If you’re like most people, no one ever taught you how to use a computer. Not properly. They aren’t like cars. Rightly so, we force excitable teenagers through a host of training before we let them behind the wheel. They spend months in lessons learning the basics of how to use it, maintain it, and control it before they can be trusted to take it out on the road.

No, at some point most of us just sat down at a screen, ignored the instruction manual, and relied on some well-designed user interfaces to figure it out ourselves.

This is a dangerous game. Your computer is not an isolated piece of hardware. It is linked to that greatest of connectors and stores of information- the internet.
These computers have access to your banking details, your shopping preferences, your personal data and correspondence and most of the time we’re operating them with very little training or testing.

As the world of cyber security develops, it’s important that businesses and customers have at least a rudimentary knowledge of basic terms which they may come across as they live and work via their computers. You don’t have to be an IT technician to protect your device, just as you don’t have to be a mechanic to check your oil.

We’ve compiled a short list of some of the most common terms in the cyber security world and what they mean for you. So hopefully, next time you see a prompt for two-factor authentication, you’ll take them up on it:

Antivirus
Antivirus software is used to prevent or remove unwanted malware from infecting a computer. Using this software provides a computer user with a safer working environment and a more efficiently operating computer. There are lots of companies offering anti-virus software including Avira, Symantec and McAfee.

Breach
An incident in which data, computer systems or networks are accessed or affected in a non-authorised way. Also known as a ‘hack.’

Bring your own device (BYOD)
An organisation’s policy that allows employees to use their own personal devices for work purposes.

Cloud
Where shared compute and storage resources are accessed as a service (usually online), instead of hosted locally on physical services. Resources can include infrastructure, platform or software services.

Digital footprint
A ‘footprint’ of digital information that a user’s online activity leaves behind.

End user device (EUD) or end point
Collective term to describe modern smartphones, laptops and tablets that connect to an organisation’s network.

Firewall
A network security system that monitors and controls incoming and outgoing network traffic. Establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

Malware
Malicious software – a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals.

Patching
Applying updates to firmware or software to improve security and/or enhance functionality.

Pentest
Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed.

Two-factor authentication (2FA)
The use of two different components to verify a user’s claimed identity such as a password and text to your mobile device. Also known as multi-factor authentication.

We’ve always had a strong work-from-home culture here at CyberSmart. We’ve got team members based all over the globe and encourage staff in London to work from wherever they work best. We are, in many respects, ‘remote by design.’

But this week, for the first time, we took the step along with businesses across the world to send our staff home and go fully remote in light of the spread of the coronavirus. 

As we make our way through this first week, hunkered down in our kitchens and living rooms, we’ve implemented a few new office rituals to help keep up team morale. Here are a few of the practices we’ve been using to stay sane:

Stand-up and stand-down meetings

Working from home can be disorienting. You’ve got dogs begging for walks and dishes demanding to be washed while a never ending stream of work alerts is pinging from your computer screen. The line between life and work can be very difficult to see. 

To combat this ambiguity, we have implemented two standing meetings at the start and end of every day. These offer a clear marker for the beginning and end of the workday and provide an opportunity to share priorities and struggles, and to make sure we all know where we’re heading together.

Using a variety of communication channels

We haven’t changed our communication channels since transitioning to a remote setup, but we’ve quickly realised how valuable they are. Obviously, instant messaging is important in the absence of face-to-face contact, but having different messaging channels for distinct purposes is also key. 

We use Slack for real-time work messages and WhatsApp for generally aligning the team. Project management software like Monday.com or Asana provide a space for organising and scheduling tasks.

Obviously, instant messaging is important in the absence of face-to-face contact, but having different messaging channels for distinct purposes is also key.

Shared lunches

Did you know the word ‘companion’ comes from the Latin roots of ‘com-’ meaning ‘together’, and ‘panis’ meaning ‘bread’? Sharing a meal- breaking bread together- is an age-old bonding experience for us humans and our regular office team lunches were something we knew we would miss when we went our separate ways. We use Google Meet or Slack so we can dial in once a week to see each other’s faces as we devour our respective fridge leftovers.

Tavern

Every Thursday afternoon we do something called Smart Culture and Smart Work in the office. We grab a beer from the fridge or make a cuppa and talk about our company culture, our values, and the way we work. It’s a place where we as employees can help shape the development of the business.

Since we have gone remote this time has become precious. It may be the only opportunity we have in a week to reflect together on the way that we work (something that’s changing shape everyday). We have strong core values but are we living them? Who did a fantastic job this week? What’s blocking our communication between teams? What can we change to support one another better? 

Social (distance) bonding

As with team lunches, our monthly team socials have also been forced into the virtual world. Maintaining a sense of camaraderie while apart is critical right now, so we are experimenting with ways to continue to bond across the void. Online games and virtual farming are on the cards, but we’ll have to see what the next few weeks bring. 

Has your team gone remote to combat the spread of coronavirus? What are you doing to keep up spirits and ensure business continuity? As an information security company, we urge you to be aware of the vulnerability to security breaches that can come with remote working. To help address this issue, we have set up a special page for small businesses focused on resiliency during COVID-19. There you can find more information on best practices and free, downloadable checklists and policy packs for your own use.

As the Covid-19 virus outbreak continues to escalate across the planet, I would like to update you on how the situation is being addressed at CyberSmart. 

First and foremost, our thoughts are with all who have been affected by coronavirus, especially the ones who have contracted the virus and to their families that support them. Our team wishes you a speedy recovery.

Our team, customers and partners

The safety of our employees, their families, and our partners and our clients, is our greatest priority. That is why we have transitioned the business to fully remote operations, effective as of Monday 16th March. 

Remote working is a practice that has been tried, tested and encouraged since the beginning of our business – we are “remote by design”. With team members across the globe, the ability to work remotely has always been an integral part of our business continuity strategy, and we are grateful for that now. This experience allows us to continue delivering our services to the highest standard, and uninterrupted, even in unprecedented times like these. 

We will be releasing these very practices we follow, alongside tips from our team, on our new dedicated small business resilience page .

We hope this information helps our customers, partners and any other members of the business community to take on remote working safely and productively.

Business as usual

CyberSmart’s daily operations are carrying on unaffected and we foresee no impact on our operations. With information security at the core of what we do, our team is particularly well-prepared to maintain business as usual, and continue to serve our customers with the highest quality of service.

Because of our remote capabilities, we are now delivering all certification fully remotely. This includes Cyber Essentials Plus which is normally conducted by an in-person auditor. However, our team of assessors is able to use the CyberSmart app to remotely test all devices who have it installed and help you achieve certification. Remote audits can be conducted regardless of if your team is in the office or working at home. We support both company provided and users own devices (BYOD) so all situations are catered for. As always, we commit to rapid turnarounds – we will get you certified in as little as 24 hours for Cyber Essentials and 7 days for Cyber Essentials Plus. 

Be aware of your security

I’d like to urge our customers and the public about the importance of cybersecurity to businesses right now as we are seeing an increase in opportunistic people using these ambiguous times to make gains for themselves through phishing and cyber breaches. 

We urge you to take a look at our content for all the tips to make your business safe and, should you have questions, please contact our team. We are here to use our in-house expertise to aid and advise, free of charge.

We urge you to take a look at our content for all the tips to make your business safe and, should you have questions, please contact our team. We are here to use our in-house expertise to aid and advise, free of charge.

CyberSmart is here to help

These are unprecedented, challenging times and I believe we will only make it through by bringing the business community together and supporting each other. As we become more socially distant, it is more important than ever that we stay connected. 

Please feel free to reach out to me and our team on hello@cybersmart.co.uk if there’s anything you think we can support with.

Stay positive, stay healthy and remember – together we are stronger.

Jamie Akhtar

As the span of regulations, risks, and budget evolves and your business grows, the maintenance of cyber security shouldn’t just be an afterthought – it should be part of the bedrock of your organisation.

The Cisco 2020 CISO study demonstrated that cyber security remains a high priority among executive business leaders, with an increase in investment for security automation technologies as the scale of complexity increases. 

While it’s helpful to have an automated security team in place to combat cyber attacks, there are several steps you can take as a business to protect yourself:

Strict access control (Zero Trust)

Zero Trust is a holistic information security framework and an essential component of cyber security. Rather than assuming all people and systems operating within a secure setting should be trusted, it relies on constant verification before granting access. 

This can be implemented through a series of steps. Firstly, data access should be managed by a multi-factor authentication (MFA) system. Only 27% of businesses are making use of an MFA system. 

Secondly, employees should be prompted to update devices to combat existing vulnerabilities, and user access to data management applications should be managed through central policies.

The Cisco report demonstrated that more than half of respondents noted that mobile devices are becoming an increasing challenge to defend. It suggests a zero-trust strategy as the best way to remedy this.

Updating regularly

This report showed that 46% of organisations were faced with incidents as a result of unpatched vulnerabilities. This means that a software provider issued an update in response to an issue but an employee failed to run the update.

Breaches to data management environments can cause hefty losses of data, and when patches are rolled out it is crucial to apply them immediately to limit the timeframe in which the vulnerabilities can be exploited.

Monitoring implementations

When cyber security practices are being continually developed and regulated, it becomes important to regularly monitor connectivity on the network or data applications to review how well the security measures are faring. 

Detection utilities should always be managed and routinely updated so that when incidents do arise, they can be properly investigated. Many small and medium-sized businesses have found CyberSmart’s monitoring app helpful for this purpose. It can be installed on any device and up-to-date information on every device’s security status is available through a centralised dashboard.

Centralise security essentials

The biggest factor in the growing challenge of propagating adequate cyber security is the level of complexity as a business scales. When an organisation utilises multiple security solutions, centralising them in an integrated platform reduces the complexity which makes it easier to manage, update and review security essentials. The benchmark found that 42% of respondents were more inclined to give up on maintaining adequate cyber security due to its complexity.

CyberSmart offers several ways for the cyber security of even smaller businesses to thrive, and our Cyber Essentials and Cyber Essentials Plus certification takes complexity into consideration and simplifies the process.

The number of cyber attacks have been increasing year on year. So far, 2020 doesn’t look much better.

January proved ominous, with a series of successful cyber attacks on organisations across the globe. Here are just some of the attacks over the first month of 2020:

Royal Yachting Association (RYA)

The UK’s national organisation for the yachting community became aware of a digital attack on 17th January. Online user account data was compromised and as a result, all members of the organisation had to change their passwords immediately.

A statement issued by the RYA said: “On 17 January 2020 we became aware that an unauthorised party accessed and may have acquired a database created in 2015 containing personal data associated with a number of RYA user accounts.

“Our investigation into this matter is ongoing and we have engaged leading data security firms, including forensic specialists, to assist in our investigation.”

Mitsubishi Electric targeted by Chinese hackers

One of Japan’s largest defence and infrastructure groups, Mitsubishi Electric, was also hit by a colossal cyber attack in the first month of this year. The attack was blamed on a Chinese group, who may have gained access to information on government agencies and business partners, as well as the personal data of 8,000 employees and job applicants.

Chief Cabinet Secretary of the group, Yoshihide Suga said in a statement that the Japanese Government was informed, while also confirming that “there is no leak of sensitive information regarding defense equipment and electricity.”

Detroit data breach exposes workers and residents

The email system of Detroit City Government was breached on 16th January. Although less than 10 email accounts were affected, some of the accounts contained sensitive information that could be exploited by cyber criminals. Luckily, most of the email data was encrypted.

The city’s Chief Information Officer, Beth Niblock said: “At this time, there is no evidence – and it is highly unlikely – that any of this personal data was accessed. However, out of an abundance of caution for privacy and security of our employees, the city will be offering credit monitoring services for a period of one year.”

Make a cyber security New Year’s resolution

If your company’s New Years resolutions didn’t include improving cyber security, then these attacks should provide a wake-up call. Being cyber resilient is critical to company health.

A surefire way to prove your house is in order is by achieving cyber security accreditation. The UK National Cyber Security Centre’s cyber essentials or cyber essentials plus accreditation schemes are the best way to do this.

The information age has given businesses a new set of responsibilities for customer data that just didn’t exist before, including anything from basic name and address details all the way through to legally sensitive details, medical records and serious financial data. This has enabled major advances in everything from logistics to advertising and healthcare, but it’s also a major burden for companies – so how can you make sure you’re doing your best?

Change behaviours

While the tricks and tools that hackers use to get at your data are genuinely becoming ever more sophisticated, by far the most popular way to steal from you is with the good old fashioned confidence trick. Fake email solicitations, clones or mirrored websites and even the impersonation of trusted contacts can get your staff to hand over data voluntarily – so make sure a culture of suspicion is built into your workforce. Set up a secure inbox that staff can forward suspicious emails to, so IT can safely dispose of them, and make sure to train staff regularly to spot fraud.

Layer your defences

The holy grail of any hacker’s attacks is to get at not only the target of their crime but all your other data as well. While one file may not be enough to cause harm, it can be linked to other files that can be used cumulatively to carry out more serious attacks on people like identity fraud, so make sure you have several layers between other areas of your systems so one breach doesn’t cascade into several. It can also help to restrict access on a need to know basis, so accidental breaches simply can’t happen or ban things like portable disk drives just in case.

Trust the experts

While it’s totally possible to fashion your own defences, it’s hard to give your customer true peace of mind without some official credentials to back it up. Using software with IASME backed certification like Cyber Essentials or Cyber Essentials Plus ensures that you have the industry’s gold standard protection in place, and with the GDPR Readiness standard you can become GDPR compliant and showcase your efforts to world-class customer data security, which in turn can open doors to new contracts with companies who insist on only working with the most secure firms.

Keep your patches up to date

Another sadly common way that hackers access your systems is through known back doors in software that has been fixed but isn’t the latest version with repairs included. These obvious flaws are like gold dust to hackers who can just stroll right in, so it’s a good idea to get software like CyberSmart Active Protect that automatically detects old versions of operating systems as well as software vulnerabilities. Find out more.

Cyber attacks happen virtually every day, and the impacts data breaches can have on SMEs can be catastrophic. Falling foul of GDPR legislation  can result in fines, loss of trust in your company and ultimately loss of revenue – so it pays to be compliant. 

However, what about the other organisations in your supply chain? Do they require access to your data or systems? Could your security become compromised as a result? While you might have the right cyber essentials in place, can you say the same about your suppliers? These are just a handful of questions all company decision-makers should be asking. 

Supply chain attacks: a history 

Supply chain attacks are nothing new. In fact, one of the largest data breaches in history (when the US-based retailer Target had the credit/debit card information of up to 40 million customers stolen) happened when the firm’s POS system had been infiltrated via malware that came via a supplier. In 2013, attackers used the “trusted” connection between the supplier and Target’s system to gain easy access. 

Putting appropriate controls in place 

All SMEs should understand the risks suppliers may pose and should ensure the supply chain is subject to the appropriate security controls. A good starting point would be to request all suppliers show evidence of having attained “Cyber Essentials” certification – the UK’s recommended security standard. However, this might even be insufficient for high-risk suppliers, who need to go one further and get “Cyber Essentials Plus” accredited.

Mitigating against risk 

As a company, you need to decide which controls you insist upon your suppliers having before you decide to continue doing business with them. If suppliers are unwilling or otherwise unable to comply with these requests, you need to consider whether you can put procedures in place to protect your data that allow you to continue forging a working relationship with them. 

Cybersecurity is one of the biggest threats faced by SMEs in the UK today, and its impacts on every entity within a supply chain, from top to bottom, are far-reaching. It’s therefore imperative for all elements of the supply chain to work together to maintain the strictest possible security measures. 

Find out more 

If you’d like to know more about Cyber Essentials certification or are concerned that your business might not be adequately protected against supply chain cyber-attacks, why not contact Cybersmart today? A member of our team will be happy to discuss your requirements or arrange a security audit of your current systems. 

Many small and medium businesses avoid thinking about their cybersecurity. This may be for a number of reasons, including fear, financial constraints and human resource issues. Predominately, however, many businesses do not focus on their cybersecurity as they believe cyber threats are only real for large businesses. Unfortunately, small to medium-sized businesses are often the target of malicious cybercriminals due to their weak cybersecurity. Below we look at some commonly overlooked threats in SME cybersecurity.

USB sticks 

Due to their small size, USB sticks are portable which makes them incredibly useful. However, USB sticks are therefore also very easy to steal and manipulate if they are not kept in a safe place. Harmful bugs and virus software can be installed on USB sticks so it is essential that you never plug a USB stick into your computer if it has been out of your possession, e.g. if you have been given one for free or if your missing USB stick is miraculously returned to you. It is also important to make sure your USB stick is encrypted and password protected. 

Zombie accounts 

In 2019, GDPR was undoubtedly a dominant topic, and the new regulations forced businesses to consider how they find and store their data more than ever before. Even if a business is compliant with GDPR, they still need to consider the risk of zombie accounts. Zombie accounts are online accounts closed by their user and then re-opened again by a third party, without the original user’s consent. Business owners should also be aware that zombie accounts can also be the accounts of previous employees, giving hackers access to your website and private business information. Identifying, deactivating and deleting any potential zombie accounts is essential to ensure the safety of your business. Cybersecurity services, such as Cyber Smart, can help you do this. 

Data security 

To ensure you can maintain the legally required GDPR compliance, storing your client’s data safely is essential.  Many businesses find data storage overwhelming and feel they don’t have the time or resources to properly understand or manage their data. There are, however, easy steps you can make to ensure your client’s data is protected. 

• Implementing strong passwords is essential to protect your self from a security breach. Using a combination of capital and lower-case letters, numbers and symbols and make it 8 to 12 characters long will make your password hard to crack. 
• Install a firewall – In order to have a properly protected network, firewalls are a must. A firewall protects your network by controlling internet traffic coming into and flowing out of your business. 
• Making sure your computer is properly patched and updated is a necessary step towards being fully protected. Updating your programs keeps you up-to-date on any recent issues or holes that programmers have fixed. 

Cyber Smart can help your business earn Cyber Essentials Plus certification, the highest level of this government-backed certification, helping you ensure your company is safe against the most common threats. In achieving this certification, you can be confident you are protecting your business, data and give your customers the added assurance.

If your business is hit by a cyber-attack, not only could you stand to lose a lot financially, you will also lose the trust of your clients, something that is almost impossible to regain. To ensure you avoid such a problem, contact CyberSmart today and a member of our expert team will help improve your cybersecurity.

There’s no doubt we live in a digital world, and most businesses realise the danger they face if they fail to get on board with the latest trends. After all, few companies, if any, lack an online presence. That means much of small businesses’ data is stored on hard drives in local computers and servers in the cloud. Therefore, it’s time you took measures to ascertain the integrity and security of your company’s data because as most organisations are starting to realise, cybersecurity is the key to fast business growth in the digital era. How? 

It helps you outsmart the competition 

Hackers are opportunists. The recent ransomware attacks we have seen plaguing national and international companies and institutions such as the NHS are a menace, with cybercriminals looking for any means possible to gain access to sensitive data. Considering that most companies have a digital presence, this means attacks are simply growing as hacking software becomes more sophisticated. As such, clients are increasingly looking for this reassurance from companies they do business with, meaning that offering robust cybersecurity is increasingly being used to outsmart the competition while safeguarding your data. 

It makes threats less likely 

Most companies are turning to cloud technology because it has been deemed the most secure, and it enables collaboration on a global scale. In the cloud, companies can access their data from anywhere in the world and share it with key stakeholders. However, to appreciate the power of cloud technology, it’s essential to plan carefully and invest in professionals who can optimise the technology for utmost security. Without these resources, your company stands to receive threats like denial of service, data breaches, management of remote identities, or insecure external applications, which can damage your company’s reputation and hamper its success. 

It demonstrates compliance 

Following best practice and industry standards for cybersecurity is essential if your company is to be trusted by current and prospective clients, and if you are to hold a commanding position in your market. Failure to comply with modern cybersecurity and data privacy standards like Cyber Essentials and IASME GDPR Readiness doesn’t just place your business and your client data at risk, it also means you could be landed with a heavy penalty for any breaches that could stunt your company’s development. These regulations have been established to protect and prolong the existence of SMEs like yours, as well as their stakeholders, so remaining compliant is critical. 

Investing in cybersecurity is essential to the growth of your business. By neglecting it, you not only hinder the development of your company but also place it at risk of irreparable damage. 

What’s more, investing in cybersecurity now can give your company the leverage it needs to innovate for the future. 

All through September, we will be sharing the free tips and tricks, that you can implement straight away to ensure your organisation protects itself from cybersecurity threats.

Currently in the UK, 32% of SMEs experience cyber-attacks every year, a figure that is increasing, with costs running into the thousands of pounds. With a few preventive measures, it is actually possible for you to fight these threats. By implementing various techniques, strategies, using free tools and being aware of the main ways your business might be targeted, you can take protect your business today.

Come back throughout September as we add more tips. It’s time to become CyberSmart.

1. Use Two Factor Authentication (2FA)

Adding an extra layer of security to your accounts can never be a bad idea. With a lot of platforms these days, 2FA is available, where you either: receive an SMS (least safe), Email (medium level safety) or authenticate via an app (recommended). There are free and premium solutions available, such as 1Password, allowing you to enable higher levels of security and 2FA across all your personal and business accounts.

2. Time to have an app clear out

Do you know all those apps you have installed but you never use, they should go. If you have apps that have been installed for months, not been updated, they could be full of vulnerabilities, waiting for a cybercriminal to exploit. When you delete these apps make sure to delete your account and unlink any credentials.

3. Are your email details available on the internet already?

This can be a scary thought but more than likely, your email has been compromised before. With the introduction of GDPR, more and more companies are openly admitting cyber breaches. We recommend using haveibeenpwned.com to check if your email has been compromised in a data breach before. Simply enter your email, check for breaches and address the situation.

4. Are you really going to plug that USB in?

You should be extremely careful with USB devices. Even after formatting, malware can still be present so ensure you completely trust the source of the device or go one better, do away with using USB full stop.

5. Update, Update, Update

Updating your apps and software can prevent 85% of targeted attacks. Make your business safer by allowing all updates to be automated, you don’t even need to think about it.

Make sure your operating system (on all your devices) and all applications are updated, at all times, updates are free after all.

6. Always lock your devices

It’s often funny when you walk away from your computer to come back and find a funny background picture, right? During the time you allowed for that to happen your business could have experienced a catastrophic and business impacting data breach (and many other potential risks).

Always lock your screens, and make them only accessible by you.

7. Might be 2019, but that doesn’t mean Antivirus is out of fashion

Antivirus is a necessity for all your devices, desktop and mobile. Without an antivirus, you are putting your business at risk of those pesky viruses but also of Malware, lurking in the background, dormant or actively damaging your device. There are many antivirus options out there, some may even come pre-installed with your device, others with free and premium versions. There’s no excuse not to be using an antivirus.

8. Turn on your firewall

Most operating systems come with a firewall and there’s a very good reason for this. Ensure all your business devices have this on, as it’ll create a buffer zone between your network and the internet, a highly valuable preventive measure for cyber attacks.

9. Ransomware, sounds scary but what is it?

Ransomware is one of the biggest cyber threats your business faces as it encrypts ALL YOUR DATA and locks you out of your device.  Then normally it requests a ransom payment of a few hundreds of pounds in order to give you a decryption key.

How do you protect yourself?

• Backup all your data (often and in different locations)
• Vital business information shouldn’t be only on your computer
• Don’t click on emails from unknown senders (and NEVER access .zip files in emails from these senders)
• Like we mentioned earlier, UPDATE your OS and apps
• Have an antivirus installed

10. Do you know how to spot a phishing email?

Firstly, a phishing email’s intention is an attempt to collect your personal data, and more than likely you have come across it one (or many) before.

• Serious businesses will never display your email address in the subject line
• Check out the sender and their email, try to spot how valid it is
• You don’t have to open an email just because it instils some sort of urgency (the more urgent it may look, the higher the likelihood of a breach)
• Always check links before you click.

11. Check back tomorrow

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.