What are the latest cyber threats and why should you care?

Did you know that if you’re a small or medium-sized enterprise there’s around a 1 in 2 chance that you’ll experience a cyber security attack? Cyber criminals are constantly developing new ways to hack into your business to steal your money and data and if it hasn’t yet happened to you, chances are your business could be next.

So, what are the threats?

You have probably heard of the following types of cyber-attack:

Malware – Malicious software is any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses and spyware.

Ransomware – This is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

Phishing – The fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details, disguised as a trustworthy source, usually by email.

But have you heard about the latest types of threats?

RansomWorms – The next generation of Ransomware, they exploit system vulnerabilities without needing to open a file to infect a machine (like traditional Ransomware). Simply visiting a website can provide the necessary access a RansomWorm requires.

Fileless Malware – Also known as non-malware, fileless malware doesn’t need to install malicious software, instead it takes advantage of existing vulnerabilities on your machine and uses common system tools to launch an attack. As it does not require a file download, it can be quite difficult to prevent, detect, and remove.

Spear Phishing/Whaling – Spear phishing is an email-spoofing attack that targets a specific organisation or individual seeking unauthorized access to sensitive information. They encourage trust by using personal information like real names and job titles.

So how would this affect my business?

The havoc caused by a cyber attack 

If you were to become one of the 1 in 2 UK companies to be targeted by cyber criminals, how much would it hurt? The impact on a business can potentially be catastrophic. The end-result can mean loss of data, customers and reputation, as well as leaving you thousands of pounds out of pocket.

We’ve identified some of the risks to your business below.

Figure 1. Potential risks to business if a cyber-attack were to occur

How can you protect your business from the most common cyber-attacks?

Based on advice from the National Cyber Security Centre, here are five ways you can protect your business:

Back up data

To reduce the risk of data loss, make regular backups of your important data and test whether it can be restored.

• Identify what needs to be backed up.
• Ensure the device containing your back up is not connected to the device holding the original copy.
• For ultimate peace of mind, consider backing up your data to the cloud. This way you will be able to access it safely and from anywhere.

Keep devices safe

Ensure that all of your devices are safe, including smartphones and tablets.

• Switch on PIN/password protection/fingerprint or facial recognition for mobile devices.
• Configure devices so that when lost or stolen they can be tracked, remotely wiped or locked.
• Do not connect to public Wi-Fi hotspots when sending sensitive data.
• Replace devices that are no longer supported by manufacturer software updates.

Prevent malware damage

By adopting the following practices, you can protect your business from the damage caused by malware.

• Use antivirus software on all computers and laptops. Only install improved software on tablets and smartphones and prevent users from downloading 3^rd party apps from unknown sources.
• Patch all software and firmware by applying the latest software updates as soon as they become available.
• Control employee access to removable media such as USB sticks and SD cards and consider disabling ports and limiting access to certain media.
• Make sure your firewall is switched on.

Avoid phishing attacks

Prevent employees from falling victim to email scammers phishing for sensitive information.

• Do not allow staff to access emails or the internet from an account with Admin privileges.
• Scan for malware and change passwords as soon as you suspect a malware attack may have taken place.
• Check for obvious signs of phishing like poor spelling, grammar and poor copies of company logos. Check the senders full email address – does it look legitimate?

Protect data with passwords

When implemented correctly, passwords are a free, easy and effective way to prevent unauthorised access to your devices and data.

• Make sure all laptops, Macs and PCs use encryption products that require a password to boot. Switch on PIN/password protection/fingerprint or facial recognition for mobile devices.
• Use two factor authentication (2FA) for important websites like banking and email.
• Avoid using passwords that are predictable (like family and pet names) or common passwords (like Passw0rd).

How you can manage your company’s security easily and cost-effectively?

There is a lot to consider but managing cyber security needn’t be a daunting challenge for businesses.  Our experts at Curveball Solutions can provide the right advice and security your company needs.