Posts

For almost a year now, many of us have been working from home. With the lockdown still ongoing – though potentially with the end in sight – many are still working remotely. While it might be protecting our health, we can’t forget to protect ourselves from cyber threats, too.

Right now is a great opportunity for cybercriminals. The anxiety around the virus makes people more vulnerable to phishing attacks, while work from home setups tend to have weaker security measures in place than the office. But it is not just cybercriminals causing disruption: 20% of businesses have suffered a breach due to the actions of a remote worker since lockdown began.

It is essential to stay on top of any potential threats or vulnerabilities and ensure employees understand how to stay safe. Here are three security risks you and your staff should look out for when working from home…

Insecure home setups

In an office environment, you probably have an IT manager or someone in control of the security of your network. At home, however, people typically have weaker setups. For example, their Wi-Fi connection might be WEP instead of WPA-2. This may seem unimportant, but weaker setups make it a lot easier to hack into. 

This shift could also mean people are using programs they aren’t familiar with, which can lead to further vulnerabilities. Personal devices like laptops and mobile phones may have fewer security controls, so it is best, if possible, to use work-issued devices. 

Phishing attacks

Phishing attacks are widely recognised as the top cause of data breaches. These attacks can ruin a business. On the surface, they look like normal emails. But they often link to fake websites and downloads that infect your computer. 

Over the course of the pandemic, they’ve become more sophisticated and targeted. But more than that, they’ve become more frequent; HMRC reported a 73% rise in phishing emails. The best way to protect against phishing attacks is training. Make sure all staff know the warning signs of an attempt and to check with IT managers if they aren’t sure.

Weak passwords

If something’s online, there’s a good chance someone else can get into it. It helps to make it as difficult as possible for them. Many companies work online to make work more collaborative. But too often, people reuse login details. 

Using the same login for Zoom, email, and any other online apps or websites you use to stay in contact with your team is dangerous and can result in an attacker gaining access to your accounts. Password managers can help keep track of multiple passwords and help you create stronger ones that are harder to guess.

Cyber threats are a danger to all businesses, especially while we’re working from home. It’s important to back up data, make employees aware of the various attacks and best online practices, and ensure they have the strongest setup possible while they’re working remotely. 

Put your mind at ease by protecting your business today. We pride ourselves on creating the most efficient and effective cyber security solution. For more information, get in touch with us on 01204 706000.

It’s no surprise that cybersecurity has rocketed up many companies’ list of priorities. The number of UK businesses who fell victim to a cyberattack has majorly increased, especially in the last year. And it’s not as if the bigger the business, the safer you are; phishing attacks worked 38% of the time in large businesses compared to 29% in SMEs.

The reason for the high number of cyberattacks? Our technology makes it too easy. If cybersecurity is at the top of your agenda, so should patch management. Every piece of current software and technology is constantly releasing new patches that add new features and bolster security. But if you aren’t staying on top of them, you are just leaving yourself open to exploitation. So how can patch management ensure you and your tech stay as safe as possible?

Why you need patch management

The most obvious reason for patch management is to keep your security up to date. Bad-faith actors will use whatever holes they can find to work their way into your system. It’s also why we would never recommend you use unsupported services or operating systems. Any breach will likely cost you a lot of money and a lot more reputation.

Beyond that, staying on top of your patches keeps your whole team more productive. As well as fixing any existing security issues, updates can make software more efficient, meaning it runs faster and crashes less. Your staff won’t have to worry about any of that slowing them down. How often has your computer frozen and sent you into a mad rage? We know it’s happened more than enough to us!

Due to the significant threat, it’s also often a requirement to stay safe. Depending on your industry, staying up to date means staying compliant. Noncompliance is a rocky road to penalties and lost business. If you have personal details for clients and they end up being compromised, you put them in danger and your business in hot water.

How to implement

We make it sound like a long process, but it doesn’t have to be. It might require more work at the start as you lay out a patch management policy, but then you can simply carry out regular scans to check for any vulnerabilities and new patches. Done right, you can push updates out to multiple devices at once, saving any need to go to individual devices.

If you want to be more thorough – which we always recommend for something as important as cybersecurity – you need to check the updates in a testing environment before pushing out. This ensures it won’t negatively affect you in any way. And when it’s all done, a final report detailing the process would help for any auditing in the future.

What’s important is you understand why you’re doing it. Make sure all the management and staff understand how it’s of benefit – potentially include it in any cybersecurity training you put your team through. Patch management can be a big undertaking for a team that’s already stretched thin, but there are companies and software available that can handle this vital task for you.

We offer a patch management service so you can be safe in the knowledge that your devices are as safe and secure as possible. This way, your IT team can focus on doing what they do best, and you don’t have to worry about vulnerabilities in your software. Protect your business today with Nisyst Cyber Security. For more information, get in touch on 01204 706000.

Many businesses will have shifted to remote working throughout the pandemic. Parts of the charity sector were no exception, with 95% saying they were working from home. But this can bring with it many risks and potential vulnerabilities to an organisation. Yet, 45% of charities said they had taken no extra precautions to protect staff from cyber attacks while working from home. 

These can be devastating. They can cost you thousands, result in data being permanently lost, and seriously damage revenue and reputation. 

Many charities don’t realise that they too can fall victim to cyber attacks, believing criminals only target larger corporations. Yet a third of charities experienced a cyber attack in the last 12 months. So with no one safe from cybercriminals, here are the top three reasons to keep your charity cyber secure.

Revenue

Cyber attacks vary massively. You could fall victim to a phishing scam or you could be the victim of ransomware. Ransomware is malware that steals your data and refuses to return it unless you pay a sum. Paying the ransom itself can be costly, but attacks can also put your charity on hold. With data lost and systems at a standstill, your shop may have to shut until it’s taken care of. And this can weigh heavily on a charity’s revenue and profits.

Cyber attacks can also lead to the loss of customers. Some customers will not trust organisations that can’t protect their data, and may decide to support other causes instead.

Productivity 

Following an attack, you may have to restore data, fix systems, improve security for the future, inform supporters and customers if their personal data has been compromised, and clean up the PR mess. It’s a killer of productivity. This is time that could be better spent bringing in money for your charity.

It may also affect morale amongst your staff and volunteers. They want the best for the charity and it’s never easy to suffer a huge setback, especially if it undoes their hard work. And if their data is caught up in the attack too, that’s one more factor to worry about.

Reputation 

No one wants their personal information leaked. Cyber criminals can steal your customers’ and donors’ sensitive information like addresses and card details. If this happened, they would be understandably upset and unlikely to trust your charity again.

Bad PR can damage the charity’s reputation further if it becomes apparent that security measures were perhaps overlooked. The word might spread that your charity does not do enough to protect its supporters, which can be a difficult accusation to overcome.

It may seem that cyber attacks only happen to the big corporations, but that is simply not the case. And during the pandemic, with working from home and increased anxiety for criminals to exploit, attacks have only become more common. Are you ready to protect your charity?

Nisyst Cyber Security has been at the forefront of the UK tech scene for almost 30 years. Protect your charity from cyber attacks today. Call us on 01204 706 000.

Cyber attacks come in many forms. You have ransomware, viruses, worms, and many more you should be aware of. Some attacks are more common than others, like those “Nigerian prince” scams that you might have in your spam folder, but all can be used to specifically target vulnerable businesses.

Arguably the most important type of attack you need to be wary of is a “social engineering” attack. The term describes psychological manipulation that tricks people into offering sensitive information or making security mistakes. 

Social engineering is particularly dangerous because there is no software that can stop it. It preys off human error and anyone can make mistakes. Here are the four social engineering security attacks all businesses should know.

Phishing

Have you ever had a poorly written email about an Amazon order, but you hadn’t bought anything? This is an example of phishing. This attack steals sensitive information like card details and logins. 

Phishing scams can also download malware onto your device. They are the most likely attack to hit a business, with the number of businesses falling victim growing from 6% in 2015 to 9% in 2019

Whaling attacks

Whaling attacks are like phishing, only these emails target specific people. Targets are usually board members or employees with higher clearance and access to important, sensitive information, such as CEOs, CFOs, and other executives. These attacks are hard to spot. Attackers will use personal information to be as convincing as possible. A common whaling attack is an email from a ‘supplier’ of your company requesting payment.

Pretexting 

Pretexting is often seen as the offline or human equivalent of phishing. This is where an attacker will coax information out of a victim with carefully constructed lies. They may imitate police, co-workers, bank workers, or tax officials – people who have authority and who most people would trust with sensitive information. 

They can gather extremely sensitive information through this attack, from personal addresses and phone numbers to staff holidays, bank records, and security information. Pretexting can be hard to recognise as the attacker gradually knocks down your defences and gains your trust.

Baiting

Baiting attacks use false promises that offer something enticing to the victim in exchange for sensitive information. These attacks are used to steal the victim’s personal information or download malware onto their system. 

A popular baiting technique is to leave an authentic-looking USB infected with malware in a place where they know the victim will see it. The hope is that the victim will plug in the USB so it can infect the system.

Almost half of UK businesses fell victim to a cyber breach or attack in the past 12 months. For what’s at stake – damaged reputation, loss of profits, disruption – sidestepping proper protection and security measures is just not worth it. By investing in the right security measures and taking the time to educate your staff on the malicious attacks out there, you can regain some control and secure a stronger, more stable future for your business.

Nisyst Cyber Security’s a team of engineers pride themselves on offering expert advice and tailored solutions for all your security and compliance needs. Give your business the best protection by calling us today on 01204 706000.

Malware, viruses, spyware, and phishing – if you aren’t in the know, it can sound like a completely different language. It can feel overwhelming trying to understand cyber security and all the various threats. And all too often, these terms are explained using technical jargon without thinking about the average person.

So we put together this simple guide that tells you clearly, in simple English, what each is and why it is important for you to protect your systems from these types of cyber security threats.

Malware

Malware is a blanket term used to describe malicious software. It is any software designed to intentionally cause harm to a device, server, client, or computer network. This includes spyware, viruses, and ransomware (which we will cover below). 

When a user clicks a dangerous link, it downloads and installs the malware onto the system. Depending on what kind of software it is, it can go on to inflict damage, steal your data, or spy on your activity.

Virus

Viruses spread when people make innocent mistakes, such as using USBs with viruses on them and downloading infected files. Opening attachments in suspicious-looking emails can also download a virus onto your device. It is important to protect your system from viruses because they can slow down your computer, cause crashes, damage programs, and in worse cases, cause you to lose data.

Ransomware

The UK was the second most attacked country in 2019 for ransomware attacks, costing businesses £365 million. But what is ransomware? Simply put, ransomware infects your computer and holds your data hostage. If you pay a sum of money, you might get your data back, but you also might not. 

It is always a good idea to keep off-site backups. Ransomware is dangerous because while your data may eventually be returned, that doesn’t mean the attackers haven’t kept a copy for themselves. These attacks can cost businesses thousands and quickly destroy their reputation. A famous example is the WannaCry ransomware that attacked the NHS’s IT systems.

Spyware 

Just like it sounds, this is a software that enables a user to obtain information about your activity. They can watch what you do on your computer without you even knowing. Spyware is dangerous as it can steal sensitive information such as card details, login details, and monitor your activity. Not only that, but spyware is difficult to detect. Using an antivirus with anti-spyware features can help protect your system.

Cybercriminals are becoming increasingly sophisticated with their methods to steal information and infect devices with malicious software. It can be difficult to keep up with all the various terms and phrases, but as criminals find newer, more sophisticated ways to infiltrate businesses and steal their information, it is important to stay on top of it all. 

Knowing their methods is half the battle. The other half is protecting your business with effective cyber security solutions, giving your business the best chance against cybercriminals. 

Are you ready to protect your business? Put your mind at ease with Nisyst Cyber Security. For more information, contact us on 01204 706000.