As the economy re-opens, don’t leave the door ajar for the cyber criminals: ReformIT expert insight

We know to beware of cybercrime, but in the chaos of the last few months that has simply not been a priority – Cheltenham IT specialists ReformIT shares its simple, clear advice about how to protect your business.

We all know the pandemic has changed the way many of us work – and for the cyber criminals who feed off our businesses and strike while we are distracted, it has proved a lucrative time.

In 2020 UK business lost an estimated £6.2 million to cyber scams, according to Security Magazine, with 31 per cent of those cases at the height of the pandemic.

Some 3,445 UK businesses were victims to cyber scams with 30 billion data records stolen in 2020 – more than in the previous 15 years put together.

Neil Smith, of Reform IT, has some clear messages to minimise your chances of becoming a feature of the statistics for 2021.

About the expert: Neil Smith of Reform IT

Neil Smith

Neil Smith is the founder and managing director of ReformIT, an IT support specialist headquartered in Cheltenham, covering the UK.

Its skilled technicians can advise on all IT matters, from computer and internet security, computer software, cloud solutions, IT support and managed services such as VoIP Telephone Services and website hosting.

ReformIT is a Microsoft Silver Partner, Small Business Specialist and Microsoft Office 365 consultant that also provides a customised range of Managed IT Services for business. From a full out-sourced IT department to third-line support and project management, ReformIT will customise its services to fit your requirements.

For more information, visit: Reform IT.

IT firms are always telling us to beware of cybercrime. Businesses were listening, what went wrong over the last few months?

Before lockdown a lot of businesses had done a lot of work to protect themselves. We found that small businesses were really starting to think carefully about IT security. It was becoming hard to ignore it, or at least it was a nagging doubt in most people’s minds. Then along came lockdown.

It was not that businesses didn’t care anymore, they simply had other priorities. It suddenly became about health and safety of their staff and the public and they had to get their staff working from home straight away. It was completely understandable.

Why did that make such a big difference to the security of their businesses?

The conversations became about how can we get staff operating now, have they got a computer and in some cases any computer, any phone, just to get up and running. That might be a laptop their children also used to download stuff onto or their own phone they were using to connect to work on. In the rush to get everyone operational, security became a secondary concern in many cases.

Imagine a warehouse which you owned and had put good locks on every door. That was your business pre-pandemic. Suddenly you were carving a whole load of new windows and doors, but were there good locks on those doors too? It only takes one open door or window to let a criminal inside.

People might say, ‘well, I only use the machine for my emails’ or ‘I only VPN into the office on it’, so where’s the risk? The risk is just that. All of these things connect into your work systems. And that’s all the criminals need.

For example, once they get access to your emails, they will sit waiting and watch – for weeks or months sometimes – for the right information to arrive.

Let’s say that information is a legitimate invoice, the criminals will see it before you know it, amend the bank details, and that email gets forwarded straight to accounts and paid.

The impact can be huge and devastating.

Sounds like what you are saying is ‘I probably don’t know if my company has been compromised!’ So what do I do now?

We are beginning to return to some kind of normal. Some people will continue to work remotely, some will be coming back into the office. Now is a good time to take stock of all your IT assets. Where are they? Who is using what? Where is your data being accessed or stored?

Are you keeping on top of GDPR recommendations about data being encrypted on portable devices?

The first thing I would do is make a list of company IT assets that are being used by employees. Then take a look at your ‘Bring Your Own Device’ or BYOD policy and establish how many employees are using their own personal tech to enable them to work.

Ask yourself what is the risk of that? Have they got anti-virus software, are they up-to-date, is their home WiFi and router secure?

Then what? And can you name one major plus of using a firm like ReformIT if we still have staff working out of the office?

We can help. For example, we have a remote management and monitoring tool installed on all of our client’s machines, which allows us to audit your IT assets, support each user with critical updates and anti-virus software amongst other things. We can connect remotely and do that.

When all else fails, we are there to help your business continue to operate safely wherever your staff are.

The world of IT and cyber security is a constant game of catch-up. You should do everything you can, but also be prepared that a breach will happen. Our entire support ethos and focus is built around keeping our clients and their data safe.

There has been a 400 per cent increase in Covid-related fraud cases – but if you are ready, have processes in place, you can react, shut it down, maintain confidence inside and outside the company, and learn.

Surely if my company is breached I’m going to keep it to myself?

ICO (Information Commissioner’s Office) rules are clear when it comes to GDPR and such situations where sensitive data may have been breached – you have 48 hours to report it.

What we have found with businesses who report is they are not facing big fines. The ICO is concentrating on education – not punishment. If you can demonstrate that you found it, learnt from it and put things in place to prevent a recurrence generally they are happy. They are looking for the businesses that bury their heads in the sand when it comes to information security and end up making the same mistakes time and again. Those are the ones who will face punishment.

Frankly, as a business, we would rather work with clients who have been breached and learned from it. They are the responsible ones who want to work towards best practice and that breads confidence.

If I’m putting all this effort in, is there a way I can ‘Kitemark’ my business to tell the world I am pursuing the highest standards?

There is something called Cyber Essentials – a government-backed, industry-supported scheme to help organisations protect themselves against common online threats. It is something the government wants all businesses to reach for.

There is the Cyber Essentials Basic, which costs £300 for a self-assessment process. As an IT company we can do this for you and have done for many of our clients.

Then, on top of this, there is Cyber Essentials Plus, where a third-party assessor audits your assessment and runs tests such as attempting to hack into your system, independent of us to check our work. Pass that, you and your customers get the confidence boost of knowing your business is in the top two or three percent of firms.

ReformIT is Cyber Essentials Plus certified too.

For more information, visit

(Cyber Essentials is backed by Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses From 1 October 2014, Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme).

Follow SoGlos on LinkedIn and sign-up to the weekly SoGlos business newsletter for the very latest Gloucestershire business news stories.

© SoGlos
Saturday 22 May 2021

More interviews you might like...

The Mortgage Brain shares its expert advice on everything homeowners need to know when it comes to remortgaging a property.

How remortgaging your property could save you money: The Mortgage Brain expert insight

The founder of Gloucestershire-based The Mortgage Brain has shared an insight into what homeowners need to know if they are...

The charity Friends of Westonbirt Arboretum has 37,000 members.

‘Working at Westonbirt Arboretum has been a life-changing experience’: Friends of Westonbirt Arboretum expert insight

Friends of Westonbirt Arboretum is a charity which helps support the care of Westonbirt Arboretum, as well as offering paid...

Through Gloucestershire County Council, Sharon Gillett has fostered 28 mothers and babies over the past seven years.

‘It means the world to us’: Meet the Gloucestershire woman who has fostered 28 mothers and babies

Children and teenagers aren’t the only ones who need foster care, with one Gloucestershire woman revealing why she finds...

Ford Construction continues to make a name for itself tackling the jobs that seem straightforward, but aren’t, yet still demand the highest attention to detail. And it’s thriving.

The Cirencester house project: Ford Construction expert insight

Ford Construction continues to build its reputation for bespoke projects, as this extension on a Cirencester couple’s...

Life is getting back to normal at specialist dementia care home, Edwardstow Court Care Centre, one of 17 The Orders of St John Care homes in Gloucestershire.

How life is getting back to normal in Gloucestershire care homes: The Orders of St John expert insight

Edwardstow Court Care Centre in Stow-on-the-Wold has given an insight into returning to some normality at the care home – and...

Don’t miss

Unmissable highlights