Around 65,000 attempts to hack small to medium-sized businesses happen every day in the UK. If they’re successful, they can really damage your reputation, lose you revenue, and leave your staff feeling vulnerable. Depending on the scale and how prepared you are for an attack, it can take weeks to recover from.

So protecting your business should be the number one priority. But it isn’t as simple as installing firewalls and antivirus. There’s a certain tactic that cyber criminals use called social engineering that can’t be stopped by software, making it particularly dangerous. But what is it and how can you keep you and your staff safe?

What is social engineering?

Social engineering can be a subtle attack, so much so that you don’t even realise it’s happening. They exploit human nature and trust to get the victim to reveal sensitive information. It can be used in a variety of attacks, including phishing attacks, baiting, and confidence tricks.

It’s estimated that around 98% of cyber attacks use social engineering in some form, making it one of the most dangerous threats to an organisation. What makes it so dangerous is that it manipulates our psychology, meaning anyone can fall victim. 

The goal can also be to extract personal information. With this, they can access private accounts or bypass security questions.

How does it work?

Cyber criminals typically try to manipulate us using trust and urgency. An example of urgency could be an email requesting immediate payment. Victims may panic and open an attachment on the email, which immediately downloads a virus, or they might just send the money directly to the attacker.

By manipulating trust, one group of cyber criminals stole millions from Facebook and Google. They created a fake company, set up bank accounts in its name, and sent invoice phishing emails to specific employees. The employees trusted the emails as the invoices had details of a recent service they’d received and paid the criminals millions. 

It doesn’t even have to be that elaborate. Have you ever seen a post on Facebook that tells you how to get your superhero name? The kind where you have to use your date and month of your birthday to make the name? It seems harmless, but that gives potential cyber criminals data about you they can use to get into your accounts. What if these numbers are part of a password? Be careful about giving out information like this.

What can you do to prevent falling victim?

One of the best ways to stop your organisation from falling victim to social engineering attacks is to have regular cyber security training. One study tested participants’ ability to identify phishing emails at various intervals after training. It revealed that after four months, the participants could easily identify phishing emails. But after six months, they started to forget what they had learned. So it’s recommended you do some retraining every four months.

And double-check before taking action. If a USB turns up on your desk, ask where it came from before plugging it in. If you receive a suspicious email, check if the sender’s email address is legitimate. Finally, stay calm. Cyber criminals play on our reaction to urgency. Instead of panicking and responding quickly, find out more information and analyse what they’re saying.

Social engineering is a serious threat. There isn’t any software that can stop a criminal from manipulating your trust or basic human nature. But, thankfully, there is software that can give your devices an extra layer of protection if a member of your organisation falls victim to this attack…

Ready to protect your business? Nisyst Cyber Security can help you keep your data secure and your business safe from cyber threats. For more information, get in touch with us on 01204 706000.

Malware, viruses, spyware, and phishing – if you aren’t in the know, it can sound like a completely different language. It can feel overwhelming trying to understand cyber security and all the various threats. And all too often, these terms are explained using technical jargon without thinking about the average person.

So we put together this simple guide that tells you clearly, in simple English, what each is and why it is important for you to protect your systems from these types of cyber security threats.


Malware is a blanket term used to describe malicious software. It is any software designed to intentionally cause harm to a device, server, client, or computer network. This includes spyware, viruses, and ransomware (which we will cover below). 

When a user clicks a dangerous link, it downloads and installs the malware onto the system. Depending on what kind of software it is, it can go on to inflict damage, steal your data, or spy on your activity.


Viruses spread when people make innocent mistakes, such as using USBs with viruses on them and downloading infected files. Opening attachments in suspicious-looking emails can also download a virus onto your device. It is important to protect your system from viruses because they can slow down your computer, cause crashes, damage programs, and in worse cases, cause you to lose data.


The UK was the second most attacked country in 2019 for ransomware attacks, costing businesses £365 million. But what is ransomware? Simply put, ransomware infects your computer and holds your data hostage. If you pay a sum of money, you might get your data back, but you also might not. 

It is always a good idea to keep off-site backups. Ransomware is dangerous because while your data may eventually be returned, that doesn’t mean the attackers haven’t kept a copy for themselves. These attacks can cost businesses thousands and quickly destroy their reputation. A famous example is the WannaCry ransomware that attacked the NHS’s IT systems.


Just like it sounds, this is a software that enables a user to obtain information about your activity. They can watch what you do on your computer without you even knowing. Spyware is dangerous as it can steal sensitive information such as card details, login details, and monitor your activity. Not only that, but spyware is difficult to detect. Using an antivirus with anti-spyware features can help protect your system.

Cybercriminals are becoming increasingly sophisticated with their methods to steal information and infect devices with malicious software. It can be difficult to keep up with all the various terms and phrases, but as criminals find newer, more sophisticated ways to infiltrate businesses and steal their information, it is important to stay on top of it all. 

Knowing their methods is half the battle. The other half is protecting your business with effective cyber security solutions, giving your business the best chance against cybercriminals. 

Are you ready to protect your business? Put your mind at ease with Nisyst Cyber Security. For more information, contact us on 01204 706000.