MENU

Protect yourself from embarrassment, financial loss and ruin

DATE: 12th February 2018
CATEGORY: consultancy
TAGS: cybersecurity, website design, web development, web hosting
AUTHOR: Stuart Mullen

Download Full Whitepaper

Identifying risks & implementing solutions 

In the 21st century it’s almost inevitable that at one time or another, you will have a digital product or facility which will need protection from unauthorised access.

Therefore, it is crucial that you utilise cyber security experts to employ technologies, protocols and controls which are intended to defend your data from hacking attempts.

Businesses stand to lose assets, reputation and revenue, as well as facing huge legislation fines when they are subject to security attacks and breaches.

We protect organisations against the mistakes many make and build in solid foundations, robust architecture and modern protocols and architecture to avoid the worst case scenarios from occuring.

Web servers at risk of hacking

“Cybercrime damage costs to hit $6 trillion annually by 2021”
(CSO1)

Ticking all the boxes

Most organisations believe that they are unlikely to be the target of an attack, but the question is not if you will be, but when.

For many businesses, they are still unclear about how vulnerable they are and as many as “45% mistakenly think that they are not a viable target”. (YouGov2)

We know that cyber crime is big business, therefore securing our systems and our clients’ data has always been an essential part of our service. By utlising a combination of expert consultation, education for our client and prospects and long term planning, together we can create a strategy which ticks all the boxes.

Anonyomous hacker

What we're seeing

We work with organisations of all sizes, and see the issues business owners and digital teams face when trying to protect their systems. IT Security is essential, however so often we see prospects who have fallen foul of one (or many) of the following pitfalls:

COMPLACENCY

Whilst larger organisations tend to have a realistic appreciation of the threats they face, small-medium enterprises often don’t imagine it will ever affect them, but all organisations connected to the outside world are at risk.

PLUGGING THE WRONG GAPS

Some businesses understand that there are threats, but do not know where the gaps are that make them vulnerable. Hackers are normally resilient and gifted, they will keep searching for flaws, so plugging them all is essential.

SOFTWARE PAST ITS SELL BY DATE

Out-of-date software can cause a variety of problems. Cyber criminals do communicate with each other so as soon as a flaw is known, it can be exposed and used against you. These flaws can become easier to expose as the software gets older.

INSECURE/OUT OF DATE PLUGINS

Insecure web plugins make any infrastructure vulnerable to attack. Every time you work with a supplier, consider how much they know about the external facilities they implement on your behalf. If they can’t explain why it’s safe, get a second opinion from someone who can

LIMITED WEB SERVER SECURITY

Without sufficient web server security hackers could gain complete access, not just to your website, but also to sensitive user data being stored on it. An intelligent hacker may also implement changes without your knowledge - Would you like customer purchases to be redirected to the wrong payment provider and an alternative bank account?

NO SSL

We have seen many organisations without an SSL certificate. This serves to keep communications between a website and an internet browser secure. It essentially keeps visitors to your website secure and protected, and more and more consumers look for this now before entering a site. Therefore, it’s not just important for everyone’s security, but also for engagement.

Weak passwords

This is a very common issue within businesses and it can be difficult to police individual passwords, however human error, through the creation of poor passwords, is the easiest way for data breaches and attacks to occur.

INSUFFICIENT DISASTER RECOVERY

Despite all your planning, you cannot guarantee that the worst will not happen. But if it does, you must have have procedures in place to limit the damage. Avoid embarrassment through a clearly defined and tested procedure which can bring you back from the brink in an appropriate timescale.

Proactive and responsive strategy

You can avoid sleepless nights, unnecessary stress, financial loss and embarrassment by following a well considered implementation of the correct policies, procedures and best practice.
Our 9 tips below will put you on the right track to mitigate a large percentage of cyber attacks:

Keep abreast

Whether this is existing or upcoming legislation such as General Data Protection Regulation (GDPR), it’s important to stay updated so you’re not caught out. If you don’t feel confident in being able to stay abreast of changing legislation personally, work with a supplier who has the skills necessary in keeping you safe and well informed.

Stay vigilant

Implement facilities, procedures and staff education which allow you to monitor how your systems are being used. If you spot something which doesn’t look right, then it probably isn’t. Encourage your peers to alert you to potential risks as and when they see them.

FLAG suspicious emails and calls

Most of the time if something is too good to be true, it probably isn’t. Don’t be tricked into divulging sensitive information unless you are 100% sure of the person you are communicating with. Work on a suitable internal policy to provide guidance to your staff to mitigate against phishing scams and ask them to flag them up immediately.

Enforce passwords

Without proper guidance and education, staff are not necessarily aware of the risks to businesses when not having passwords and safe computing practices in place. To keep data and your infrastructure safe, strong and secure passwords are a must.

Protect sensitive data

Sensitive data should never be stored or transmitted without appropriate security measures in place, whether that’s password protection and/or encryption. Ensure that data which is no longer required is removed and deleted from systems (including email, backups and cloud storage).

Check your plugins

Outdated or insecure plugins leave your website and IT infrastructure vulnerable to attack, so it’s essential you continue to check and update plugins. Your supplier of choice should be doing this for you. If they aren’t it might be time to ask why?

Keep your devices safe

This is really basic, but ensure your staff are aware of the risks to mobile devices and mobile data. Take care of your IT. Do not lose that USB stick full of customer data (in fact don’t have a USB stick full of customer data in the first place) and do not leave your devices unattended or easily pick pocketed.

Implement a disaster recovery STRATEGY. Now.

Disasters happen. They occur when you least expect it and they are hugely inconvenient. By having a set of policies, tools and procedures to enable the recovery of vital technology and information in the event of a disaster, you limit the risk to your business, your customers and your reputation. Take backups, store them safely and consider how quickly you can revert to them when the worst happens.

Invest in a good security partner

Find a supplier who asks about and understands your company objectives, and covers the bases. These includes everything from server security, website encryption, malicious software prevention, cyber security education and circumventing data breaches.

In a nutshell

As the use of digital devices has now become an everyday part of most peoples lives, awareness of the importance of cybersecurity has grown. However, it is minefield so knowing where to start can feel like an impossible task.

If data protection, privacy and cybersecurity are areas you are concerned about and wish to take a little more seriously, then please get in touch to begin a conversation with our experts.

Whitepaper sources
« All blogs