The 3 biggest security mistakes businesses are making

Cyber attack

When it comes to cybersecurity breaches, it’s not a matter of if, it is a matter of when. Cyber attacks are on the rise, with cybersecurity breaches becoming more and more frequent.

Attackers are capitalising on the emergency coronavirus situation we are in, primarily targeting small businesses. This is a real threat, and security and information institutions have warned that the frequency of coronavirus-related attacks will increase over the coming weeks and months.

Katie Heenan explains that we all need to be as prepared as possible to deal with these threats. Here are three common security mistakes that businesses make, and our top tips on how to fix them!

Emails

Phishing is probably the most well known social engineering attack, and one that companies are becoming more attuned to, yet phishing attacks can still be very effective. Phishing is where an attacker crafts a malicious email aiming to deceive the receiver into providing confidential information or visiting a malicious website. These emails are often disguised as originating from a legitimate source, such as a bank or HR department.

In April 2020, the National Cyber Security Centre (NCSC) created the Suspicious Email Reporting Service, after seeing a sudden increase in coronavirus-related email scams. In the first week that this service was operating, they received over 12,000 reports, which resulted in 220 phishing sites being taken down (National Cyber Security Centre, 2020). However this cybersecurity threat still exists, and phishing attacks are still on the rise.

Businesses are left especially vulnerable when staff aren’t fully aware of the threat, and when the business fails to have strong email security defenses in place. In the office, it is easy to cross-check the email with neighbouring colleagues, whereas when working from home, employees are less likely to query suspicious emails as they may not want to “make a fuss”.

Email security and filtering software detects potentially malicious emails, and filters these out before they reach the staff’s inbox. Check what email protection you currently have, as you may have a level of email security with your email provider. Consider investing in your own email security and filtering software, this doesn’t have to be expensive and can start from as little as £1 per mailbox per month, depending on the provider.

It’s also incredibly important to make sure that your staff are properly trained, and know not to open any emails from untrusted sources. Having regular communication with staff that aren’t in the office helps to maintain this.

Secure Remote Access Tools

When the coronavirus lockdown was first implemented, it forced hundreds of small businesses to suddenly move online, in order to try and stay afloat. This hurried change to remote working and online communication has meant that many businesses don’t have secure remote access tools in place for their workforce.

Two-factor authentication is a security process whereby users have to provide two different authentication factors to verify their identity. This could be by using your password and a one-time passcode that might be sent to your phone.

This adds another layer of security, as it is designed to make sure that you are the only person who can access your account, even if someone else knows your password. Two-factor authentication is easy to set up, and most email providers actively encourage you to use this, with some providers even making it mandatory for users. If you don’t already have this, take some time to get two-factor authentication set up and familiarise yourself and your staff with using this.

It is a really effective way to help keep your accounts secure. A good place to start is by taking a look at something like the free Google Authenticator app.

VPNs provide additional security and privacy when you are connecting to the internet and other internal corporate environments.  They utilise end-to-end encryption, which acts as a secure wrapper around all communications. Using a VPN guarantees a private connection, meaning that your team can work remotely and securely without the fear of connections being compromised. Many companies have VPNs set up for remote working, as it allows employees to securely connect to internal services and networks.

VPNs are vital in ensuring that your sensitive data stays private. Make sure that if you don’t have an existing VPN, you invest in one that is right for you and your business.

There are a number of VPNs on the market at very affordable prices.  Here at Ruptura Infosecurity Limited, we can set up your VPN in just minutes! Get in touch with us to find out more about our VPN services.

Lack of Cybersecurity Investment

Many people think that Cybersecurity is just an IT problem, yet Cybersecurity is a business problem. It affects every single aspect of your business. 62% of Small Businesses & Charities reported breaches in 2018, (Gov UK, 2018), with the average cost of Cybersecurity breach costing £2.99 million (IBM, 2019). The cost of recovering from a breach is far greater than the cost of preventing a breach. We understand that it’s a difficult time for small businesses at the moment, and that they may be reluctant to spend their hard-earned cash, but it’s important now more than ever, to pay a little now, to save a lot later.

Consider investing in cybersecurity, it is a worthwhile investment for businesses of all sizes, and it isn’t as expensive as you may think! At Ruptura Infosecurity Ltd we offer a range of cybersecurity packages that are tailored specifically for small businesses. We recognise that budgets at this time may be restricted and we therefore offer small businesses the chance to pay for our cybersecurity services in instalments. If this is something you would need, please contact us and we will do our best to accommodate.

The safety and security of your business is paramount. All businesses are worth protecting, no matter their size. Stay clear of these security mistakes, and keep your business secure. If you need any advice or help with your cybersecurity visit www.ruptura-infosec.com or send us an email to info@ruptura-infosec.com.