We all know the pandemic has changed the way many of us work – and for the cyber criminals who feed off our businesses and strike while we are distracted, it has proved a lucrative time.
In 2020 UK business lost an estimated £6.2 million to cyber scams, according to Security Magazine, with 31 per cent of those cases at the height of the pandemic.
Some 3,445 UK businesses were victims to cyber scams with 30 billion data records stolen in 2020 – more than in the previous 15 years put together.
Neil Smith, of Reform IT, has some clear messages to minimise your chances of becoming a feature of the statistics for 2021.
Neil Smith is the founder and managing director of ReformIT, an IT support specialist headquartered in Cheltenham, covering the UK.
Its skilled technicians can advise on all IT matters, from computer and internet security, computer software, cloud solutions, IT support and managed services such as VoIP Telephone Services and website hosting.
ReformIT is a Microsoft Silver Partner, Small Business Specialist and Microsoft Office 365 consultant that also provides a customised range of Managed IT Services for business. From a full out-sourced IT department to third-line support and project management, ReformIT will customise its services to fit your requirements.
For more information, visit: Reform IT.
Before lockdown a lot of businesses had done a lot of work to protect themselves. We found that small businesses were really starting to think carefully about IT security. It was becoming hard to ignore it, or at least it was a nagging doubt in most people’s minds. Then along came lockdown.
It was not that businesses didn’t care anymore, they simply had other priorities. It suddenly became about health and safety of their staff and the public and they had to get their staff working from home straight away. It was completely understandable.
The conversations became about how can we get staff operating now, have they got a computer and in some cases any computer, any phone, just to get up and running. That might be a laptop their children also used to download stuff onto or their own phone they were using to connect to work on. In the rush to get everyone operational, security became a secondary concern in many cases.
Imagine a warehouse which you owned and had put good locks on every door. That was your business pre-pandemic. Suddenly you were carving a whole load of new windows and doors, but were there good locks on those doors too? It only takes one open door or window to let a criminal inside.
People might say, ‘well, I only use the machine for my emails’ or ‘I only VPN into the office on it’, so where’s the risk? The risk is just that. All of these things connect into your work systems. And that’s all the criminals need.
For example, once they get access to your emails, they will sit waiting and watch – for weeks or months sometimes – for the right information to arrive.
Let’s say that information is a legitimate invoice, the criminals will see it before you know it, amend the bank details, and that email gets forwarded straight to accounts and paid.
The impact can be huge and devastating.
We are beginning to return to some kind of normal. Some people will continue to work remotely, some will be coming back into the office. Now is a good time to take stock of all your IT assets. Where are they? Who is using what? Where is your data being accessed or stored?
Are you keeping on top of GDPR recommendations about data being encrypted on portable devices?
The first thing I would do is make a list of company IT assets that are being used by employees. Then take a look at your ‘Bring Your Own Device’ or BYOD policy and establish how many employees are using their own personal tech to enable them to work.
Ask yourself what is the risk of that? Have they got anti-virus software, are they up-to-date, is their home WiFi and router secure?
We can help. For example, we have a remote management and monitoring tool installed on all of our client’s machines, which allows us to audit your IT assets, support each user with critical updates and anti-virus software amongst other things. We can connect remotely and do that.
When all else fails, we are there to help your business continue to operate safely wherever your staff are.
The world of IT and cyber security is a constant game of catch-up. You should do everything you can, but also be prepared that a breach will happen. Our entire support ethos and focus is built around keeping our clients and their data safe.
There has been a 400 per cent increase in Covid-related fraud cases – but if you are ready, have processes in place, you can react, shut it down, maintain confidence inside and outside the company, and learn.
ICO (Information Commissioner’s Office) rules are clear when it comes to GDPR and such situations where sensitive data may have been breached – you have 48 hours to report it.
What we have found with businesses who report is they are not facing big fines. The ICO is concentrating on education – not punishment. If you can demonstrate that you found it, learnt from it and put things in place to prevent a recurrence generally they are happy. They are looking for the businesses that bury their heads in the sand when it comes to information security and end up making the same mistakes time and again. Those are the ones who will face punishment.
Frankly, as a business, we would rather work with clients who have been breached and learned from it. They are the responsible ones who want to work towards best practice and that breads confidence.
There is something called Cyber Essentials – a government-backed, industry-supported scheme to help organisations protect themselves against common online threats. It is something the government wants all businesses to reach for.
There is the Cyber Essentials Basic, which costs £300 for a self-assessment process. As an IT company we can do this for you and have done for many of our clients.
Then, on top of this, there is Cyber Essentials Plus, where a third-party assessor audits your assessment and runs tests such as attempting to hack into your system, independent of us to check our work. Pass that, you and your customers get the confidence boost of knowing your business is in the top two or three percent of firms.
ReformIT is Cyber Essentials Plus certified too.
For more information, visit reformit.co.uk.
(Cyber Essentials is backed by Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses From 1 October 2014, Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme).
Saturday 22 May 2021
The founder of Gloucestershire-based The Mortgage Brain has shared an insight into what homeowners need to know if they are...
Friends of Westonbirt Arboretum is a charity which helps support the care of Westonbirt Arboretum, as well as offering paid...
Children and teenagers aren’t the only ones who need foster care, with one Gloucestershire woman revealing why she finds...
Ford Construction continues to build its reputation for bespoke projects, as this extension on a Cirencester couple’s...
Edwardstow Court Care Centre in Stow-on-the-Wold has given an insight into returning to some normality at the care home – and...