Many businesses will have shifted to remote working throughout the pandemic. Parts of the charity sector were no exception, with 95% saying they were working from home. But this can bring with it many risks and potential vulnerabilities to an organisation. Yet, 45% of charities said they had taken no extra precautions to protect staff from cyber attacks while working from home. 

These can be devastating. They can cost you thousands, result in data being permanently lost, and seriously damage revenue and reputation. 

Many charities don’t realise that they too can fall victim to cyber attacks, believing criminals only target larger corporations. Yet a third of charities experienced a cyber attack in the last 12 months. So with no one safe from cybercriminals, here are the top three reasons to keep your charity cyber secure.

Revenue

Cyber attacks vary massively. You could fall victim to a phishing scam or you could be the victim of ransomware. Ransomware is malware that steals your data and refuses to return it unless you pay a sum. Paying the ransom itself can be costly, but attacks can also put your charity on hold. With data lost and systems at a standstill, your shop may have to shut until it’s taken care of. And this can weigh heavily on a charity’s revenue and profits.

Cyber attacks can also lead to the loss of customers. Some customers will not trust organisations that can’t protect their data, and may decide to support other causes instead.

Productivity 

Following an attack, you may have to restore data, fix systems, improve security for the future, inform supporters and customers if their personal data has been compromised, and clean up the PR mess. It’s a killer of productivity. This is time that could be better spent bringing in money for your charity.

It may also affect morale amongst your staff and volunteers. They want the best for the charity and it’s never easy to suffer a huge setback, especially if it undoes their hard work. And if their data is caught up in the attack too, that’s one more factor to worry about.

Reputation 

No one wants their personal information leaked. Cyber criminals can steal your customers’ and donors’ sensitive information like addresses and card details. If this happened, they would be understandably upset and unlikely to trust your charity again.

Bad PR can damage the charity’s reputation further if it becomes apparent that security measures were perhaps overlooked. The word might spread that your charity does not do enough to protect its supporters, which can be a difficult accusation to overcome.

It may seem that cyber attacks only happen to the big corporations, but that is simply not the case. And during the pandemic, with working from home and increased anxiety for criminals to exploit, attacks have only become more common. Are you ready to protect your charity?

Nisyst Cyber Security has been at the forefront of the UK tech scene for almost 30 years. Protect your charity from cyber attacks today. Call us on 01204 706 000.

Cyber attacks come in many forms. You have ransomware, viruses, worms, and many more you should be aware of. Some attacks are more common than others, like those “Nigerian prince” scams that you might have in your spam folder, but all can be used to specifically target vulnerable businesses.

Arguably the most important type of attack you need to be wary of is a “social engineering” attack. The term describes psychological manipulation that tricks people into offering sensitive information or making security mistakes. 

Social engineering is particularly dangerous because there is no software that can stop it. It preys off human error and anyone can make mistakes. Here are the four social engineering security attacks all businesses should know.

Phishing

Have you ever had a poorly written email about an Amazon order, but you hadn’t bought anything? This is an example of phishing. This attack steals sensitive information like card details and logins. 

Phishing scams can also download malware onto your device. They are the most likely attack to hit a business, with the number of businesses falling victim growing from 6% in 2015 to 9% in 2019

Whaling attacks

Whaling attacks are like phishing, only these emails target specific people. Targets are usually board members or employees with higher clearance and access to important, sensitive information, such as CEOs, CFOs, and other executives. These attacks are hard to spot. Attackers will use personal information to be as convincing as possible. A common whaling attack is an email from a ‘supplier’ of your company requesting payment.

Pretexting 

Pretexting is often seen as the offline or human equivalent of phishing. This is where an attacker will coax information out of a victim with carefully constructed lies. They may imitate police, co-workers, bank workers, or tax officials – people who have authority and who most people would trust with sensitive information. 

They can gather extremely sensitive information through this attack, from personal addresses and phone numbers to staff holidays, bank records, and security information. Pretexting can be hard to recognise as the attacker gradually knocks down your defences and gains your trust.

Baiting

Baiting attacks use false promises that offer something enticing to the victim in exchange for sensitive information. These attacks are used to steal the victim’s personal information or download malware onto their system. 

A popular baiting technique is to leave an authentic-looking USB infected with malware in a place where they know the victim will see it. The hope is that the victim will plug in the USB so it can infect the system.

Almost half of UK businesses fell victim to a cyber breach or attack in the past 12 months. For what’s at stake – damaged reputation, loss of profits, disruption – sidestepping proper protection and security measures is just not worth it. By investing in the right security measures and taking the time to educate your staff on the malicious attacks out there, you can regain some control and secure a stronger, more stable future for your business.

Nisyst Cyber Security’s a team of engineers pride themselves on offering expert advice and tailored solutions for all your security and compliance needs. Give your business the best protection by calling us today on 01204 706000.

Cyber security should be at the top of the agenda for any business, right behind making a profit. In this technology-driven world, cyber attacks are all too common, so you can never be too careful.

How do you think your cybersecurity measures stack up? Why not take our quick quiz to see how your business is doing and if you have any vulnerabilities waiting to be exploited? Let’s dive right in…

Q1: Some businesses are too small for cyber criminals to care about.

  1. True
  2. False

This is false. The attacks on big corporations are the most publicised, but that doesn’t mean cyber criminals don’t target smaller businesses too. In fact, research suggests SMEs are actually just as likely to be attacked

Q2: How often should a business conduct cybersecurity training? 

  1. Once when first operational
  2. Once a year
  3. Every 4-6 months

Industry best practice suggests you conduct cyber security training roughly every 4-6 months. After 4 months, employees still seem to remember what they learned, but begin to forget around the 6-month mark. This study focused specifically on the employee’s memory for phishing attacks, which account for around half of all cyber attacks and are recognised as the top cause of data breaches.

Q3: Offsite backups are essential.

  1. True
  2. False

That’s true. Offsite backups are incredibly important. Yet 10% of organisations aren’t backing up their data at all. Offsite backups offer a solution if you’re ever the victim of ransomware, a data breach, or even in the event of a disaster that could destroy systems, such as an earthquake, fire, or flood. Offsite backups can’t prevent attacks, but they mean you still have your data if someone tries to steal or delete it. You never know what might happen.

Q4: Working from home reduces cyber security threats.

  1. True
  2. False

Unfortunately, this isn’t true. Working from home poses different risks than working in the office. 20% of businesses have suffered a breach because of the actions of a remote worker since the lockdown began. Employees might have weak setups, they might share their work device with others, or they might simply just be unaware of how to spot risks. This is why it’s so important to keep employees up-to-date with cyber security training.

A cyber attack can compromise a business, ruining its reputation and costing thousands. But all this can easily be avoided by simply taking the time to ensure your business has the strongest line of defence against attackers. 

Don’t know where to start? Leave it to the experts. Nisyst Cyber Security is dedicated to providing innovative and up-to-date security solutions. For more information, call us on 01204 706000.

Malware, viruses, spyware, and phishing – if you aren’t in the know, it can sound like a completely different language. It can feel overwhelming trying to understand cyber security and all the various threats. And all too often, these terms are explained using technical jargon without thinking about the average person.

So we put together this simple guide that tells you clearly, in simple English, what each is and why it is important for you to protect your systems from these types of cyber security threats.

Malware

Malware is a blanket term used to describe malicious software. It is any software designed to intentionally cause harm to a device, server, client, or computer network. This includes spyware, viruses, and ransomware (which we will cover below). 

When a user clicks a dangerous link, it downloads and installs the malware onto the system. Depending on what kind of software it is, it can go on to inflict damage, steal your data, or spy on your activity.

Virus

Viruses spread when people make innocent mistakes, such as using USBs with viruses on them and downloading infected files. Opening attachments in suspicious-looking emails can also download a virus onto your device. It is important to protect your system from viruses because they can slow down your computer, cause crashes, damage programs, and in worse cases, cause you to lose data.

Ransomware

The UK was the second most attacked country in 2019 for ransomware attacks, costing businesses £365 million. But what is ransomware? Simply put, ransomware infects your computer and holds your data hostage. If you pay a sum of money, you might get your data back, but you also might not. 

It is always a good idea to keep off-site backups. Ransomware is dangerous because while your data may eventually be returned, that doesn’t mean the attackers haven’t kept a copy for themselves. These attacks can cost businesses thousands and quickly destroy their reputation. A famous example is the WannaCry ransomware that attacked the NHS’s IT systems.

Spyware 

Just like it sounds, this is a software that enables a user to obtain information about your activity. They can watch what you do on your computer without you even knowing. Spyware is dangerous as it can steal sensitive information such as card details, login details, and monitor your activity. Not only that, but spyware is difficult to detect. Using an antivirus with anti-spyware features can help protect your system.

Cybercriminals are becoming increasingly sophisticated with their methods to steal information and infect devices with malicious software. It can be difficult to keep up with all the various terms and phrases, but as criminals find newer, more sophisticated ways to infiltrate businesses and steal their information, it is important to stay on top of it all. 

Knowing their methods is half the battle. The other half is protecting your business with effective cyber security solutions, giving your business the best chance against cybercriminals. 

Are you ready to protect your business? Put your mind at ease with Nisyst Cyber Security. For more information, contact us on 01204 706000.

Nearly 50% of the UK worked from home at the height of lockdown the Office for National Statistics reported.

That is why it is more important than ever to protect yourself from the work of cybercriminals.

As it is Cybersecurity Awareness Month, we thought we would share with you our top tips for protecting yourself from those pesky cyberattacks.

 

In this article, we will briefly cover:

  • Setting strong passwords.
  • Malware Protection.
  • Backing up your data.
  • Two-step verification.
  • Encrypt your data.
  • Secure your VPN.
  • Home security measures.

 

1.Setting up strong passwords

If you have a separate account when working from home, then you need to set up a strong password.

The best kind of password is a mixture of letters (lowercase and uppercase), numbers, and symbols that will make it harder for cybercriminals to guess. It should be ideally no shorter than 15 characters, and you should consider using a reputable password manger that will create random strong passwords and securely store them.

 

2.Malware protection

To protect your device from malicious emails and malware, you need to install Antivirus software as this is your first line of defense against threats such as computer viruses, worms and ransomware. As soon as they become available, install the latest operating system and updates.

 

3.Backup your data

Worst case scenario: the work you spent hours on that is due in just two hours suddenly disappears. What do you do? Create a backup using external hard drives, USBs, or the Cloud so that you never have to worry if it happens again. To make your data extra secure, consider encrypting the backup so it cannot be accessed if the device is lost or stolen.

 

4.Two-step verification

Adding that extra layer of security can make sure your data is even more secure. There are several ways to do this, but here are just a few:

  • Add a security question – This should be something only you know about yourself and be personal to you.
  • Limit access to work devices only so only you have access to your data.
  • Use a trusted app. Instead of simply logging in from a web browser, have an app that you know is secure that can be another layer of protection that will need to sign into first before signing into your official account.

 

5.Encrypt your data

A vital form of protection just in case your device is stolen or misplaced. If your data is already encrypted, check the software is working. There are two types of encryption: individual file and folder encryption, and full-disk or whole disk encryption. The former “encrypts only the specific items that you tell it to,” and “is acceptable if relatively few business documents are stored on a computer”.

Whereas, the latter ensures “all files, folders and volumes are encrypted”. The GDPR “makes organisations responsible for protecting the personal data it holds on individuals,” so it is better to be encrypted as your data will be more secure.

 

6.Secure your VPN

Securing your VPN (Virtual Private Network) can be simple by:

  • Use the strongest authentication method possible.
  • Use the strongest encryption method possible.
  • Restrict VPN access to those who require it.
  • Only allow access to what the users requires.
  • Implement and enforce strong password polices.

 

7.Home security measures

Finally, here are some simple ways you can protect your data every day:

  • Do not respond to phishing emails, but learn how to recognise them by being wary of emails that ask you to download attachments or click on links.
  • Follow your company security practices as your home is now an extension of your office.
  • Be aware of Covid 19 scams.
  • Secure your router by changing the default name and password and turn off remote management.
  • Use at least WPA2 Encryption when connecting via Wi-fi.
  • If possible, only use a device supplied by work to access work related tasks.
  • Let your manager know if you believe your data could be at risk.
  • Log off or shut down each day and secure your device in a safe place.

We hope you keep cybersafe this winter and if you found this post helpful please feel free to share.

Resources:

https://www.businessnewsdaily.com/9391-computer-encryption-guide.html

https://www.gdpr365.com/do-i-new-to-encrypt-my-data-what-does-the-gdpr-require/#:~:text=What%20the%20GDPR%20does%20is,an%20extra%20level%20of%20security.

https://www.ncsc.gov.uk/

 

There are many risks involved when running a business, the monetary loss being one of the major security issues that you may face. A lesser risk is that of data loss, which can easily occur as a result of workers being careless or accessing company data offsite. With the rise of remote working, this has become more and more common in the modern workforce.

The security of company data is an ongoing issue for companies UK-wide. Recently, Apricorn – leading provider of software-free and encrypted USB drives – announced new researchregarding the security risks involved in the lack of protection regarding data.

Strategy

Surprisingly, the data found that a third of those participating had already experienced data loss or breach as a result of mobile working. Many had no protocol in place for remote working, meaning that their data was continually at risk; something that they were aware of. Many companies conceded that although security measures were in place, they had no real way to enforce them. Such a gap in security is a huge risk for the delicate data of the company and poses a dilemma for company strategy going forward.

Further Security Risks

Compact discs, pen drives and other removable devices were also a risk exposed by the study. Easy to lose or steal, they also posed a threat of introducing malware to the network from employee’s personal devices. Some try to curtail this and use cloud storage in order to allow remote workers access to the files they need to work; however, this too poses certain risks, such as numerous accounts that are unmonitored, susceptibility to being hacked without proper security in place and data leakage as a result of weak user credentials.

The financial implications of these risks are great, only increasing the larger your company becomes and the more financially successful. More so in 2018, when enforcement by the European General Data Protection Regulation (GDPR) will introduce even heftier fines, something which many UK-based companies seem to be largely unaware of.

Further training and protocols regarding data safety is a must in order to help keep data safe when being accessed by remote workers. As the new generation of workers become more technologically savvy, security measures may be easier to enforce as we anticipate them to have the knowledge and a better understanding of how the hardware works. It remains an important consideration for the younger generations to remain vigilant when it comes to matters of data security. A decrease in concern could mean that data becomes more at risk than ever.

Call Nisyst today and see what we can do for you and your business to minimise security risks.

Even with today’s technology and ever-advancing levels of security, cyber-attacks can still occur. And now, more than ever, charities are being urged to protect themselves against a specific type of cyber-attack; ransomware.

The ‘WannaCry’ ransomware, in particular, has been targeting Microsoft Windows since Friday, 12 May 2017. More than 230,000 computers in 150 countries have already been affected. WannaCry demands ransom payments in bitcoin, a type of digital currency, in 28 different languages.

This highlights just how important it is for charities to be protected.

 

Are Charities at Risk?

It’s not clear yet whether charities are affected by WannaCry, but the truth is that IT systems and existing protection need to be kept updated at all times. After all, according to James Mulhern, chief information security officer at Eduserv, “charities are a big target for cyber criminals because they have valuable data, including personal information which is of huge value to attackers.”

The Cyber Security Breaches Survey 2017 also reveals that almost seven in ten companies identified a breach or attack. Businesses that hold electronic personal data were more likely to suffer from breaches (51%) than those that don’t (37%), which showcases the severity of this issue and why charities need to be protected against cyber-attacks.

The most common attacks occur through fraudulent emails, which try to get staff and consumers to reveal personal information, as well as passwords. Malware and viruses in attachments and links are also common, as is ransomware.

How Can Charities Remain Protected?

Charities can protect themselves by using donated security software, according to Richard Craig, CEO of charity software specialist Technology Trust:

“A lot of the problems have been caused by organisations using legacy systems, predominantly Windows XP, which is no longer supported by Microsoft. It’s understandable that charities try to send as much money through to their cause but this shows what can go wrong if you postpone upgrading. Microsoft donates Windows operating systems to charities so that at least takes a lot of the cost away.”

Backing up systems, having an up-to-date antivirus in place, and investing in high-quality technology can minimise the risks of cyber-attacks. It is also important that staff have the necessary skills to identify an attack or to respond to it, so make sure everyone is trained in cyber security (or has enough knowledge of it).

At Nisyst, we strive to make charities safer than before, be it to prevent ransomware or any other security breaches. We have extensive experience in the way volunteers work and have worked closely with many charity IT departments to advise on and implement best practice at the retail point for greater security. So book a demo or call us on 01204 706 000 and we’ll be more than happy to answer any questions you may have about our technology and to discuss how we can help you to become a safer charity.