What is a banking trojan and how do you stop one?

banking trojan

Zeus, SpyEye, Emotet. What do those names mean to you? As much as they sound like Marvel supervillains, they’re all examples of high-profile banking trojans.

Emerging in the mid-noughties, banking trojans have morphed into one of the most dangerous SME cybersecurity threats. But what are banking trojans? And how can you protect your business from them?

What is a banking trojan?

A banking trojan is a particularly nasty form of trojan horse malware that aims to give cybercriminals access to networks and confidential information stored in online banking systems.

Banking trojans typically come in two forms:

  1. Backdoor trojans: Use backdoors in your system to circumvent security measures and gain access to your computer.
  2. Spoofers: Steal user credentials by creating a fake version of a financial institution’s login page.

How do banking trojans work?

A banking trojan works in much the same way as the mythological wooden horse from which it draws its name. A typical banking trojan looks and behaves like legitimate software until you install it. Once it’s on your device, it shows its true colours.

Cybercriminals use banking trojans to:

  • Steal banking credentials
  • Make unauthorised transactions
  • Siphon funds to the attacker’s account

Did you know that 47% of UK SMEs feel more threatened by cybercrime since the cost of living crisis began? Find out more in our latest report.

Why are banking Trojans so dangerous? 

Banking trojans are a particularly hazardous form of malware for several reasons. Firstly, they’re usually well disguised as legitimate software, which makes them difficult to detect for anyone who isn’t a cybersecurity expert.

Secondly, they cause significant damage. In a worst-case scenario, a banking trojan can give cybercriminals total access to your bank accounts, which could spell financial ruin.

How do you know when you’ve been hit? 

Although it can be challenging to spot a banking trojan, it’s not impossible. Like any malware attack, there are a few telltale signs to look out for:

  • New or unexpected forms appearing in your bank accounts
  • Poor device performance
  • Slow or broken applications
  • Missing files
  • Unexpected pop-up windows 
  • Tasks running independently
  • Spam originating from your email accounts
  • Your anti-virus or anti-malware software stops working

It’s important to note that none of these are conclusive proof that someone’s successfully hacked your system. Think of them as signs that suggest something isn’t quite right. So, if you’re in any doubt, it’s time to call the professionals.

What can you do to protect your business?

Thankfully, protecting your business against banking trojans and similar forms of malware is relatively straightforward. Beyond investing in reliable threat monitoring software, we recommend following these six simple steps.

Use multi-factor authentication 

Multi-factor authentication (MFA) is a security measure that requires you to provide two or more verification methods to sign into an application. Instead of asking for your username and password, MFA demands additional information such as:

  • A randomly generated PIN code sent by SMS
  • A piece of memorable information known only to you 
  • Your thumbprint

The idea behind MFA is simple: the more locks you have on the door, the harder it is for an intruder to break in. Think of it as adding a cyber deadbolt, a door chain lock, and some cameras to keep the bad guys out.

Train staff how to spot the signs

Human error is responsible for as much as 90% of cyber breaches, and it’s easy to see why. Few of us are cybersecurity experts, and if you aren’t aware of what a cyber threat looks like, you’re much more likely to find yourself on the receiving end.

Cybersecurity training can bridge this knowledge gap. Training helps staff recognise, understand, and mitigate the threats they face. What this training looks like depends on your business and the knowledge within it. For some, it’s a case of starting from scratch and covering the basics; for others, it’s about addressing specific weak spots.

Patch software regularly 

Patching your software is the simplest way to improve your business’s cybersecurity. Even the best software can develop vulnerabilities, suffer a breach, or become outdated. Software developers release security patches to ensure cybercriminals don’t have an easy route into their clients’ systems.

It’s easy to install these patches. You can check your system for updates every few days or activate the auto-update setting on all company devices.

Use a password manager 

Many banking trojans use keyloggers – programs that record your keystrokes so cybercriminals can steal your PIN or password. Using a password manager, which doesn’t require you to type anything, instantly overcomes the threat of keyloggers.

Only download files from trusted sources

This might seem obvious, but if you’re unsure about the origin of a file or piece of software, don’t download it. Set clear rules throughout your business to ensure people only download software from trusted sources, such as Microsoft, Google, or Apple stores. This helps to minimise your exposure to compromised software and malware.

Use all the security features offered by your bank

Banks offer a range of security features. Use them! If your bank provides MFA for sign-in (virtually all of them do), use it. Many business-oriented banks also have app stores full of free or low-cost cybersecurity features. Use them, too. These little extras are often the difference between cyber safety and falling victim to a banking trojan.

Banking trojan examples to watch out for


Active since 2007, cybercriminals use Zeus to target Microsoft Windows and steal financial data. It quickly became one of the most successful pieces of malicious software in its class, affecting millions of systems worldwide and giving rise to a host of similar threats. After a brief lull in 2010, when the creator reportedly retired, we’ve seen an uptick in Zeus variants since the source code went public. 


Once touted as the successor to Zeus, SpyEye established itself as one of the most dangerous banking trojans in the early 2010s. SpyEye enabled its creators to steal sensitive information from its victims’ bank accounts, including account credentials, credit card information, and PIN numbers. Its Russian creator was sentenced to nine-and-a-half years in prison in 2016.


Emotet is a banking trojan that spreads primarily through email. These emails often use familiar branding and convincing wording to trick the victim into clicking on a malicious link. Emotet has gone through a few iterations since emerging in 2014, in an attempt to circumvent modern detection methods.

Don’t suffer the same fate as Troy

Understanding the threat banking trojans pose and adopting appropriate countermeasures are integral to safeguarding your financial information in today’s digital landscape.

Simple, inexpensive malware prevention tips – like updating your software regularly, using a password manager, and educating staff – help protect your business against banking trojans and other malware strains, too.

Want to know more about the threats facing small businesses? Check out our new research report on SMEs and the cost of living crisis.

SME cost of living crisis

IoT: The good, the bad, and the unsecured


As Black Friday and Cyber Monday approach, anticipation is growing for this year’s snips, steals and deals on Internet of Things (IoT) devices. However, amid the thrill of Black Friday bargains, it is crucial to exercise caution and consider the potential security implications associated with purchasing and deploying IoT devices. 

What is IoT?

The Internet of Things, commonly referred to as IoT, is essentially a web of gadgets that share information and the cloud.

The concept first came about in 1982 when Carnegie Mellon University students linked the department vending machine to their computer, allowing them to check if drinks were in stock and chilled.

However, this wasn’t the first true IoT device, as Tim Berners-Lee’s World Wide Web was still seven years in the future. That honour goes to a toaster created in 1990 by John Romkey. This bizarre device was equipped with a crane system for inserting the bread.

IoT has continued to expand from here and, based on the most recent data, around 15 billion IoT devices are currently connected. It’s anticipated that this number will nearly double, reaching 29.42 billion by 2030.

Want to protect your business but not sure where to start? Check out our free guide to protecting your business on a budget.

Where is IoT used  – The good, the bad and the bizarre

IoT is used in our homes, offices, manufacturing machinery, agriculture and more. More specifically, this includes smart home devices such as fridges and dishwashers, wearable technology like smartwatches, and medical devices, with pacemakers being a great example.

IoT has the potential to enhance our lives. For example, by facilitating independent living for the elderly with conditions like dementia. This is achieved through IoT technology that gathers atmospheric data linked to residents’ movements within their homes. Should the activity drop below a certain threshold, a device will immediately notify family members or carers of a potential emergency.

Whilst working as a detective in the police, I saw IoT employed for malicious purposes on many occasions. One such occasion was when following a recent relationship separation, the one-time couple had to maintain contact due to their young child. However, whilst Mum was out with her baby she would frequently bump into the child’s father. 

After months of this and other strange activities occurring, it was discovered that a tracking device had been placed in the child’s pushchair. This shared real-time location updates and allowed impromptu meets between father and child.

As you might expect, there are also many bizarre IoT devices out there, including smart egg storage devices that can track the age of eggs and send alerts when your egg stock is running low. Although some may say that is a cracking idea!

IoT security vulnerabilities

A security vulnerability within an IoT device could be several things, from insecure default settings to a lack of physical security. This could allow anybody to log into the device by not requiring authentication. Or, where there are log-in details required, using default credentials such as a username and password of ‘admin’.

Many of us will have IP (Internet Protocol) CCTV both in our homes and places of work. Vulnerabilities may exist in these too. Failing to ensure updates are applied to our CCTV could leave known vulnerabilities unaddressed, making it susceptible to exploitation. I have seen many cases of IP CCTV being hacked and people’s personal lives being streamed live on the internet for the world to watch.

What can we do to protect ourselves?

The first thing that we can all do before we click buy on that new device, is to ensure that we are buying it from a reputable company. There are so many devices available to us for comparatively little cost. But buyer beware, often a low price can mean poor security. 

Although we can’t all be expected to comprehend the intricate technical workings of our devices, we can develop a basic understanding of security best practices. This should help ensure that the IoT devices we bring into our homes or workplaces are safe.

So, what are some of the things you can do? In no particular order, here are some of the basic requirements for cybersecurity.

1. Change default passwords

Ensure that you’re using strong and unique passwords to access devices. If in doubt, use the NCSC’s ‘three random words’ approach.

2. Apply patches and updates

Security updates and patches are extremely important in fixing any vulnerabilities in the operating system or firmware installed on your devices. Without these patches, cybercriminals could easily exploit vulnerabilities to hack into your device. 

3. Configure your routers and firewalls to block external traffic

To keep IoT devices within your home safe, you must ensure that nothing outside your home network can connect to your device. By configuring routers and firewalls to block all external traffic you’ll prevent hacks.

4. Only purchase devices with high-level security protocols

Try and stick to devices with a connectivity protocol that is secure by design and uses a low data throughput such as LoRaWAN (long-range wide-area network). You should find these details in the specs of any reputable products.

5. Check your privacy settings

We’ve already mentioned passwords, but there are a few other things you can do to improve your privacy and security. First of all, set up multi-factor authentication (MFA) on all IoT devices, whether that’s biometric authentication (such as fingerprint or facial recognition), a one-time passcode, or security questions. 

MFA makes it much, much harder for any would-be hacker to gain access to your device even if they manage to find it on a network.  

Finally, the single most important thing that we can all do when it comes to security is to keep ourselves updated and aware of new and emerging threats. So, if you’ve read this far, well done.

Cost of living CTA 3

What are the basic requirements for cybersecurity?

basic cybersecurity

Ideally, no business only does the bare minimum for their cybersecurity. But it’s understandable that many small or medium businesses are limited by their budget. If this is the case for yours, you need basic cybersecurity measures that are effective yet affordable.

Here’s how you can ensure your business is protected and secure, without breaking the bank.

5 basic cybersecurity measures for businesses

Cybersecurity mustn’t slip under the radar for small businesses. 43% of all data breaches involve small businesses, with 60% of these businesses filing for bankruptcy within six months of an attack. 

Luckily, the cybersecurity landscape is full of many great solutions to secure your business, ranging in complexity and price depending on the levels of protection you need. And it can be helpful to go back to basics in tough economic times.

You can do this without sacrificing security by following the control areas of Cyber Essentials. We’ve outlined them, and what they mean for small businesses, in this blog.

Here are some examples of the basic cybersecurity measures that any small business can take to maintain a good level of protection against cyber threats:

1. Make your business internet connection secure

There’s always a risk to your business network and equipment when you have a broadband connection. Think about it – it’s always on – so there’s always a window of opportunity.

Luckily there’s no need to fret. Instead, ensure that you’re using a business broadband package. They’re more comprehensive compared to a home broadband package and include proactive security measures.

For example, many business broadband options are equipped with higher-grade security software. You should look for features such as a VPN, firewall, and the ability to filter content. With this functionality, you don’t need to spend more on additional solutions because your key security features are built in.

Need help finding the right cybersecurity accreditation for your business? Check out our guide.

2. Switch on secure settings for business devices

Business equipment and software often come with the manufacturer’s default settings. This is useful to set things up quickly. But did you know that it’s easy to ‘upgrade’ your devices to a more secure setting?

Secure settings provide a greater level of protection against security vulnerabilities. Simply check the settings of your business equipment and take a critical look at its features and services. For more explicit advice, the National Cyber Security Centre provides free, trusted security guidance for businesses across a wide range of platforms.

You can also implement measures like multi-factor authentication across devices as an additional level of security. Or set up a locking mechanism across devices that require either biometric, password or PIN access.

3. Manage data access in your business

Check that only the right people have access to the data they need in your business. 

For example, only certain team members might need to access sensitive data, so they are the only ones that need permission. 

A ‘least privilege’ policy is the best method of managing data access in your business. It only allows users to have the minimum level of access or permissions needed to perform their jobs. This creates a safer environment for your data and reduces the risk of harmful, or accidental, actions. 

4. Protect against malware and viruses

Antivirus software is a basic cybersecurity measure for all businesses. It’s a type of software product that detects, quarantines, and blocks malware from running on your business devices. These are malicious programs that can impact your data, alter, or hijack functions, or monitor end-user activity.

If your budget is tight, you don’t necessarily have to spend a lot of money on antivirus software. There are free and built-in anti-virus solutions for most popular business platforms. If you’re looking for something a little more robust, read our blog that highlights our top 10 antivirus products.

5. Keep software and devices up to date

Manufacturers release regular updates for software and equipment like new features or bug fixes.

The programs, software, devices, systems, and tools you use every day will require updating every now and then. And if you’re using an old version of them that isn’t up-to-date, it leaves your business open to vulnerabilities. Ironically, even outdated antivirus software could be exploited by bad actors.

Regularly patching your software and devices avoids these problems. Making sure every tool in your business is running the latest version helps you create a safer working environment. 

Always cover the basic cybersecurity principles

Implementing these basic cybersecurity measures is a simple, straightforward, and affordable method of keeping your business secure. 

And for small or medium businesses looking for extra security qualifications, these steps are part and parcel of qualifying for a Cyber Essentials certification – a government-backed qualification that proves to customers and partners that your business protects itself from cyberattacks.

Still unsure about what the ‘must haves’ are when it comes to your business’s cybersecurity? Then check out our guide to cybersecurity on a budget.

Cost of living CTA 2

5 cyber insurance challenges for small businesses

cyber insurance challenges

Small business, smaller risk of a cyberattack? Not quite.

Small businesses are still susceptible to cybersecurity threats. Whether your business consists of a single person or a number of employees, you must be protected. 

One in five small firms say they’ve experienced a cyberattack at one point. And many don’t think they have the finances or time to set up security precautions – or in some cases – don’t realise the need to. But it doesn’t have to be this way. 

There are a few simple steps you can take to remain protected. And they could make you eligible for all-important cyber insurance cover.

Why do you need cyber insurance?

Many sophisticated cyber threats exist today. Phishing, malware, ransomware, hacking; the list could go on. Having cyber insurance in your business will help you recover faster if an incident occurs. If your business deals with sensitive customer data, does a lot of business over the internet or doesn’t have coverage from any external cybersecurity providers, cyber insurance is worth investigating.

Cyber insurance includes coverage for damage or loss of information from IT systems and networks. This includes both first-party and third-party risks, depending on your insurance plan.

  • First-party risks: This includes anything that could impact your business assets. For example, a cyber-attack on your software or theft of digital assets.
  • Third-party risks: This covers the assets of others, like your customers. For example, security and privacy breaches of customer data.

For a small business, cybersecurity insurance is pivotal for protecting you in worst-case scenarios. So, how can a small business obtain cybersecurity insurance?

Not sure where to start with cyber insurance? Check out our guide for everything you need to know.

How to overcome cyber insurance challenges as a small business

Just like any other type of insurance, you need to meet your providers’ criteria. 

Every cybersecurity insurance provider will have its own process, but the typical route to qualify will range from a simple questionnaire to a detailed analysis of your cybersecurity environment by your insurer.

Meeting basic cybersecurity standards will make your small business significantly more likely to qualify. 

Here’s what you can do:

1. Keep software up-to-date and protected

Keeping your software equipped with antivirus protection is a surefire way of avoiding basic cybersecurity threats. And ensuring that all your programs are regularly patched keeps your systems in line with your manufacturer’s latest cybersecurity updates. 

By taking these basic measures, insurers will see your business as more trustworthy.

2. Protect your network with a firewall

A firewall is a network security system that monitors and controls your network traffic. Its parameters are based on predetermined security rules across incoming and outgoing traffic. It creates an effective barrier between your network, and anything considered an ‘untrusted’ network – an opportune place for cybersecurity threats to creep in. 

By implementing one, insurers can recognise that you’ve reduced the chance of a cybersecurity threat occurring.

3. Implement regular security checks

Not every small business owner is expected to understand the ins and outs of cybersecurity. Instead, smart cybersecurity software can help you manage regular security checks and provide monitoring, 24/7. 

The best software can also act as an educational tool – providing greater awareness about cybersecurity training opportunities, policies you can implement, and giving your people more control of their own cybersecurity. This shows insurers that you’re taking a proactive approach to cybersecurity.

4. Regularly back up your data

Insurers want you to minimise the risk of data loss as it’s costly and impacts your reputation. 

Make sure your data is backed up using external media or a secure cloud service. Consider that you need to manage and store first-party and third-party data in different ways. 

5. Manage user access rights and permissions

User access rights are an important part of staying secure. You want to make sure only the right people have access to sensitive data, without impacting anyone’s ability to do their actual job. 

In a business, enforcing a ‘least privilege access’ policy is a common way of managing access rights. This is a policy that only allows users to have the minimum level of access or permissions needed to perform their jobs, and nothing more. It restricts access rights to only users, accounts, and processes that require certain types of data.

This creates a safer environment for your data and it helps to protect employees from causing accidental or harmful actions, thus reducing risks for insurers. 

Improve your cyber hygiene to get cyber insurance

‘Cyber hygiene’ is the steps your business can take to protect itself from cyberattacks, like the list above. 

It’s like the practice of washing your hands – but for cybersecurity. Cyber insurance providers look for businesses with good cyber hygiene practices in place, as you’re less likely to be impacted by cyber threats. 

Alongside the list above, a cybersecurity certification is also a great method of overcoming cyber insurance challenges and improving your cyber hygiene. It can provide all the protection you need, and more, and is created by the UK government – making it ideal for small businesses looking for industry-standard protection.

Cyber insurance trends 2023

5 ways to protect your business from cyber threats this holiday season

Holiday season

Black Friday, Cyber Monday, the January and Boxing Day sales. The busiest retail period of the year is almost upon us. But while the holiday season often brings with it bumper sales figures for retailers and bargains for consumers, it also comes with a heightened risk of cyber threats. 

For example, November 2020 saw an 80% increase in the number of common email phishing scams reported. Meanwhile, the UK’s National Cybersecurity Centre (NCSC) has been gearing up for the period by releasing updated guidance for consumers on how to shop online safely. 

However, what’s often less widely discussed is the impact this can have on small businesses. Even if your business has nothing to do with retail, you’re still at risk. Here’s why and what to do about it. 

What risks does the holiday season bring? 

Before we look at the risks themselves, it’s important to note that the festive season doesn’t necessarily mean more targeted attacks on SMEs themselves. 

However, who among us hasn’t done the odd bit of lunchtime shopping on company devices or personal devices used for work? And it’s this clandestine bargain hunting that poses the problem. It gives cybercriminals a route into your business. 

Phishing scams

Phishing scams are a year-round problem. But during major retail events like Black Friday, the chances of a successful attack grow exponentially. With so many of us frantically shopping around for the best deals, our ability to spot the telltale signs of a scam often diminishes as quickly as our bank balances. 

It’s a simple but potentially disastrous equation. If you’re in a bit of a rush, you’re not in the best frame of mind for considered judgements. And, if you’re already shopping, a fake email claiming to relate to what you’re doing online might not set off the alarm bells it normally would. 

Fake online retailers 

Black Friday often comes with a deluge of fake websites claiming to sell this year’s must-have products at bargain prices. Unfortunately, most of these are simply fronts for cybercriminals to acquire consumers’ data or launch attacks. Like phishing scams, these can be hard to spot in the hurly-burly of major retail events, making a successful attack much more likely. 

Outdated software 

Again, this is a problem 365 days of the year. But the festive season provides the perfect cover for hackers to test out the vulnerabilities of popular software. 

Firstly, because technical teams’ attention tends to be focused on ensuring apps can handle the sudden surge in demand rather than security. Secondly, because many consumers will suddenly be using apps they haven’t used or updated in months, often on devices with access to your business data. 

Public and home networks

You probably have decent network protection in your physical workplace, but do your staff working from home? And does the cafe around the corner with the free WiFi that everyone uses?

Unsecure public and home networks don’t stop being a problem for the rest of the year, but during busy retail periods, when people are much more likely to shop online, the risk is heightened. It gives cybercriminals an unbelievably simple way to hack into any unsecured devices on the network. Once in, they’ll be able to get to any company assets accessible from that device. 

Weak passwords 

You’ll hear us talking about the importance of strong passwords a lot. It’s the simplest thing you can change to improve your cybersecurity. However, passwords become doubly important in busy retail periods due to the amount of traffic on popular sites. It’s the perfect setting for cybercriminals to try out large-scale brute-force attacks and find out whose passwords aren’t strong enough. 

What can you do to protect your business? 

1. Educate your team about the risks

A huge proportion of successful cyber attacks stem from human error (95% according to some) so helping your team understand the risks is crucial to avoiding them.

You should approach this in two ways: immediate education and long-term training. In the short term, educate your people on the risks outlined in this piece. It doesn’t have to be more than a short email sent out before the festive season really kicks off.

However, a quick nudge to your staff to be mindful of the risks is no substitute for long-term behavioural change. For this, you need security training. How you approach this will largely depend on your business and the cybersecurity knowledge within it but, to get you started, we’ve put together a short blog on the subject. 

2. Patch your software

The importance of updating your software can’t be overstated. Without regular updates, you leave plenty of little holes in your software for cybercriminals to exploit. So, ensure everyone in your business is constantly installing updates and patches for the software on their devices – even if it’s an app or tool they rarely use. 

It’s a simple thing and won’t take you more than a few minutes each month. But, it can also work wonders for improving your cybersecurity. 

3. Provide staff with clear cybersecurity policies 

We say this a lot but it never gets any less true. If your people don’t know what security behaviours are expected of them at work, they’ll keep getting it wrong.

Clear, well-crafted company policies on cybersecurity and data protection can go a long way to removing confusion around the subject. And, most importantly, help diminish the risk of a successful attack. 

A good cybersecurity policy should outline what employees should or shouldn’t do, offer directions on best practices, and guidance for decision making. For more on how to build one, read this.

4. Practice good password hygiene 

Like patching, this is a simple fix that can immediately improve your cybersecurity. So what does good password hygiene look like? Well, we recommend four steps:

  • Use complex passwords that make it difficult for cybercriminals to guess or brute force their way in. The NCSC’s ‘three random words’ is a great approach to this
  • Change passwords regularly
  • Set up different passwords for different accounts, tools and software. If you struggle with remembering them, consider using a secure password manager tool like LastPass or 1password
  • Use two-factor authentication (2FA) wherever possible

And, once you’ve undertaken these four steps, roll it out to your business. Create a password policy and make sure everyone follows it.

5. Use a VPN 

Last, use a Virtual Private Network (VPN) for all remote work, even those trips to the local coffee shop. If your employees are using public networks or their home router it’s likely to be far less secure than your office network. According to a report from BitSight, home office networks are 3.5 times more likely than corporate networks to be infected by malware.

A VPN can help you counter this by creating a secure connection to business systems and data, from wherever your staff choose to work. 

Want to know more about how to switch to hybrid or remote working safely? Download our guide, Cyber Safety in a New Era of Work here.

Remote working CTA

What is ransomware?

Shocked female discovering a ransomware attack on her business

Of all the cybersecurity threats we cover, ransomware is by far the most high-profile. It often seems as though barely a week passes without another story in the news about the latest blue-chip victim.  

It’s not hard to see why the media devotes so much coverage to ransomware. It’s a rapidly growing threat. It usually includes a note of suspense as we all wonder whether the victim will pay the ransom. And, it’s claimed some of the biggest companies on the planet as its victims.

But beyond the media headlines, ransomware is poorly understood. How does it work? Why is it so hard to stop? And, more importantly, what can you do to protect your business? 

How does ransomware work? 

Most ransomware uses a special kind of encryption, called ‘asymmetric encryption’. That might sound complex, but it’s actually very simple. Like standard encryption, it uses a pair of keys to encrypt and decrypt a file. However, unlike standard encryption, the attacker is the only person with access to the key to decrypt the file. It’s this key that cybercriminal uses to hold the victim’s files for ransom. 

Or, to put it in simple terms, it’s a bit like leaving the office to find your car has been clamped and a ticket attached to the windscreen with a demand to pay £250 to have it freed. Unfortunately, that’s where the similarities end. While you might be able to remove a clamp with the help of a mechanic, it’s virtually impossible to decrypt an encrypted file without a key. 

And it’s for this reason that in most successful ransomware attacks the victim is forced to quietly pay up to get their files back. 

How does ransomware get in? 

Much like its cousin malware, ransomware comes in many forms and can enter your system in a variety of ways. However, the most common route is through email spam campaigns or through a carefully targeted attack – think March’s attack on Acer or the infamous attack on the NHS in 2017. 

Once it’s in, the ransomware drops off its malicious cargo and then searches for valuable files to encrypt. ‘Valuable’ files are usually things like Word documents, spreadsheets, images and databases. Ransomware can also exploit any system or network vulnerabilities you have and spread across your organisation and into your supply chain

Why is ransomware so hard to stop? 

If it poses such a huge threat, then why does ransomware continue to grow more common and payouts keep climbing? Surely someone has come up with a way to fight it? 

Unfortunately, ransomware is very tricky to counter for a few reasons.

Easy to set up

Cybercriminals no longer need to be coding wizards to launch a ransomware attack. Malware marketplaces have sprung up in the shadier corners of the internet, meaning would-be crooks can essentially order ransomware on-demand. Often all its creator will ask for in return is a share in the profits. 

Most people pay up

The success of ransomware rests on the same principle as any other type of ransom. Generally, if something is valuable to someone and they risk losing it forever, they’ll pay whatever is necessary to get it back.

Cybercriminals know this, it’s what makes ransomware such a lucrative scheme. 

It’s hard to track the perpetrators down 

Remember the old adage ‘follow the money?’ Sadly, it’s nonsense when it comes to ransomware. Most cybercrime is paid for using cryptocurrency and planned in the darkest reaches of the internet, making it very hard to track.

There are endless targets 

Wherever you are in the world, cybersecurity knowledge is low. It’s low among business leaders. It’s low among staff. And it’s low among the general public. This means potentially endless targets for cybercriminals.

As we mentioned earlier, ransomware typically enters organisations through pretty unsophisticated methods. However, ransomware doesn’t need to be sophisticated when so few of us understand what an attack looks like. 

How do you protect your business? 

We’ve painted a pretty bleak picture so far, but don’t despair. There’s plenty you can do to protect your business against ransomware. 

Training, training, training 

According to research, 95% of cybersecurity breaches begin with human error. This is especially true when it comes to ransomware, with most attacks starting through a dodgy email being opened or malicious file downloaded. 

But before we rush to condemn human failings, it’s worth asking whether your people have been trained to spot threats. After all, if your employees have no idea what a ransomware attack looks like, they’re far less likely to take the right action to protect themselves or your business. 

The best way to beat this is through training. Training can help your people better recognise and understand the threats they face. And, more importantly, learn how to counter them. 

The kind of training you need will be highly dependent on your business and the existing knowledge of your staff. But a great place to start is by reading our blog on all things cybersecurity training. 

Backup your data

As we mentioned earlier, most victims end up paying out to ransomers but there’s a very simple way to avoid this. Always backup critical files and data, preferably in the cloud or on an external hard drive. That way, if you do get attacked, you can wipe your device(s) and reinstall everything from backup. 

This won’t completely remove the threat of ransomware, but it will remove the need to pay your attacker to get your files back.

Patch your software

Updating software is a hassle, we get it. There never seems to be a convenient time to reboot your device and the endless passive-aggressive reminders from your operating system can get very grating. 

However, it is important, particularly when it comes to protecting yourself against ransomware. Even the best software develops vulnerabilities over time. It could be that the software was built with vulnerabilities that weren’t anticipated at the time or it might be that a new cyber threat has emerged. Whatever the reason, software developers get around the problem by releasing security patches.

These updates fix the ‘holes’ in your software that can be exploited by ransomware. Without them, you risk giving cybercriminals a back door into your systems and data.

But the good news is all you have to do is regularly update any software or tools you use. It shouldn’t take more than a few minutes each week and it’s by far the most effective (and simple) way to protect yourself. 

Read more about the importance of patching here.  

Stick to secure networks 

Whether it’s at your favourite local coffee spot or on the train to that important client meeting, using public Wi-Fi networks is a bad idea. Most public networks have poor or non-existent security and are the perfect place for cybercriminals to snoop on your internet usage and launch attacks. 

If you need to connect to a public network for any reason, use a Virtual Private Network (VPN). A VPN allows you to connect to business systems securely and browse the internet safely, wherever you are. For everything you need to know about VPNs, check out our blog on the subject

Put security policies in place

It’s one thing to improve staff awareness of the threats posed by ransomware, quite another to ensure everyone is following security best practices. This is where a clear, easy-to-understand cybersecurity policy can work wonders. 

A well-crafted policy will help your people understand what they should and shouldn’t do and help them make the right decisions when faced with threats like ransomware. 

Stay informed

Last, try and keep an eye on the latest ransomware threats. To be clear, we’re not suggesting you become a cybersecurity expert overnight (unless you want to). However, having even a basic knowledge of what ransomware looks like can help prevent the worst. 

Is your business working remotely or considering making the switch? Don’t do anything without reading our guide to cybersecurity in a new era of work.

Remote working CTA

5 easy cybersecurity New Year’s resolutions for 2021

cybersecurity New Year's resolutions

According to research from popular exercise app Strava, the second Friday of January is “quitters’ day”– the day when people are most likely to give up on New Year’s resolutions. 

It’s the day when all those promises made in good faith back in December go up in smoke. Running shoes across the land are hurled to the back of the nearest cupboard, never to see the light of day again. Gym memberships are forgotten about. And new hobbies fall by the wayside.

The biggest problem with most New Year’s resolutions is their difficulty. Sure, the long-term gains might be amazing, but what about the months of pain and effort to get there?

But not all resolutions have to be difficult or doomed to failure. Take, for example, our list of easy cybersecurity New Year’s resolutions. 

Unlike attempting a couch to 5k or taking up a new hobby, they don’t require hours of your time to see results. Nor do you need to go out and buy expensive new tools or overhaul existing processes. All it takes is a few tweaks here and there to get your business’s cybersecurity fighting fit for the year ahead.

And the best part? Once you’re in the habit, you’re unlikely to break them. 

1. Start patching and updating software regularly 

We bang the patching drum a lot at CyberSmart. Regular readers of our blog will have noticed we mention it at every possible opportunity. But, as repetitive as it might be, there’s a very good reason behind our love affair with patching.

Regularly updating your software and operating systems is the easiest, most time-efficient way to improve your cybersecurity. Even, the best software becomes outdated or develops gaps and, when it does, cybercriminals suddenly have an easy route into your business. 

Fortunately, avoiding the worst is incredibly easy and it shouldn’t take you more than a couple of minutes each month. All it requires is that you check every now and then for any new updates to tools and software you use. Or, if you want an even easier solution, simply turn on auto-updates in your device’s settings, and you won’t even have to think about it.

To learn more about patching, check out our recent blog on the subject. 

2. Create a password policy

Of all the resolutions on this list, creating a secure password policy is by far the simplest. Most of us know the importance of strong passwords, but that doesn’t stop us using the same easily-guessable phrase we’ve been using since 2001 for everything. We’re only human after all. 

The problem is this poses a huge security risk. It only takes a cybercriminal to crack one insecure password in your business for disaster to strike. But the good news is fixing it is simple.

Set up a password policy and ensure everyone in the business follows it. Often, it doesn’t take much more than a well-worded email and a few friendly nudges to get everyone on board.

What should go in the policy? Well, a strong password policy should have four key points:

  • Use complex passwords that are a combination of letters, numbers and symbols. In-built browser tools like Google Chrome’s password generator are great for this
  • Change passwords regularly
  • Set up different passwords for different accounts, tools and software. If you struggle with remembering them, consider using a secure password manager tool like LastPass or 1password
  • Use two-factor authentication (2FA) wherever possible 

3. Use encryption 

Encryption is one of those technologies that everyone has a vague notion they should be using. However, many of us get put off by misconception that it’s difficult to set up or hard to understand if you’re not a techy type.

In reality, this couldn’t be further from the truth. You probably already use encryption a lot in your daily life, you just don’t know it. Ever sent a message using WhatsApp? That’s encryption. Bought something from a web store? Encryption.

We won’t go into exactly how it works (if you’d like to know more we have a whole blog on the subject) but, essentially, encryption randomises data so that only an authorised recipient with a key can see it. 

Due to the complexity of the randomisation process, encryption is near impossible to break so it offers a level of security passwords alone can’t match. Better still, once you’ve set it up and are used to using it, it’s unlikely you’ll ever have to think about it again.

4. Make cybersecurity part this year’s budget

Attacks on SMEs now account for 58% of all cybercrime. What’s more, small businesses’ ability to absorb an attack is limited. Research from insurance and risk consultancy firm, Gallagher, found that over 50,000 UK SMEs would collapse if hit by a cyberattack.

Given the risks, you would expect cybersecurity to be top of most businesses’ budgeting lists. However, that’s often not the case. It’s not hard to see why; if you’re an SME performing financial wizardry each year just to keep things ticking over, cybersecurity can feel like a ‘nice to have’ rather than a priority. It’s this that leads to many smaller businesses making do with anti-virus and little else.

Unfortunately, firms who do this are playing Russian roulette without being conscious of it. Sooner or later, an enterprising cybercriminal will take advantage of weak defences, no matter how small your business. It’s a simple thing, but make 2021 the year cybersecurity features in your annual budget.

5. Get Cyber Essentials certified 

If you’ve heard of Cyber Essentials, you’re likely questioning this suggestion. Isn’t Cyber Essentials certification a long, drawn-out process that takes weeks to complete? It’s hardly fitting for a list of ‘easy’ resolutions.

Well, the truth is that getting Cyber Essentials certified can be like that. However, it doesn’t have to be. At CyberSmart we offer a Cyber Essentials certification process that can take as little as 24 hours, with no need for constant back and forth. We’ll tell you whether you’re going to pass before you submit and help you address any problems, so you only need to do it once.

Getting Cyber Essentials certified is a requirement for many government tenders and can protect your business from 98.5% of cybersecurity threats. But the benefits don’t end there. It’s also a great indicator of your business’s commitment to security, marking you out as trustworthy and safe to potential partners and customers.

So concludes our 2021 cybersecurity New Year’s resolutions. Although we’d recommend doing everything we’ve suggested, even adopting just one will noticeably improve your business’s cybersecurity. So why not kick the year off with a resolution you’ll keep? 

Looking to improve your cybersecurity but not sure where to begin? Start 2021 the right way, by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button

Why is patching important to cybersecurity?


‘Patching’ is one of those cybersecurity terms that sounds simple and homespun while somehow also appearing technical and complex. But in reality, patching is one of the easiest ways to protect your business against cyber threats. Here’s everything you need to know about it: the what, the why and the how. 

What is patching?

Remember how your mum would fix your school uniform with a patch of similarly coloured fabric when you ripped it falling over in the playground for the hundredth time? Well, the same principle applies to patching in cybersecurity. 

Over time, even the best software develops vulnerabilities, suffers a breach, or simply becomes outdated. It could be that the software was built with vulnerabilities that weren’t anticipated at the time or it might be that a new cyber threat has emerged. Whatever the reason, software developers get around the problem with security patches. 

Just like the million little fixes to your school trousers, security patches are small adjustments. They don’t change the fundamental function of the software, but they do get rid of ‘holes’ a cybercriminal might exploit to access your data or systems. 

Why is patching important? 

The best way to illustrate why patching is so important is to give an example of what happens when it isn’t used. Remember the Wannacry ransomware attack back in 2017?

The crisis began when the USA’s National Security Agency (NSA) discovered a vulnerability within Microsoft Windows. However, rather than report this immediately to Microsoft, the NSA used its knowledge of the vulnerability to create software capable of exploiting it. Unfortunately, cybercriminals then stole this tool from the NSA and used it to launch the Wannacry attack. 

The result of this unpatched vulnerability was an onslaught of ransomware that cost organisations across the globe $53 billion, including a £92 million bill for the NHS

Why is this relevant to SMEs? 

Of course, as an SME, it’s unlikely you’re sitting on software vulnerabilities that could put an almighty dent in the global economy. But that doesn’t mean patching isn’t important. 

If the tools you’re using – say, your operating system or anti-virus software –  have vulnerabilities, it gives the bad guys an easy route into your systems. Once they’re in, confidential employee information, financial data, and everything else your business guards closely, is at their fingertips. 

And it’s not just your business. As Wannacry proved, a weak link anywhere in a supply chain puts everyone in at risk. 

How do you make sure your business is protected?

The best thing about patching is that it’s the simplest thing you can do to improve your business’s cybersecurity. All it requires is that you continually update the software and tools you use. This could mean checking for updates every few days or just simply switching on the auto-update setting for all company devices.

This is very easy to do on a personal level. But what about if you scale this practice up company-wide? Surely keeping track of several or even tens of employees’ devices is tricky, to say the least?

There are two relatively simple routes around the problem. 

Clear security policies

The first is clear company security policies. Make it clear to your people that everyone needs to update software as soon as a new version or patch is released and explain why. Most of us are more likely to adhere to a policy if we know why it’s there and what we risk if we don’t follow it. And don’t squirrel it away on some long-forgotten corner of your company server. Ensure everyone has access and knows where to find it. 

Use an active protection tool

The second approach is to use an active protection tool like CyberSmart Active Protect. Active Protect scans all of your company devices every 15 mins, checking everyone is using the latest versions of software and security settings are configured properly. If anyone in your business has missed something, you’ll know about it through the CyberSmart Dashboard.

Our products can even help with creating clear policies. CyberSmart Policy Manager allows you to host your security policies in-app and distribute them to all company devices. So you can be sure everyone has access to and reads your organisation’s policies. 

Although it doesn’t sound like much, ensuring every tool your business uses is running the latest version really is the first step to a safer working environment. So why not start making it part of your routine today?

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button

The Cyber Essentials questionnaire: are you prepared?

In 2015, a research team at Lancaster University concluded that 99% of cyber risks could be avoided through following a set of surprisingly simple security measures. These measures, or controls, make up the basis of the government’s standard for security certification, Cyber Essentials, which is what we help businesses achieve here at CyberSmart.

However, there’s a lot you can do on your own to prepare yourself for the Cyber Essentials assessment or just to improve your general cyber hygiene around its guidelines. We’re going to walk you through some of the processes you will need to have in place when you complete the self-assessment for Cyber Essentials before it is reviewed by an assessor.

Keep in mind that the Cyber Essentials questionnaire is asking you to evaluate every device in your company (laptops, personal computers used for work, phones, the works) and whether it complies with the rules. If it is being used for work, it should be included.

Choose the most secure settings for your devices and software

☐ Know what ‘configuration’ means

☐ Find the settings of your device and try to turn off a function that you don’t need

☐ Find the settings of a piece of software you regularly use and try to turn off a function that you don’t need

☐ Read the NCSC guidance on passwords

☐ Make sure you’re still happy with your passwords

☐ Read up about two-factor authentication

Control who has access to your data and services

☐ Read up on accounts and permissions

☐ Understand the concept of ‘least privilege’

☐ Know who has administrative privileges to your data and on which machines

☐ Know what counts as an administrative task

☐ Set up a minimal user account on one of your devices

Protect yourself from viruses and other malware

☐ Know what malware is and how it can get onto your devices

☐ Identify three ways to protect against malware

☐ Read up about anti-virus applications

☐ Install an antivirus application on one of your devices and test for viruses

☐ Research secure places to buy apps, such as Google Play and Apple App Store

☐ Understand what a ‘sandbox’ is

Keep your devices and software up to date

☐ Know what ‘patching’ is

☐ Verify that the operating systems on all of your devices are set to ‘Automatic Update’

☐ Try to set a piece of software that you regularly use to ‘Automatic update’

☐ List all the software you have which is no longer supported

If you can follow this guidance now, you can pass certification quickly and with flying colours. If you struggle with any of them, CyberSmart has helped guide hundreds of SMEs of all sizes and experience through the same process, so feel free to get in touch. We offer a quick and simple step by step process so you can get Cyber Essentials certified today.

Cyber Security 101 – Updates

Cybersecurity 101

Simple controls your company can implement today to stay protected tomorrow!

Cybersecurity and data protection can be overwhelming. There is an enormous amount of advice on the Internet, but it is quite difficult to know where to start.

At CyberSmart, we believe cybersecurity should be accessible and easy for everyone. Therefore we have compiled a series of actionable steps to help you protect your data. Each week we focus on one control, provide some background information and answer common questions.


Simple controls your company can implement today to stay protected tomorrow!

Cybersecurity and data protection can be overwhelming. There is an enormous amount of advice on the Internet, but it is quite difficult to know where to start.

At CyberSmart, we believe cybersecurity should be accessible and easy for everyone. Therefore we have compiled a series of actionable steps to help you protect your data. Each week we focus on one control, provide some background information and answer common questions.