06 Apr Improved securing of your Microsoft 365
Small business owners/managers have a lot to stay on top of, the pressures of which have only been accentuated by the unprecedented year we have all experienced due to COVID-19. Nevertheless, the security of your data should always be at the forefront of your concerns.
Most don’t realise that one of the biggest threats to your business is cyber crime. ‘Almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months’¹ according to the Gov website, but with the rapidly evolving digital age we live in this is hardly a surprise.
Attacks are becoming more and more sophisticated and cyber criminals are using ever more elaborate means of attacking vulnerable systems. With the UK’s NCSC (National Cyber Security Centre) reporting one in four attacks is related to COVID-19², and similar – if not more damning – statistics coming from all around the world, for example, “The UAE has seen an ‘at least 250% increase’ in cyberattacks this year³ – cyber criminals have seen an opportunity and are leaning on the pandemic as a distraction to capture businesses at a vulnerable time.
It is irrelevant what industry your business resides in; your IT system is the key to your organisation’s sensitive data, and that system is being attacked. Whether that is your customer information, intellectual property, or the cash within your bank accounts, cybercriminals are going to great lengths to hack or dupe their way into your network.
Being a small business doesn’t make you immune.
If anything, it is quite the contrary – small businesses rarely have the technical infrastructure or budget to implement adequate defences. This being said it’s not the time to go out and spend tens of thousands of pounds to rival the security of a big bank, but it is time to explore other cost-effective methods of protection to a level from which your business can benefit.
Low-skill con artists are on the rise; the days of hackers being ‘tech geniuses’ are long gone, and the new kids on the block are just tech-savvy enough to ride the wave left behind by their predecessors. With email phishing and ransomware attacks being the most common of cyber breaches – resulting in financial loss within a small business, it could never be more important to defend the areas of your IT infrastructure that are the most vulnerable to these types of attack.
Why secure Microsoft 365?
For effective protection from cyber threats there is a variety of different tools, policies and procedures available, and IT user educational tools that you need to implement. Most small businesses have tried to at least take some steps along the – what can be – perilous road toward cyber security (perhaps having anti-virus software installed, a Firewall configured, and a secure password policy in place) – but is that enough to combat modern cyber threats?
The vulnerabilities of Email
Despite having cyber defences and protocols in place, there is no avoiding the continuous inbound and outbound email traffic – for most businesses this is the lifeline of communications.
It is getting more and more difficult to determine a malicious email from a genuine one – two of the most common forms of email phishing attacks include:
The cyber criminal masking themselves as a known brand or company
As common as this form of attack was before COVID-19 its commonality has grown exponentially since the outbreak. Countless fraudulent emails were sent impersonating HM Revenue and Customs (HMRC) – using the financial lure of tax rebates and support funds related to COVID-19 to draw in unsuspecting users.
The cyber criminal masks themselves as a company employee or director.
The best way to explain how this form of attack works is with a real-world example on a large scale.
A well-known pharmaceutical company fell victim to a cyber criminal by masking themselves as the company’s financial director. They did this by sending an email to the finance team – impersonating the CFO’s personal mailbox – instructing immediate payment of £25,000 to a particular account – the email even contained the CFO’s correct and full ‘E’ signature! It is understandable why the employees thought this email was valid. This attack was successful – the finance team did as the email instructed and paid a cyber criminal £25,000 without questioning it.
How Ransomware can slip through
Lurking on the internet in many different forms, malicious software (known as Malware) – particularly Ransomware – lays in wait to infest itself in your network. It is designed with the sole intention of removing your access to data by encrypting your files behind a secure key, which is held only by the cyber attacker. A cyber criminal that uses Ransomware is quite literally holding your data to ransom.
Protecting you every step of the way – Netcom
Our team of experts offer effective comprehensive cyber defences that protect your data. Everything we do is centred around reducing the risk your business faces – we have a range of services to help mitigate risk and protect your business. We are one of a handful of IASME Certified Assessors in the region, which means we not only work to the highest security standards but can also deliver and award Cyber Essentials certification. If you need help with your cyber security or simply have IT issues you need guidance with do not hesitate to get in touch.