Summer days are here. As people begin to gather in the parks again and shops re-open, it’s beginning to feel like life is going back to normal. But for many of us, that normal won’t include going back to the office.

Consulting company Global Workplace Analytics estimates that after the pandemic, 30 percent of the entire workforce will continue to work from home regularly. Armed with Zoom and our Slack channels, we’ve succeeded in proving that a team doesn’t need to be in an office together everyday to get things done.

But while a new remote world is great news for the weary commuter of 2019, it’s also great news for the cyber criminal. Over the past few months, cyber crime increased as hackers take advantage of employees who are used to relying on their offices and IT staff to protect them.

It can be hard to convince staff of the importance of digital security. After all, most people outside of IT tend to think of cyber crime as something planned and targeted- a mastermind hacker out to get critical information from the government or cause trouble for a big corporation.

What would they want with my little business? I’m too insignificant to be targeted for cyber crime. This is the wrong way to think about it. Most cyber criminals are just opportunistic. They didn’t choose to rob your house because they knew you had a stash of cash under the bed (or all your passwords on your desktop). They chose it because you left the door open.

Using unsecured networks, not keeping software up to date, reusing passwords- there are a lot of ways to open the door. Luckily, many of these risks follow similar patterns and can be avoided through a few fundamental security practices. The most effective thing businesses can do right now to protect their data, their employees, and their customers is to educate their workforce on what these are and why they are important.

Here are some of the biggest (but pretty simple) mistakes your remote team might be making:

People having access to data they don’t need
According to data by the UK’s Information Commissioner’s Office, employee error continues to be a leading cause of data breaches. They might fall for a phishing attack or just accidentally send an email with a sensitive attachment to the wrong person.

One way to easily reduce the harm caused by data breaches, is to only give employees access to information they need to do their job. It might be easier to make a folder on Google Drive accessible to everyone in the company, but it also means you’re opening a lot more doors to that data than you need to.

Unsecure networks

While people can be generally pretty savvy in terms of updating their own machines ( laptops etc) they generally forget about their routers after they set them up at home. When you first get a router, it’s important to login to change your usernames and passwords (which can be easy for hackers to find online) and to turn on Wireless Network Encryption.

Employees can also use a VPN (Virtual Private Network) to change their IP address, so hackers can’t see the actual location of their device. It could also allow employees to access company information from personal devices. As a business, encourage employees to follow the same protocols you had in your office in terms of accessing company data.

Out of date software and devices

It’s extremely important to keep all hardware up-to-date – from laptops, routers, servers or the increasing number of IoT devices in the home to protect against things like ransomware attack. Ransomware attacks are among the fastest growing cyber threats (one report projected that in 2021, companies will fall victim to an attack every 11 seconds). Software patches are released all the time to protect against known vulnerabilities but they don’t work if the system is outdated. Making sure you are using up-to-date operating systems and that software is running on the latest version is a critical part of cyber hygiene.

Not taking security seriously

Most people outside of IT have been guilty of this at some point. It’s just simpler to have one password for everything! And my wife’s birthday is the easy to remember! (most of the time). But these little things can have big consequences- particularly when employees are using personal devices for work. A personal phone that has access to the company Slack channel, needs to be just as a secure as a PC in the office.

The majority of breaches are made through simple human error. We weren’t paying attention and accidentally sent an email we shouldn’t have. It’s critical that employees know what data in your business is sensitive and the consequences of a breach.

Lack of education

Sometimes data breaches happen because people just don’t know how to see them coming. For example, as phishing scams become increasingly sophisticated, employees need to know how to spot a suspicious email and how to report it.

Recent reports show that employees aren’t big fans of security. 42% of staff state that their company’s security policies (like having to have an IT admin install new software) make it more difficult to do their job. This is why education is so important.

We launched a page specifically designed to offer resources for small businesses who are transitioning to a remote work environment. These include company policies and a security checklist for employees.

The reality is that in this unstable economic environment, businesses are less likely to invest in their cyber security. But cyber security doesn’t have to be expensive or confusing. This kind of basic cyber hygiene can go a long way in preventing the threats we’re seeing increase on a daily basis.

The dream of working from anywhere in the world may finally be materialising for many. Let’s make sure it happens safely.

Show your customers you value their data by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

We’ve always had a strong work-from-home culture here at CyberSmart. We’ve got team members based all over the globe and encourage staff in London to work from wherever they work best. We are, in many respects, ‘remote by design.’

But this week, for the first time, we took the step along with businesses across the world to send our staff home and go fully remote in light of the spread of the coronavirus. 

As we make our way through this first week, hunkered down in our kitchens and living rooms, we’ve implemented a few new office rituals to help keep up team morale. Here are a few of the practices we’ve been using to stay sane:

Stand-up and stand-down meetings

Working from home can be disorienting. You’ve got dogs begging for walks and dishes demanding to be washed while a never ending stream of work alerts is pinging from your computer screen. The line between life and work can be very difficult to see. 

To combat this ambiguity, we have implemented two standing meetings at the start and end of every day. These offer a clear marker for the beginning and end of the workday and provide an opportunity to share priorities and struggles, and to make sure we all know where we’re heading together.

Using a variety of communication channels

We haven’t changed our communication channels since transitioning to a remote setup, but we’ve quickly realised how valuable they are. Obviously, instant messaging is important in the absence of face-to-face contact, but having different messaging channels for distinct purposes is also key. 

We use Slack for real-time work messages and WhatsApp for generally aligning the team. Project management software like Monday.com or Asana provide a space for organising and scheduling tasks.

Obviously, instant messaging is important in the absence of face-to-face contact, but having different messaging channels for distinct purposes is also key.

Shared lunches

Did you know the word ‘companion’ comes from the Latin roots of ‘com-’ meaning ‘together’, and ‘panis’ meaning ‘bread’? Sharing a meal- breaking bread together- is an age-old bonding experience for us humans and our regular office team lunches were something we knew we would miss when we went our separate ways. We use Google Meet or Slack so we can dial in once a week to see each other’s faces as we devour our respective fridge leftovers.

Tavern

Every Thursday afternoon we do something called Smart Culture and Smart Work in the office. We grab a beer from the fridge or make a cuppa and talk about our company culture, our values, and the way we work. It’s a place where we as employees can help shape the development of the business.

Since we have gone remote this time has become precious. It may be the only opportunity we have in a week to reflect together on the way that we work (something that’s changing shape everyday). We have strong core values but are we living them? Who did a fantastic job this week? What’s blocking our communication between teams? What can we change to support one another better? 

Social (distance) bonding

As with team lunches, our monthly team socials have also been forced into the virtual world. Maintaining a sense of camaraderie while apart is critical right now, so we are experimenting with ways to continue to bond across the void. Online games and virtual farming are on the cards, but we’ll have to see what the next few weeks bring. 

Has your team gone remote to combat the spread of coronavirus? What are you doing to keep up spirits and ensure business continuity? As an information security company, we urge you to be aware of the vulnerability to security breaches that can come with remote working. To help address this issue, we have set up a special page for small businesses focused on resiliency during COVID-19. There you can find more information on best practices and free, downloadable checklists and policy packs for your own use.

As the Covid-19 virus outbreak continues to escalate across the planet, I would like to update you on how the situation is being addressed at CyberSmart. 

First and foremost, our thoughts are with all who have been affected by coronavirus, especially the ones who have contracted the virus and to their families that support them. Our team wishes you a speedy recovery.

Our team, customers and partners

The safety of our employees, their families, and our partners and our clients, is our greatest priority. That is why we have transitioned the business to fully remote operations, effective as of Monday 16th March. 

Remote working is a practice that has been tried, tested and encouraged since the beginning of our business – we are “remote by design”. With team members across the globe, the ability to work remotely has always been an integral part of our business continuity strategy, and we are grateful for that now. This experience allows us to continue delivering our services to the highest standard, and uninterrupted, even in unprecedented times like these. 

We will be releasing these very practices we follow, alongside tips from our team, on our new dedicated small business resilience page .

We hope this information helps our customers, partners and any other members of the business community to take on remote working safely and productively.

Business as usual

CyberSmart’s daily operations are carrying on unaffected and we foresee no impact on our operations. With information security at the core of what we do, our team is particularly well-prepared to maintain business as usual, and continue to serve our customers with the highest quality of service.

Because of our remote capabilities, we are now delivering all certification fully remotely. This includes Cyber Essentials Plus which is normally conducted by an in-person auditor. However, our team of assessors is able to use the CyberSmart app to remotely test all devices who have it installed and help you achieve certification. Remote audits can be conducted regardless of if your team is in the office or working at home. We support both company provided and users own devices (BYOD) so all situations are catered for. As always, we commit to rapid turnarounds – we will get you certified in as little as 24 hours for Cyber Essentials and 7 days for Cyber Essentials Plus. 

Be aware of your security

I’d like to urge our customers and the public about the importance of cybersecurity to businesses right now as we are seeing an increase in opportunistic people using these ambiguous times to make gains for themselves through phishing and cyber breaches. 

We urge you to take a look at our content for all the tips to make your business safe and, should you have questions, please contact our team. We are here to use our in-house expertise to aid and advise, free of charge.

We urge you to take a look at our content for all the tips to make your business safe and, should you have questions, please contact our team. We are here to use our in-house expertise to aid and advise, free of charge.

CyberSmart is here to help

These are unprecedented, challenging times and I believe we will only make it through by bringing the business community together and supporting each other. As we become more socially distant, it is more important than ever that we stay connected. 

Please feel free to reach out to me and our team on hello@cybersmart.co.uk if there’s anything you think we can support with.

Stay positive, stay healthy and remember – together we are stronger.

Jamie Akhtar

Still using the password you conjured up for your first email account in 2002 featuring your favourite footballer? We hope not. Passwords play an absolutely essential role in the security of your company and weak passwords are some of the easiest way for hackers to breach your cyber defences through employee accounts.

In this article we’ll be sharing advice on how to avoid this common, but easily avoided, security pitfall.

Minimum password length for systems

For all password-protected systems, your business should try to follow these basic steps when configuring them:

• The minimum length for a password should be at least 8 characters including all alphabets, symbols, and numbers.
• There should be no maximum password length.
• The system should not allow the user to set a password that does not meet the minimum length requirements for it.

The requirements mentioned above are simple to understand but can be difficult to implement. It is important to note that these rules need to be established across all password-protected devices and software.

To meet this requirement, you need to consult with your IT manager to ensure that all devices and software (whether third-party or proprietary) enforce the minimum password length.

Enforce a secure password policy

A password policy is used to establish the rules and requirements for setting passwords. Creating a secure password policy for staff helps businesses protect themselves and allows them to meet the password requirements under the government’s Cyber Essentials certification scheme.

The goal of a password policy is to take away the burden of individual users to create solid passwords. However, users should still be made aware of the password policy so that they pick sensible passwords for their email, devices, and other accounts.

Other than the minimum password length requirement mentioned above, your employees should:

• Avoid obvious passwords that can be easily discovered or guessed such as their name, phone number, birthdays. That goes for your pet’s name too.
• Not choose common passwords such as the ‘abcdefgh’, ‘12345678’. This can also be implemented through a blacklist that prevents users from keeping common passwords.
• Memorise their passwords instead of recording them whenever possible. Don’t email them to yourself or keep them in your Notes.
• Not use the same password for different accounts. 45% of Brits have the same password for half of their online accounts. Not great.
• Use password management software or other secure mechanisms for storing and retrieving passwords.
• Require the system to:
  • Protect against brute-force password guessing algorithms by locking accounts after a set number of unsuccessful attempts to enter the password.
  • Change default or common passwords to random non-guessable passwords.

If you want to see how long it would take a computer to guess your current passwords, check out HowSecureIsMyPassword.

Conclusion

Ensuring the use of strong passwords is a key step towards becoming digitally secure. 

CyberSmart helps businesses comply with Cyber Essentials by simplifying the process of compliance for them including complying with password regulations. If you would like to learn more about how to implement a password policy for achieving Cyber Essentials, get in touch with us.

Cybersecurity is an issue that most people don’t take seriously until the worse happens- from stolen customer data to electrical blackouts or paralysed information systems. And unfortunately, these incidents have been steadily rising for small businesses.

Basic controls like firewalls and strong password protections can go a long way in protecting you but if your business isn’t up-to-date in terms of security protocols and practices, then you’re likely at a far higher risk than you think of security breaches, data loss or even malicious attacks from hackers and outside sources.

Before it gets to that point, though, recognising that your system isn’t secure is an excellent place to start.

If you, or your staff, have spotted any of these red flags within your system, then it might be time to invest in better cybersecurity, or even consider our 24/7 cyber monitoring software to boost the safety of your business:

Errors or out-of-date notices on software

We’ve all been known to ignore warnings and errors related to the software we use, especially if that particular piece of software continues to work correctly. But out-of-date technology, particularly software connected to the internet or cloud, can be an open door for hackers.

If you’ve noticed errors or out-of-licence notices on company software, updating your processes and guidelines to ensure this is reported, and any updates are done swiftly, is best practice.

OS systems that are not updated to the latest version

Many employees are guilty of this particular security issue. Leaving computers on overnight and never allowing updates to occur may allow for a quicker start to the day, but it’s not worth the security risks it brings. If you find employees regularly lagging behind on the latest OS updates, completing these updates should be included in the responsibilities of your IT team to ensure your company is compliant.

An increase or influx in spam emails or potentially harmful links

Outdated or less secure email systems can lead to a significant increase in the amount of spam your business receives which could have harmful attachments and links included in them. Ensuring your firewall, spam systems, and other security measures are up-to-date can prevent problem emails from reaching you. If you’ve noticed a sudden increase, ensure all your systems are up to date.

All too often, businesses forget all about their cybersecurity requirements until problems occur – whether it’s a virus in the system, a hacking attempt or a full-on ransom demand.

That’s why CyberSmart’s simple app and dashboard alert you any time a device in your company has a firewall disabled, is behind on updates, or needs a software update. Beyond certification, we offer the kind of 24/7 protection that will keep your business, employees, and customers safe in the world of 2020.

To learn more about our software and certification services, contact CyberSmart today.

The information age has given businesses a new set of responsibilities for customer data that just didn’t exist before, including anything from basic name and address details all the way through to legally sensitive details, medical records and serious financial data. This has enabled major advances in everything from logistics to advertising and healthcare, but it’s also a major burden for companies – so how can you make sure you’re doing your best?

Change behaviours

While the tricks and tools that hackers use to get at your data are genuinely becoming ever more sophisticated, by far the most popular way to steal from you is with the good old fashioned confidence trick. Fake email solicitations, clones or mirrored websites and even the impersonation of trusted contacts can get your staff to hand over data voluntarily – so make sure a culture of suspicion is built into your workforce. Set up a secure inbox that staff can forward suspicious emails to, so IT can safely dispose of them, and make sure to train staff regularly to spot fraud.

Layer your defences

The holy grail of any hacker’s attacks is to get at not only the target of their crime but all your other data as well. While one file may not be enough to cause harm, it can be linked to other files that can be used cumulatively to carry out more serious attacks on people like identity fraud, so make sure you have several layers between other areas of your systems so one breach doesn’t cascade into several. It can also help to restrict access on a need to know basis, so accidental breaches simply can’t happen or ban things like portable disk drives just in case.

Trust the experts

While it’s totally possible to fashion your own defences, it’s hard to give your customer true peace of mind without some official credentials to back it up. Using software with IASME backed certification like Cyber Essentials or Cyber Essentials Plus ensures that you have the industry’s gold standard protection in place, and with the GDPR Readiness standard you can become GDPR compliant and showcase your efforts to world-class customer data security, which in turn can open doors to new contracts with companies who insist on only working with the most secure firms.

Keep your patches up to date

Another sadly common way that hackers access your systems is through known back doors in software that has been fixed but isn’t the latest version with repairs included. These obvious flaws are like gold dust to hackers who can just stroll right in, so it’s a good idea to get software like CyberSmart Active Protect that automatically detects old versions of operating systems as well as software vulnerabilities. Find out more.

Many small and medium businesses avoid thinking about their cybersecurity. This may be for a number of reasons, including fear, financial constraints and human resource issues. Predominately, however, many businesses do not focus on their cybersecurity as they believe cyber threats are only real for large businesses. Unfortunately, small to medium-sized businesses are often the target of malicious cybercriminals due to their weak cybersecurity. Below we look at some commonly overlooked threats in SME cybersecurity.

USB sticks 

Due to their small size, USB sticks are portable which makes them incredibly useful. However, USB sticks are therefore also very easy to steal and manipulate if they are not kept in a safe place. Harmful bugs and virus software can be installed on USB sticks so it is essential that you never plug a USB stick into your computer if it has been out of your possession, e.g. if you have been given one for free or if your missing USB stick is miraculously returned to you. It is also important to make sure your USB stick is encrypted and password protected. 

Zombie accounts 

In 2019, GDPR was undoubtedly a dominant topic, and the new regulations forced businesses to consider how they find and store their data more than ever before. Even if a business is compliant with GDPR, they still need to consider the risk of zombie accounts. Zombie accounts are online accounts closed by their user and then re-opened again by a third party, without the original user’s consent. Business owners should also be aware that zombie accounts can also be the accounts of previous employees, giving hackers access to your website and private business information. Identifying, deactivating and deleting any potential zombie accounts is essential to ensure the safety of your business. Cybersecurity services, such as Cyber Smart, can help you do this. 

Data security 

To ensure you can maintain the legally required GDPR compliance, storing your client’s data safely is essential.  Many businesses find data storage overwhelming and feel they don’t have the time or resources to properly understand or manage their data. There are, however, easy steps you can make to ensure your client’s data is protected. 

• Implementing strong passwords is essential to protect your self from a security breach. Using a combination of capital and lower-case letters, numbers and symbols and make it 8 to 12 characters long will make your password hard to crack. 
• Install a firewall – In order to have a properly protected network, firewalls are a must. A firewall protects your network by controlling internet traffic coming into and flowing out of your business. 
• Making sure your computer is properly patched and updated is a necessary step towards being fully protected. Updating your programs keeps you up-to-date on any recent issues or holes that programmers have fixed. 

Cyber Smart can help your business earn Cyber Essentials Plus certification, the highest level of this government-backed certification, helping you ensure your company is safe against the most common threats. In achieving this certification, you can be confident you are protecting your business, data and give your customers the added assurance.

If your business is hit by a cyber-attack, not only could you stand to lose a lot financially, you will also lose the trust of your clients, something that is almost impossible to regain. To ensure you avoid such a problem, contact CyberSmart today and a member of our expert team will help improve your cybersecurity.

There’s no doubt we live in a digital world, and most businesses realise the danger they face if they fail to get on board with the latest trends. After all, few companies, if any, lack an online presence. That means much of small businesses’ data is stored on hard drives in local computers and servers in the cloud. Therefore, it’s time you took measures to ascertain the integrity and security of your company’s data because as most organisations are starting to realise, cybersecurity is the key to fast business growth in the digital era. How? 

It helps you outsmart the competition 

Hackers are opportunists. The recent ransomware attacks we have seen plaguing national and international companies and institutions such as the NHS are a menace, with cybercriminals looking for any means possible to gain access to sensitive data. Considering that most companies have a digital presence, this means attacks are simply growing as hacking software becomes more sophisticated. As such, clients are increasingly looking for this reassurance from companies they do business with, meaning that offering robust cybersecurity is increasingly being used to outsmart the competition while safeguarding your data. 

It makes threats less likely 

Most companies are turning to cloud technology because it has been deemed the most secure, and it enables collaboration on a global scale. In the cloud, companies can access their data from anywhere in the world and share it with key stakeholders. However, to appreciate the power of cloud technology, it’s essential to plan carefully and invest in professionals who can optimise the technology for utmost security. Without these resources, your company stands to receive threats like denial of service, data breaches, management of remote identities, or insecure external applications, which can damage your company’s reputation and hamper its success. 

It demonstrates compliance 

Following best practice and industry standards for cybersecurity is essential if your company is to be trusted by current and prospective clients, and if you are to hold a commanding position in your market. Failure to comply with modern cybersecurity and data privacy standards like Cyber Essentials and IASME GDPR Readiness doesn’t just place your business and your client data at risk, it also means you could be landed with a heavy penalty for any breaches that could stunt your company’s development. These regulations have been established to protect and prolong the existence of SMEs like yours, as well as their stakeholders, so remaining compliant is critical. 

Investing in cybersecurity is essential to the growth of your business. By neglecting it, you not only hinder the development of your company but also place it at risk of irreparable damage. 

What’s more, investing in cybersecurity now can give your company the leverage it needs to innovate for the future. 

All through September, we will be sharing the free tips and tricks, that you can implement straight away to ensure your organisation protects itself from cybersecurity threats.

Currently in the UK, 32% of SMEs experience cyber-attacks every year, a figure that is increasing, with costs running into the thousands of pounds. With a few preventive measures, it is actually possible for you to fight these threats. By implementing various techniques, strategies, using free tools and being aware of the main ways your business might be targeted, you can take protect your business today.

Come back throughout September as we add more tips. It’s time to become CyberSmart.

1. Use Two Factor Authentication (2FA)

Adding an extra layer of security to your accounts can never be a bad idea. With a lot of platforms these days, 2FA is available, where you either: receive an SMS (least safe), Email (medium level safety) or authenticate via an app (recommended). There are free and premium solutions available, such as 1Password, allowing you to enable higher levels of security and 2FA across all your personal and business accounts.

2. Time to have an app clear out

Do you know all those apps you have installed but you never use, they should go. If you have apps that have been installed for months, not been updated, they could be full of vulnerabilities, waiting for a cybercriminal to exploit. When you delete these apps make sure to delete your account and unlink any credentials.

3. Are your email details available on the internet already?

This can be a scary thought but more than likely, your email has been compromised before. With the introduction of GDPR, more and more companies are openly admitting cyber breaches. We recommend using haveibeenpwned.com to check if your email has been compromised in a data breach before. Simply enter your email, check for breaches and address the situation.

4. Are you really going to plug that USB in?

You should be extremely careful with USB devices. Even after formatting, malware can still be present so ensure you completely trust the source of the device or go one better, do away with using USB full stop.

5. Update, Update, Update

Updating your apps and software can prevent 85% of targeted attacks. Make your business safer by allowing all updates to be automated, you don’t even need to think about it.

Make sure your operating system (on all your devices) and all applications are updated, at all times, updates are free after all.

6. Always lock your devices

It’s often funny when you walk away from your computer to come back and find a funny background picture, right? During the time you allowed for that to happen your business could have experienced a catastrophic and business impacting data breach (and many other potential risks).

Always lock your screens, and make them only accessible by you.

7. Might be 2019, but that doesn’t mean Antivirus is out of fashion

Antivirus is a necessity for all your devices, desktop and mobile. Without an antivirus, you are putting your business at risk of those pesky viruses but also of Malware, lurking in the background, dormant or actively damaging your device. There are many antivirus options out there, some may even come pre-installed with your device, others with free and premium versions. There’s no excuse not to be using an antivirus.

8. Turn on your firewall

Most operating systems come with a firewall and there’s a very good reason for this. Ensure all your business devices have this on, as it’ll create a buffer zone between your network and the internet, a highly valuable preventive measure for cyber attacks.

9. Ransomware, sounds scary but what is it?

Ransomware is one of the biggest cyber threats your business faces as it encrypts ALL YOUR DATA and locks you out of your device.  Then normally it requests a ransom payment of a few hundreds of pounds in order to give you a decryption key.

How do you protect yourself?

• Backup all your data (often and in different locations)
• Vital business information shouldn’t be only on your computer
• Don’t click on emails from unknown senders (and NEVER access .zip files in emails from these senders)
• Like we mentioned earlier, UPDATE your OS and apps
• Have an antivirus installed

10. Do you know how to spot a phishing email?

Firstly, a phishing email’s intention is an attempt to collect your personal data, and more than likely you have come across it one (or many) before.

• Serious businesses will never display your email address in the subject line
• Check out the sender and their email, try to spot how valid it is
• You don’t have to open an email just because it instils some sort of urgency (the more urgent it may look, the higher the likelihood of a breach)
• Always check links before you click.

11. Check back tomorrow

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.