Introducing: The new and improved desktop app for CyberSmart Active Protect

CyberSmart Active Protect

CyberSmart is excited to announce the relaunch of our desktop app for Active Protect. Designed to safeguard users and devices from cybersecurity threats, it comes complete with cybersecurity awareness training, endpoint monitoring, device misconfiguration assessments and the ability to enforce compliance with company policies. 

How does Active Protect work?

Active Protect runs an unobtrusive agent in the background on your devices, checking configurations, training modules passed, and policies read and acknowledged. 

Once Active Protect has run its scans, passes and fails are reported back to the user and administrator(s) with tips for addressing any misconfigurations. Plus, the employee(s) responsible for cybersecurity in your organisation can view this information through several different dashboard views. 

For desktop users, the app can be downloaded via email once an administrator has sent out the enrollment link. And, for mobile, through the app store relevant to your device.

What’s changed? 

Radical redesign

The first thing you’ll notice upon opening the new and improved Active Protect is how it looks and feels. We’ve updated the design with the latest user experience (UX) principles in mind, making it easier to use than ever before. 

Renamed security controls 

We felt ‘device checks’ wasn’t clear enough so we’ve renamed them ‘security controls’ to reflect their purpose better. We’ve also renamed each check to give users a more accurate picture of their status. 

Updated security controls

All Active Protect’s security controls have been updated with new logic to help them stay up-to-the-minute with changes to manufacturers’ operating systems. This dramatically reduces the risk of false positives and makes them our most accurate security controls yet. 

Improved memory usage

Memory is an important resource for any small business. So, to free up as much as possible for our customers, we’ve rebuilt our security controls to minimise CPU usage when running a check.

Consolidated reporting

You can now see every desktop version of Active Protect in your business in one place. This makes it simpler than ever to ensure everyone in your organisation has the highest protection levels. 

Legacy devices page

Manage devices on older versions of Active Protect and give them access to the latest features and security enhancements.

Vulnerable software security control

Most excitingly of all, we’ve added a brand new security control that analyses a user's desktop for software vulnerabilities, complete with a severity rating system, so you know which fixes to prioritise first. 

Changes to security controls

As we mentioned earlier, we’ve made some changes to the names of Active Protect’s security controls. To help you avoid confusion, here’s a handy list of the changes.

CyberSmart Active Protect

How to get access

From the 24th of June 2024, all new devices will be automatically enrolled on the latest version of Active Protect. For existing devices, there are in-platform buttons and simple instructions in our Knowledge Base on how to get access to the latest version.

Cost of living CTA 3

Cyber Essentials checklist - prepare and pass

cyber essentials checklist

The Cyber Essentials scheme provides an effective framework against cyberattacks. Getting Cyber Essentials certified is a great first step to protecting your digital assets and personal data.

For those considering bidding on work such as UK Government supply chain contracts, it’s a mandatory certification. 

Like all official certifications, achieving Cyber Essentials requires preparation and investment of time, budget, and some technical awareness. Learn more on how to prepare and pass certification with our Cyber Essentials checklist.

1. Create an information security policy

The first step is to develop an information security policy. Your policy should establish the requirements and rules for cybersecurity that will help you to achieve Cyber Essentials, including:

  • The requirements for handling and processing first-party and third-party data
  • A password policy that describes the minimum requirements for passwords (such as length and complexity)
  • A set of guidelines that define what users can and can’t do, including access controls and internet usage

Your security policy doesn’t have to be a long and complex document. Instead, it should document rules for cybersecurity in a simple, obvious way that all your employees and suppliers can understand and comply with.Consider incorporating guidelines for remote work into your Cyber Essentials checklist, including secure use of personal devices and VPN. It’s crucial to define procedures for responding to security breaches and reporting incidents in and away from the organisation.

2.     Assign a data protection officer

Although not mandatory for all organisations, appointing a single senior employee as a Data Protection Officer (DPO) can help you enforce the information security policy within your organisation.

For SMEs, assigning a DPO can be a crucial step in coordinating all security initiatives. For external parties and IT users, they're a single point of contact for queries and concerns related to security.

Cyber Essentials requires businesses to complete and submit a self-assessment questionnaire and provide relevant evidence to support answers, to achieve certification.

Having a DPO ensures that everybody understands who is responsible for completing the questionnaire and who to go to for advice and guidance. It also encourages the DPO to conduct regular audits and risk assessments – leading to security awareness and promoting training for other employees.

3. Keep track of your digital assets

To make sure that all software and devices are protected, you should keep an inventory of digital assets. Include the details of versions and updates for both software and devices.

Knowing what and where your assets are is good practice, especially with information security assets. It helps you keep software updated, which is essential, and is the best first step to protecting your systems and data.

Knowing what devices your business has is the best way to identify unauthorised devices and to take action to remove or isolate them. Establish a clear process for securely disposing of outdated or unused assets to keep everything organised and safe. 

Tracking your digital assets helps to identify vulnerabilities and to keep a close watch on devices within your network.

4. Enforce access control

Access control ensures that only authorised personnel can see sensitive information and enforcing strong access control is an essential step for achieving Cyber Essentials certification.

Make use of a Role-based Access Control (RBAC) system ensures IT users have only the privileges that they need for their job role and access to only those systems they need to be effective and operate safely.

Regularly review and update user permissions when changes occur in roles or employment status, using access control software that provides detailed logs and alerts for unauthorized access attempts. 

5. Make use of the right tools and configurations

A firewall and antivirus are essential security tools required for Cyber Essentials.

Your security system helps protect devices on a network from external threats such as those from the internet.

Your antivirus software protects your systems from viruses and other malware that leads to corruption and theft of personal or proprietary data.

You should ensure your firewalls are properly configured to disallow access to malicious content. Making use of a firewall and antivirus will help your business prevent the most common types of cyberattacks.

6.     Conduct regular security reviews

To ensure that your digital assets remain safe and protected, it is vital to document, track, and review the effectiveness of the cybersecurity measures you have taken. Put a security team in place to oversee and act on any findings, so you can use them to improve future security policies and procedures.

Knowing the strengths and weaknesses of your network can help you fine-tune cybersecurity, especially as you grow. You should conduct regular security reviews to:

7. Introduce employee training programs

Interactive training modules on how to recognise phishing scams will provide employees with up-to-date resources and guidelines on best practice. Encourage a culture of cybersecurity awareness through regular, updated training materials that detail the latest threats and optimal procedures. 

Use the assessment results to identify gaps in knowledge, tailor training to everyone, and provide more efficient feedback. 

8. Use multi-factor authentication (MFA)

Implement multi-factor authentication (MFA) that goes beyond traditional passwords. MFA provides two or more verification factors to gain access, such as a temporary code sent to a mobile device or email account. 

Look to integrate multi-factor authentication for all security-critical systems, including cloud services, email, administrative accounts and more. This is especially important when employees are working remotely, where there is a risk of external threats. 

Start your Cyber Essentials checklist

If you’re a small or medium scale business, getting started with cybersecurity can seem daunting — especially if you have no technical IT skills. However, achieving a Cyber Essentials certification is a great way to begin, and for a small investment of time and effort, it can significantly reduce risk. Follow the Cyber Essentials checklist outlined above, and you will be well-prepared to pass the certification.

CyberSmart is an automated platform to help businesses stay secure with recognised certification standards including Cyber Essentials. Businesses can gain certification as individual companies or can join the many organisations that have achieved Cyber Essentials by partnering with us today. If you have any questions, whether it is preparing for Cyber Essentials, or how to protect your company systems and data, please reach out to learn more.

Cybersecurity certifications



How CyberSmart enhances protection against Qilin ransomware

Qilin ransomware

The emergence of Qilin ransomware as a formidable cyber threat requires robust cybersecurity measures. In this blog, we'll look at how CyberSmart is helping organisations defend against this sophistacted malware.

What is Qilin ransomware?

Qilin ransomware is distinguished by its advanced encryption techniques. It uses a blend of AES (symmetric) and RSA (asymmetric) encryption to secure data. This makes decryption very difficult without the corresponding keys.

Qilin ransomware is adept at exploiting unpatched vulnerabilities, allowing it to infiltrate and persist within systems undetected.

How does it get in?

Given it's sophistication, you might expect Qilin ransomware to require an eqaully refined delivery method. But that's not the case. Most Qilin attacks are launched via common phishing scams. Once in, it exploits vulnerabilities to spread quickly across systems.

Qilin’s Operational Tactics

Qilin's operational tactics are what make it so tricky to deal with. For example, it can customise its payload to avoid detection or change its approach to exploit the target's weaknesses.

It also uses lateral movement techniques to spread accross networks, encrypting valuable data and altering file extensions. This makes file recovery extremely difficult.

Global Impact

Qilin primarily targets sectors where data access is critical. These include industries like healthcare and manufacturing which offer criminals the chance for maximum disruption.

All this demonstrates the importance of an adaptive approach to cybersecurity to counter the threat – which is where CyberSmart comes in.

CyberSmart’s defensive strategies

CyberSmart's comprehensive suite of tools can significantly mitigate the risks posed by threats like Qilin. Here's how.

1. Endpoint monitoring and compliance assurance

CyberSmart Active Protect continuously monitors endpoints. This ensures that every system in your business complies with the latest security standards. In addition, it quickly identifies vulnerabilities and provides simple instructions for mitigating them – depriving Qilin of gaps to exploit.

2. Education to combat phishing

According to a study from IBM, 95% of all cyberattacks are caused by human error. And, this is especially true of ransomware attacks. CyberSmart Academy focuses on reducing human error. It does this through targeted training to help employees recognise and avoid phishing attempts and other social engineering tactics.


3. Proactive vulnerability management

Routine vulnerability scans are critical in preempting attacks. They help to identify and address the security loopholes threats like Qilin try to wriggle through.

4. Data recovery and continuity planning 

With our partners’ support, we encourage all businesses to implement data recovery and backup plans. This approach minimises the downtime and operational impact caused by a breach. So, even if the worst-case scenario happens, you’ll recover quickly.

5. Install and maintain anti-malware solutions

Although CyberSmart doesn’t directly handle malware detection, it ensures that anti-malware solutions are installed and configured correctly. Again, this provides confidence that your whole network is adequately protected.

The need for layered cybersecurity strategies

The threat Qilin poses highlights the need for a layered cybersecurity strategy. What do we mean by that?

Well, in short, protection against sophisticated ransomware is about more than anti-malware tools. Organisations must maintain rigorous update protocols, regularly monitor systems and enhance employee awareness to properly mitigate risk.

By integrating CyberSmart's advanced security solutions, businesses can strengthen their defences and ensure greater resilience against cyber threats.

Jamie Akhtar, CEO at CyberSmart, adds:
"In an era where cyber threats are increasingly sophisticated, it's vital that our defences not only match but exceed the level of threat we face. Sectors like healthcare, previously considered off-limits, are now actively targeted due to legacy systems, interconnectedness, and the necessity to restore services quickly. CyberSmart is committed to collaborating with our extensive partner network to deliver complete cyber confidence for organisations against complex threats like the Qilin ransomware. This commitment is crucial for maintaining the trust and safety of the digital systems that power our everyday lives."
SME cost of living crisis






Is Cyber Essentials mandatory? Who needs Cyber Essentials and why

is cyber essentials mandatory

Cyber Essentials is a UK government-backed scheme that helps organisations protect themselves against common cyber threats. Achieving Cyber Essentials certification demonstrates a commitment to cybersecurity. Unlike GDPR, Cyber Essentials isn't mandatory for UK businesses. 

The Cyber Essentials scheme isn’t covered by binding regulation. Instead, it provides impartial guidance to help businesses improve their cyber posture, built around five security controls: firewalls, secure configuration, user access control, malware protection, and security update management. It's a great way for any business to improve its cyber credentials, and in some cases it's mandatory. Learn more about the conditions under which certification can be necessary in this blog post.

Government Contracts

Cyber Essentials is mandatory for businesses looking for specific government contracts.

Unless your business achieves Cyber Essentials, you will not be able to bid for such contracts at all. These contracts involve the handling of personal information or delivering certain IT products and services.

For example:

  • Handling the personal information of any UK citizens; e.g., bank details or home addresses
  • Handling the personal information of any government employees, ministers, or advisors; e.g., payroll or expenses information
  • Delivering IT products or services designed to store, process, or transfer data

Cyber Essentials certification is mandated for businesses entering into these contracts and demonstrates that they have achieved the standards and meet the technical requirements defined in by the scheme.

For all businesses looking to bid for government contracts that involve one of the above characteristics, it makes sense to achieve Cyber Essential certification first.

Ministry of Defence Contracts

The UK Ministry of Defence (MoD) requires all its suppliers to comply with Cyber Essentials.The MoD has previously stated that this requirement must flow down to the supply chain. It mandates that both organisations directly conducting business with the MoD, and organisations delivering to the MoD supply chain must be Cyber Essentials certified.

Importance of Cyber Essentials

Should your business get a Cyber Essentials certification even if it isn’t mandatory? 

Yes. Even if you're not bidding for government or MoD contracts, you could benefit from having Cyber Essentials.

For SMEs with little or no IT support or expertise, it provides a basic first step towards cybersecurity. Most SMEs lack adequate cybersecurity measures because they mistakenly feel that they're not a target. This is a misconception:

  • 90% of businesses and 94% of charities who experienced at least one type of cyber crime
  • 1.5 million UK businesses hit by cybercrime in 2023

Taking the steps to Cyber Essentials

Considering Cyber Essentials for your business but not sure where to start? We've got a guide for that. Our guide to certifications in the UK has everything you need to know about Cyber Essentials and who needs it. Read it here.

Cybersecurity certifications

7 Key takeaways from DSIT’s Cyber Security Breaches Survey 2024

Cyber Security Breaches Survey 2024

Every spring the Department for Science Innovation & Technology (DSIT) releases its Cyber Security Breaches Survey. Always hotly anticipated throughout the cybersecurity sector, it acts as a ‘temperature check’ of security and resilience within UK cyberspace. 

Although the report primarily intends to inform UK government policy, that doesn’t mean it isn’t useful to small businesses. In fact, the report is a bit of a lodestar for anyone interested in cybersecurity. It gives us an idea of the threats we face, how businesses are dealing with them, and what we can do to improve our collective security. 

With that in mind, here are our key takeaways from the Cyber Security Breaches Survey 2024.

1. Breaches remain common 

This won’t be particularly surprising to anyone but successful cybersecurity breaches remained commonplace in the last 12 months. According to DSIT’s research, half of businesses (50%) and just under a third of charities (32%) reported experiencing some form of breach.

These figures are highest for medium businesses (70%), large businesses (74%) and high-income charities with £500,000 or more in annual income (66%). However, this isn’t to say small (10-49 employees) and micro (1-9) businesses are immune. 47% of micro-businesses and 58% of small businesses were hit with a breach in the last year. 

2. The cost of a breach remains low, but constant 

This one is a mixed bag. One positive is that DSIT reports the average cost of a single breach across all businesses surveyed was £1,205. That’s considerably lower than figures released in reports like IBM’s Cost of a Data Breach 2023, even when we consider that the average rises to £10,830 for large and medium businesses.

Unfortunately, this isn’t the whole story. Although the headline figure for the cost of a breach is low, companies are being attacked with frightening regularity. Over half of businesses (53%) and just under half of charities (45%) reported that this happens once a month or more often. Grimmer still, a third of businesses and a fifth of charities say that they were attacked at least once a week.

This means that even if the cost of a single breach is low, many businesses are being hit multiple times a year, making the cumulative impact of attacks far higher. What’s more, while larger organisations may be able to swallow these recurring costs, their impact could be ruinous for SMEs. 

3. Phishing scams are still the number one threat

By this point, most of us have first-hand experience of a phishing scam. They come in many forms, from speculative email campaigns to more targeted attacks through social media platforms like Facebook Messenger and spear phishing.

So it’s no surprise to see phishing scams at the top of DSIT’s list of most common threats. 84% of businesses and 83% of charities reported being targeted by one in the last 12 months. 

However, more interesting is that the second most common threat was ‘others impersonating organisations in emails or online’ (35% of businesses and 37% of charities). This demonstrates that cybercriminals are leaning on social engineering techniques to launch attacks, rather than more technological approaches like malware and ransomware.

There are a couple of possible reasons for this. Firstly, social engineering attacks use our human nature against us, making them more difficult to defend against. Second, social engineering doesn’t require any specialist tools or tech knowledge, just a familiarity with the techniques, meaning the barrier to entry is lower for would-be scammers.

4. Does Cyber Essentials certification have an awareness problem? 

Cyber Essentials certification turns ten this June. And, although the scheme has helped thousands of businesses improve their cybersecurity, it appears to have an awareness problem. 

Just 12% of businesses and 11% of charities are aware of the Cyber Essentials scheme. These figures are roughly consistent with 2023 but represent a decline over the last 2-3 years. This decline is also more pronounced among smaller businesses with medium businesses (43%) and large businesses (59%) more aware.

More worrying still, only 3% of businesses and charities report adhering to Cyber Essentials. However, this does come with a caveat that a higher proportion of them (22% of businesses and 14% of charities) report having technical controls in all five areas covered by Cyber Essentials.

5. Businesses aren’t prepared for supply chain risks

Although the report reveals organisations have broadly improved when it comes to cyber risk management, there’s still one glaring omission – supply chain risks. Only one in ten businesses say they review supplier risk (11%, vs. 9% of charities). Given that supply chain attacks are predicted to cost the global economy $138 billion by 2031 this is an area that needs urgent attention in the coming years. 

6. Formal incident response plans aren’t widespread

Despite many businesses stating that they’d take action following a cyber incident, very few have anything concrete in place to establish what those steps are. Just 22% of businesses and 19% of charities have a formal incident response plan. Once again, these figures are largely being driven by SMEs; 73% of large businesses have one. 

What this suggests is that small businesses are ill-prepared for the worst-case scenario. Creating an incident response plan or security policy can be time-consuming and tricky if you don’t know where to start. SMEs need help, through tools like templates and policy management to better prepare themselves. 

Alongside this, when a breach does happen, external reporting of it is uncommon. Just over a third of businesses (34%) and charities (37%) reported a breach outside their organisation. Even then, this wasn’t usually to the National Cyber Security Centre (NCSC) or Information Commissioners Office (ICO), but to their managed service provider or IT supplier. This indicates that vast swathes of cybercrime are still going unreported.

7. Basic cyber hygiene is improving 

Finally, let’s end with a real positive. Cyber hygiene – by which we mean basic cyber controls – is on the up across all businesses. Most cyber threats are relatively unsophisticated so organisations can go a long way towards protecting themselves by simply adopting some simple measures. 

The good news is that a majority of businesses and charities have a broad range of these measures in place. These include: 

  • using up-to-date malware protection (up from 76% to 83%)
  • restricting admin rights (up from 67% to 73%)
  • network firewalls (up from 66% to 75%)
  • agreed processes for phishing emails (up from 48% to 54%)

And, even more promising, these trends are a reversal of the decline in cyber hygiene we’ve seen over the past few years. This shift is being driven by micro and small businesses, demonstrating that despite the worrying trends in awareness surrounding Cyber Essentials, basic security recommendations are having some cut through. 

Want to know more about the threats facing small businesses? Download our latest report on SMEs and the cost of living crisis

SME cost of living crisis report

CyberSmart announces expansion into the Australian market with HAT Distribution partnership

HAT Distribution partnership

The move will streamline and simplify Essential Eight assessment for Australian SMEs and MSPs

Wednesday 08 May 2024 – London, UK: CyberSmart, the UK’s leading provider of complete cyber confidence to UK SMEs is excited to announce its partnership with Australian technology distributor, HAT Distribution. The partnership will provide businesses in Australia with fast, hassle-free Essential Eight assessment and year-round assurance.

CyberSmart is the world’s first complete SME solution, offering all-in-one cybersecurity monitoring, optimisation and training, proven to defend against cyber threats. With its user-friendly platform, simplified progression framework, year-round protection and unlimited support, implementing Essential Eight controls has never been easier for Australian businesses.

As cybercrime escalates in Australia, with 94,000 incidents reported in 2023* alone (equivalent to one report every 6 minutes!), completing Essential Eight – the recognised Australian government standard for cybersecurity – is not just advantageous but also crucial in certain industries. CyberSmart’s solutions are specifically designed to help businesses implement these strategies effectively so they can attain and maintain a government-approved standard of cybersecurity, reducing cyber risk.

The platform is tailored for MSPs and SMEs, who represent a critical segment in the economy but often face challenges with maintaining robust cyber defences due to limited resources and expertise. With CyberSmart, MSPs can enhance their service offerings by delivering comprehensive and cost-effective solutions to their clients, while SMBs gain access to straightforward Essential Eight assessment, without the need for extensive resources. 

Australian SMEs will also gain access to CyberSmart Active Protect,  a powerful on-device agent that delivers comprehensive endpoint monitoring, risk management, policy enforcement, and cybersecurity awareness training. Active Protect regularly monitors and reports the status of a device by running through a series of security controls, identifying any vulnerabilities and providing simple step-by-step walkthroughs on how to fix them. 

Jamie Ahktar, CEO at CyberSmart said, “We’re excited to expand into the Australian market with HAT Distribution. Cybercrime is a worldwide business, and the interconnected nature of global commerce in 2024 means that the more geographies we are able to offer SMBs complete cyber confidence in, the better. Almost half of Australians reported experiencing cybercrime in 2023, and we believe that the comprehensive protection we’re bringing to the Australian market will be able to limit both the success and impact of these incidents moving forward.

Josh Gammer, General Manager of HAT Distribution said, “Amidst the ever-evolving cyber threat landscape, we are thrilled to partner with CyberSmart, a leader in cybersecurity innovation, to help more Australian businesses comply with the government’s endorsed Essential Eight framework. 

With CyberSmart, even smaller players gain access to the tools required for assessment, and for MSPs, the partnership is a consultative business opportunity to guide their clients on a transformative journey toward stronger cyber defences.”

For more information about CyberSmart’s cybersecurity solution for Australia, please visit https://www.cybersmart.com/au

SME cost of living crisis

What is the MITRE ATT&CK framework and how can it help your business?

mitre att&ck framework

Hackers sit somewhere between masterminds and master criminals, depending on who you ask. There’s a fascination and frustration that surrounds them and how they do their dirty work. 

Ever wanted to get inside the mind of a hacker to help protect your business from threats like malware? The MITRE ATT&CK framework is the perfect place to start. 

What is the MITRE ATT&CK framework?

The MITRE ATT&CK framework is a detailed knowledge base of the tactics cybercriminals use to target victims. Using real-world examples, it shows you how hackers prepare, launch, and execute attacks. 

The framework matrix is split into tactics and techniques. A tactic is a goal the cybercriminal wants to achieve, such as accessing credentials. A technique is the action or actions that achieve the tactical goal, such as brute force. 

It exists to help businesses understand how cybercriminals behave in the preparation and execution of an attack. This helps raise awareness of common threats and how you can detect them in action.

Did you know 47% of SME leaders feel more at risk of cyberattack since the start of the cost of living crisis? Find out why in our latest report.

What does ATT&CK stand for?

ATT&CK is an acronym for adversarial tactics, techniques, and common knowledge. 

A deeper look at the MITRE ATT&CK framework

The framework covers 14 tactics:

  1. Reconnaissance – finding information to plan an attack
  2. Resource development – building resources to support operations
  3. Initial access – entering a network
  4. Execution – running malicious code
  5. Persistence – maintaining network access
  6. Privilege escalation – gaining advanced access permissions
  7. Defence evasion – avoiding detection
  8. Credential access – stealing account information
  9. Discovery – gathering system and network intelligence
  10. Lateral movement – controlling remote systems
  11. Collection – gathering relevant, goal-related information
  12. Command and control – communicating with systems without detection
  13. Exfiltration – stealing network data gathered at the collection stage
  14. Impact – disrupting service availability and data integrity 

Each tactic includes a list of techniques that explain how a hacker achieves their goal, alongside mitigation information, detection tips, and references for further reading. These are updated twice a year from public threat intelligence and incident reporting, so the information stays relevant. 

It’s suitable for any organisation using:

  • Windows, macOS, or Linux IT systems
  • Network infrastructure devices
  • Container technologies
  • Cloud services such as IaaS, SaaS, Office 365
  • Android and iOS mobile devices

Keeping your organisation secure

The framework is a great resource to include in your cybersecurity strategy. 

It encourages collaboration and information sharing, is easy-to-follow, and helps you improve your knowledge and cybersecurity posture. And, it’s free. 

Use it alongside other cyber defence methods to give you broad coverage against common threats, including: 

Active monitoring

Investing in an outsourced security operation centre for 24/7 protection from cyber threats on all devices that access company data.

Software

Using robust antivirus or anti-malware software to prevent, detect, and remove malicious software.

Training and qualifications

Mandatory security training for all employees and qualifications like Cyber Essentials, Cyber Essentials Plus, and ISO 27001

Get started with the MITRE ATT&CK framework

With such a powerful resource at your fingertips, you’re only going to benefit by including the MITRE ATT&CK framework in your cybersecurity strategy. Share it with your colleagues so you can all play an active role in protecting your organisation from attacks. 

SME cost of living crisis

Social media savvy: privacy settings and security on social platforms

security on social platforms

Social media platforms connect us with friends, family, and colleagues but can also be a goldmine for attackers. This blog post looks at the world of social media privacy and security, exploring the potential threats and steps you can take to protect yourself (and your business) from them.

Social media at home and work

Social media plays a big role in both our personal and professional lives. In our personal lives, we use platforms like Facebook, Instagram, and Twitter to stay connected with loved ones, share updates, and follow our interests.

In our work lives, LinkedIn is a go-to for professional networking, while companies use platforms like Twitter and Facebook for marketing and customer service.No matter how we use social media, it's crucial to understand the potential risks.

The threats you face when using social media

Sharing information online comes with inherent risks. Common threats include:

  • Social engineering: Attackers might try to manipulate you into revealing personal information or clicking on malicious links.
  • Malware: Links or downloads shared on social media can infect your device with malware that steals data or disrupts your system.
  • Phishing scams: Fake accounts or posts might try to trick you into sending money or sharing personal details. In addition, spear phishers will often use social media to gather background information on targets. 
  • Privacy violations: Without carefully calibrated settings, your personal information and online activity could be exposed to unintended audiences.

Social media scams in practice

Operation Dreamjob

In 2023 cybercriminals from the Lazarus group, an alleged North Korean state-sponsored hacking organisation, targeted employees at a Spanish-based aerospace company.

Under the campaign ‘Operation Dreamjob’, the cybercriminals identified employees on LinkedIn, introduced themself as a recruiter from Meta and commenced a fake recruitment process.

As the victim progressed through the rounds of the ‘recruitment process’, they were asked to demonstrate their competency by downloading and completing a quiz.

In this case, the victim downloaded the quiz using a work computer. Unfortunately, the download contained more than a quiz and the attackers used this to access the company’s critical systems. 

This followed a similar attack by the same group in 2022 which used fake LinkedIn job offers to steal $625 million from the Ronin Network, a blockchain network that powers the popular crypto games Axie Infinity and Axie DAO.

Below is an example of what these attacks typically look like.

A bad romance

In my previous life as a cyber detective, I saw firsthand how cybercriminals frequently harness social media. This ranged from using social media platforms to execute their attacks, like above, or obtaining information from them. 

In a previous blog post, I wrote about the case of a business owner who lost thousands of pounds after falling victim to social engineering. In this attack, the cybercriminal used open-source research to find out information about their target - the business owner. The business owners' use of social media to advertise their business enabled the cybercriminal to locate a business website, mobile number and key information about the business owner that enabled the attacker to go on and effectively build a relationship with the victim.

You can read more about this attack here.

What can you do to protect yourself?

Here are some key steps to take control of your social media privacy and security.

1. Review and adjust privacy settings

Every social media platform offers privacy settings that allow you to control who sees your posts and profile information. Where possible, set everything to 'private' or 'followers only'.

2. Be mindful of what you share

Think twice before sharing personal details like your birthday, address, or phone number. Could this information be used against you?

Don't click on links or download attachments from unknown senders.

4. Use strong passwords and enable multi-factor authentication

These measures add an extra layer of security to your accounts and prevent you from being the low-hanging fruit cybercriminals target.

6. Be cautious about location-sharing

Consider disabling location sharing on your posts or using it selectively. Also consider what location information is in the backgrounds of your photos, as this too can be used by cybercriminals. 

7. Limit third-party app access

Review and restrict third-party apps’ access to your social media accounts, including add-ons and plug-ins. And, if you need to use these tools, ensure they're reputable first.

The founding fathers of social media created it with a utopian vision of connectivity. And, although social media has fallen a long way from those halcyon days, that doesn’t mean you can’t use it safely.

By understanding the risks and taking proactive measures, you can create a safer and more secure social media experience. Remember, privacy and security are ongoing processes, so regularly review your settings and stay informed about evolving threats.

Want to know more about the threats facing small businesses? Check out our guide to SMEs and the cost of living crisis. In it, you’ll find insight from real small businesses on the threats they face and practical suggestions for mitigating them.

SME cost of living crisis

What is quishing and how can you protect your business?

what is quishing

Quishing or QRishing is a brand of phishing scam that uses QR codes to trick victims into downloading malware or sharing personal data. Despite its unthreatening name, quishing poses a real risk to businesses. However, with the right knowledge, you can stop your business from falling prey to these attacks, read on for everything you need to know. 

Why QR codes? 

Read most media and you’ll see plenty of stories about the security threat posed by AI or the latest nation-state attack. However, cybercrime doesn’t have to involve the latest tech or be the height of nefarious sophistication. In fact, it’s often simple scams that get you. 

QR codes have been around for almost three decades. Very few people think of them as on the bleeding edge of technology, more something you use to attend an event or scan for a marketing gimmick. Yet, since they’ve seen a resurgence in their use post-pandemic, they’ve stirred up a hornet’s nest of security problems. 

The most prominent of these problems is quishing. QR code technology might not be sophisticated by today’s standards, but it does lend itself well to phishing scams.

Why? Unlike a URL or email address, QR codes are hard to evaluate for legitimacy. A QR code is opaque to the human eye, making it indecipherable without a scanner. This means that by the time the victim has realised the QR code is bogus, it’s often too late. 

Did you know that 47% of SME leaders believe cybercrime has increased during the cost of living crisis? Read our report to find out why.

How big is the threat?

Phishing is by far the most common form of cyberattack. According to the DCMS Cyber Security Breaches Survey 2024, 84% of businesses in the UK experienced a phishing attack in 2023. 

When it comes to quishing specifically, the scant figures available are equally ominous. Research from cybersecurity company Vade detected over 20,600 quishing attacks in one seven-day period in 2023.

What’s more, it isn’t just the spectre of falling victim that threatens businesses. If your business uses QR codes, cybercriminals could hijack them to target your customers. 

What does a quishing attack look like?

Quishing attacks are versatile and can take any number of forms. We’ve seen examples of them conducted in person, with a scammer approaching the victim and asking them to scan a QR code for some sort of benefit. However, the most common approach is to send an email, much like a typical phishing scam, with a QR code included.

This approach was exemplified by the Microsoft 365 quishing attack in 2023. The attack began with a phishing email asking users to reactivate their multi-factor authentication (MFA). The email used the Microsoft Authenticator logo giving it a veneer of legitimacy. Once the victim scanned the code and clicked the embedded link they were sent to a webpage that infected their device with malware.

Microsoft eventually managed to get the situation under control and issued these instructions for detecting a scam, but not before thousands of users had been attacked. 

The most obvious fallout from a successful quishing scam is financial harm. Research from BDO found that among the six in ten organisations in the UK hit by phishing scams the average loss was around £245,000.

What are the consequences of a breach?

However, the potential consequences can hit more than your pocket. If the scammers manage to steal customer’s personal data, you could also be looking at serious reputational damage and regulatory fines. What’s more, your standing among partners and suppliers could take a hit too. 

How can you protect your business? 

Like all phishing attacks, quishing relies on social engineering to trick victims. This means it can be tricky to recognise a bogus QR code, particularly when it’s attached to a seemingly legitimate message. But that doesn’t mean it’s impossible. Here are a few things you can do to protect your business.

1. Provide cyber awareness training for staff

Staff security training is the most important tool for protecting your business from quishing attacks. The rationale behind this is simple. If your employees aren’t aware of what cyber threats look like, they’re much more likely to fall foul of them.

Cyber awareness training can go a long way towards resolving this problem. It can give them the basic cyber skills to spot and avoid a potential threat. And, it needn’t be extensive or time-consuming, just a few hours a month on the basics and regular updates on new threats can make all the difference. 

2. Deploy MFA

Multi-factor authentication (MFA) adds an extra layer of security for your business, making it much harder for hackers to gain access. You likely already use MFA in some aspect of your online life, it’s now a requirement for most banking accounts. But if you haven’t already, switch it on for any system or application your business uses.

3. Use an Anti-malware tool 

Anti-malware software focuses on defending against the latest threats. An effective tool should protect your business against ransomware, spyware, sophisticated phishing attacks, and zero-day attacks. Most anti-malware tools constantly update their rules, meaning you’ll be protected swiftly against any new threats, including the malware injected by quishing scams. 

4. Protect your network

Your network is the gateway to your business. It’s what spear phishers are ultimately trying to gain access to when they attack you. Through it, a hacker can access just about anything your organisation does. So protect it, and protect it well. The four most simple things you can do to strengthen your network immediately are:

  • Install a network firewall to filter network traffic
  • Use a VPN to encrypt network traffic
  • Segment your network to eliminate single points of failure
  • Regularly update your router’s firmware

5. Follow software providers’ advice 

As we saw in the example earlier, cybercriminals will often try to imitate software providers when launching a quishing attack. Software providers such as Microsoft are all too aware of the threat and many have released guidance on how to counter a scam. 

6. Limit user access

Limit who has access to what within your business. Staff should only have admin rights within a system or application if it’s critical for their role. It might sound a bit draconian, but the reasoning behind it is sound. If a cybercriminal compromises a user account through a phishing campaign, the fewer permissions that account has the less damage a hacker can do.

7. Tie it all together 

Don’t be put off by the length of the list above. If you’re unsure about where to start, complete a cybersecurity accreditation like Cyber Essentials or ISO27001 certification. 

These certifications can help you adopt good cybersecurity practices (including all of the above) and build your cyber confidence.

However, you also need something that keeps your cybersecurity baseline consistently high, year-round. This is where continuous cybersecurity monitoring tools like CyberSmart Active Protect can help by giving you an ‘always-on’ view of your business’s defences.

Want to know more about the threats facing small businesses? Check out our guide to SMEs and the cost of living crisis. In it, you’ll find insight from real small businesses on the threats they face and practical suggestions for mitigating them. 

SME cost of living crisis

Antivirus vs anti-malware: what’s the difference?

Antivirus vs anti-malware

Antivirus and anti-malware are the basic building blocks for any small and medium enterprise’s (SME) cybersecurity strategy. They’re the most well-known cybersecurity tools, and it’s rare to find a business that doesn’t use one.

But do you know what they protect you from, the difference between an antivirus and an anti-malware, and whether you need both? Let’s explore these key talking points.

Malware vs viruses

Before discussing the merits of the two types of software, we must tackle the difference between viruses and malware. Most people assume that the two things are synonymous. Isn’t ‘virus’ just a slightly dated way to say ‘malware’?

That’s almost correct. However, this is the world of cybersecurity, so things are always a little more complicated than they first appear.

The term ‘virus’ describes malicious code that can reproduce repeatedly – just like a biological virus. The code damages your device by corrupting your system or destroying data. Viruses are also usually considered legacy threats that have existed for a long time, and today’s cybercriminals rarely use them.

On the other hand, malware is an umbrella term that refers to many different threats. These range from ransomware to spyware and even some newer viruses (confusing, we know). The key difference is its novelty. 

The threats under the term malware are new, constantly evolving, and very much in use among modern cybercriminals. So, antivirus software providers have upped their game to protect customers.

Considering cybersecurity certification but not sure where to start? Check out our guide to certifications in the UK.

Antivirus vs anti-malware: the key differences explained

As you might expect, antivirus usually deals with older, more established cyber threats. To illustrate, think of warnings from the noughties – endless error pop-ups, trojan horses, and worm viruses. These attacks typically enter your business through tried and tested routes such as email attachments, corrupted USBs, and other standard cyber threat delivery methods.

These cyber nasties are generally very predictable and easy to counter. However, they can still do plenty of damage if left unchecked. 

Anti-malware

Anti-malware software focuses on defending against the latest threats. A good anti-malware protects your business against ransomware, spyware, sophisticated phishing attacks, and zero-day attacks. Anti-malware usually updates its rules faster than an antivirus, making it the best protection against any new threats you might encounter. 

Antivirus vs. anti-malware: which should you choose?

At this point, you might be wondering why you need an antivirus if anti-malware can protect your devices against the most common types of cybercrime

Although this is a valid question, it’s a risky way to approach cybersecurity. Sure, most of the threats covered by antivirus might be dated and rarely used by the bad guys. However, that doesn’t mean they no longer exist or that they can’t still give you a significant cybersecurity headache.

Doing without antivirus is a bit like a state deciding to focus exclusively on protection from nuclear threats while neglecting the potential for invasion by land. It’s a flawed approach that leaves your business open to attack.Instead, it’s better to take a layered approach to your cybersecurity – by which we mean installing antivirus and anti-malware software to protect your business against new and old threats. 

Choosing cybersecurity solutions isn’t an either/or dilemma

Antivirus and anti-malware aren't mutually exclusive. A truly effective cybersecurity strategy includes tools, training, and measures to counter any threat. Something as simple as a Cyber Essentials certification ensures your business complies with the basic requirements to deter cyber threats. This is because the steps to get qualified include:

  • Data encryption
  • Firewalls
  • User access management
  • Software and operating system updates

You get support and clear step-by-step instructions for mitigating malware in your business so you don’t overlook any vulnerabilities. Learn how easy it is to get certified today.

Cybersecurity certifications