise one from any other email or text message.
- Cyber crime prevention is an ongoing battle with ever changing threats and craftier criminals
- Investing time in getting simple technical controls right can hugely mitigate the risk of long term damage. Speak to Concise about Cyber Essentials Certification.
- Ensure you have a comprehensive and integrated security strategy to protect your IT network, your assets and your business. Speak to Concise about building a security strategy and how Concise Protect can help
- The IASME blogs give some insight into what you can do to help yourself be more Cyber Aware, speak with Concise about getting your whole business protected.