December, 2020

How can you protect your business from the very people who work with you?

While you might have everything in place to protect you from external cyber-attacks, unexpected security threats can come from right under your nose – even from good willed and trusted employees.

It’s all well and good to keep your data safe and secure, but it can just take one employee not following the right security protocols, or disgruntled ex-employees having access to data – and you might find your business in serious trouble.

With the majority of us working remotely, this brings with it a whole raft of security issues – do employees have access to the right servers for their work, are staff updating their apps and systems accordingly, are they using work laptops for personal use?

That’s why it’s so important to drill security practices into everyday actions for staff – while many basic security principles may seem obvious, the consequences of even a minor slipup can be severe.

So, how can you protect your business and data from well intentioned employees who might not be in the know about IT security?

It starts with Cyber-Sensibility, ensuring your staff are well educated with regards to your company’s IT operations, passwords and keeping data confidential and secure.

Start by taking time out to train employees on IT best practices – saving documents to the correct files, ensuring passwords remain secure, and that employees know not to use their computers or laptops for personal use

Consider implementing a password manager for secure and confidential passwords and access to shared services)

Ensuring employees are well-enough educated in regards to cyber-security can be one of the most important methods to keeping safe.

A study conducted by Cyberark discovered over half of all employees are happy to allow co-workers using their login details, meanwhile 45% revealed they don’t tell IT when they download an unauthorised app to their device.

This sort of behaviour comes with severe risks of viruses and hacks, leaving IT systems much more vulnerable to attacks – it’s well worth double-checking staff understand basic IT security to protect themselves and the business.

The next step is to keep on top of remote setups.

The pandemic has seen unparalleled amounts of workers working remotely from home, which has completely moved the goalposts in terms of cyber-security.

A recent survey discovered 95% of security professionals were facing added IT challenges with employees WFH in thrown together home offices not fit for purpose.

Threats like phishing scams and malicious webpages are now having greater impacts than before, posing a huge threat to all businesses and employees.

Your IT security needs adapt to the changing environment, ensuring employees know what potential scams look like through training and flagging up anything they’re unsure about.

Be aware of what potential scams look like, through training and avoiding complacency, keep a distance from anything that could pose a threat, and ensure apps and systems are consistently updated.

What about ex-employees?

The process of removing moved-on workers from your system is another action that has to be taken seriously. It’s estimated that around 92% of UK businesses don’t automate this task as part of an off-boarding process, leaving plenty of room for human error.

Allowing a former employee to have access to your IT systems runs the risk of a whole load of IT security issues.

In fact, a Gurucul study discovered around one in ten workers would take as much corporate data as they could on the way out of a job, with a further 15% saying they would change passwords and even delete files.

Of course, not everyone will take files or change passwords, but that doesn’t mean you shouldn’t be meticulous about your offboarding processes and take all the necessary precautions to prevent data breaches from former employees.

Much of the time, departing staff might not have any ill will but can still leave your business open to data breaches by keeping business files and information on personal computers, failing to handover correct log in details, and not returning all of their company IT equipment.

There are a few ways you can look to prevent this such as wiping work-devices, changing passwords, and removing access to files (especially company social media accounts) and notifying the IT department well in advance about staff changes.

How can we help?

Getting the best IT advice is essential to help prevent breaches and security issues from damaging both your reputation, your business, and your profits.

If you’re interested in how you can improve your business security, please get in touch with our friendly team of IT experts – who will run through everything cyber-related with you.

You can find out about all of our different services here

How can you make sure staff don’t fall for email scams?

Phishing scams aren’t new to the scene.

In fact, we’ve become so used to the headlines about businesses paying out fortunes to get their data after some unsuspecting employee clicked a dodgy link in an email.

Even today’s (03 December 2020) news from IBM of a targeted global hacking campaign aimed at the COVID-19 vaccine supply chain hasn’t surprised us – it’s something governments and businesses have been warning against for months.

IBM believes the campaign began in September 2020, with phishing emails sent to six countries linked to the delivery ‘cold chain’ used to keep the vaccine at the right temperature when it’s transported.

Attackers reportedly impersonated a business executive from a Chinese company involved in the cold supply chain to trick targets into opening emails, as well as targeting transport organisations with malicious phishing emails asking for log in details.

If successful, hackers could have procured sensitive and confidential information about the distribution of a high value and high priority.

According to IBM’s security researchers, targets included the European Commission, companies involved in solar energy, a software development company in South Korea, and a German web development company.

It’s not just bigger organisations being hit by more phishing scams, smaller businesses can easily could become exposed to scammers purely by the fact that your good-natured employee didn’t think to message or phone their colleague about a slightly odd or unusual email they received.

Covid-19 has created the perfect environment for phishing, with remote working, digital appointments and a rise in health and medical information, hackers are finding it easier to take advantage of people, reaping in the stolen benefits.

From the beginning of the pandemic, fraudsters changed their tune and started using sophisticated methods of exploiting innocent victims and companies – from fake government emails and support schemes to business relief funds, hackers are now more creative than ever.

In February phishing attacks related to HM Revenue and Customs (HMRC) impersonations averaged at 26,100 per month, a figure that by March increased to 40,184 attacks, roughly 73% rise within a month. The number of attacks has steadily been increasing between March and September with recent figures suggesting 57,801 attacks per month.

In August, the HMRC declared it was investigating more than 10,000 email, SMS, social media and phone scams specifically exploiting the pandemic.

These attacks are on the rise, and are becoming more and more convincing. We’ve outlined some vital steps you and your business can take to prevent these attacks and identify the scam before it’s too late.

How to recognise phishing

1. Emails usually look identical to messages from reputable organizations
2. The content sounds urgent
3. The content tries to stir fear
4. Claims to enclose breaking news or important information
5. Asks you to download a link or attachment
6. Email address does not match organisation

How to protect against phishing

1. Train your staff

It may sound a little boring but it is so important to understand the threat and be able to identify spam emails and webpages as a collective unit.

As harsh as it sounds, staff are often the biggest weak point when it comes to phishing – so it’s vital to train your staff in recognising risky spam emails.

This includes understanding URLs and being able to recognize the ones that are safe and legitimate versus those that are fraudulent.

We offer phishing simulations as a service to help identify and train you and your staff to make your business less vulnerable.

2. Triple check everything

If uncertain of an email a website or a company, visit the website or google the address. If the site comes up with an error or details are not matched, this should be considered a warning.

If you ever receive any suspect emails, always refer to your colleagues and your IT support team – it’s always better to be safe than sorry!

3. Invest in your security

Installing and updating anti-spam, anti-virus, and anti-spyware software. Deploying a spam filter that detects unidentifiable senders, webpages, or downloads will prevent any further interaction with spammers and keep your business safe.

It’s all about balance, right? At Consider IT, we can help support your digital and cyber security needs, with our proven cyber security solutions.

Our team of experts can help support your business by securing both technical and operational measures from implementing software to designing new security policies and strategies that work.

With complete protection, we can become the first point of contact for every area of security, directing potential attacks to our expert team who can react sooner and faster.

As a Cyber Essentials Plus-accredited team, we can guide you through security processes to better protect your businesses and employees, helping your business achieve your own Cyber Essentials plus accreditation.

We’re a full CREST-accredited body with CREST-accredited staff, including CREST Practitioner Security Analysts and CREST Registered Penetration Testers.

So, we can help give you peace of mind, as well as helping you protect your business. Becoming accredited is an incredibly powerful way to gain trust and confidence from your customers and workforce.

If you’re interested in how you can improve your business security, please get in touch with our friendly team of IT experts – who will run through everything cyber-related with you.

You can find out about all of our different services here