‘Patching’ is one of those cybersecurity terms that sounds simple and homespun while somehow also appearing technical and complex. But in reality, patching is one of the easiest ways to protect your business against cyber threats. Here’s everything you need to know about it: the what, the why and the how. 

What is patching?

Remember how your mum would fix your school uniform with a patch of similarly coloured fabric when you ripped it falling over in the playground for the hundredth time? Well, the same principle applies to patching in cybersecurity. 

Over time, even the best software develops vulnerabilities, suffers a breach, or simply becomes outdated. It could be that the software was built with vulnerabilities that weren’t anticipated at the time or it might be that a new cyber threat has emerged. Whatever the reason, software developers get around the problem with security patches. 

Just like the million little fixes to your school trousers, security patches are small adjustments. They don’t change the fundamental function of the software, but they do get rid of ‘holes’ a cybercriminal might exploit to access your data or systems. 

Why is patching important? 

The best way to illustrate why patching is so important is to give an example of what happens when it isn’t used. Remember the Wannacry ransomware attack back in 2017?

The crisis began when the USA’s National Security Agency (NSA) discovered a vulnerability within Microsoft Windows. However, rather than report this immediately to Microsoft, the NSA used its knowledge of the vulnerability to create software capable of exploiting it. Unfortunately, cybercriminals then stole this tool from the NSA and used it to launch the Wannacry attack. 

The result of this unpatched vulnerability was an onslaught of ransomware that cost organisations across the globe $53 billion, including a £92 million bill for the NHS. 

Why is this relevant to SMEs? 

Of course, as an SME, it’s unlikely you’re sitting on software vulnerabilities that could put an almighty dent in the global economy. But that doesn’t mean patching isn’t important. 

If the tools you’re using – say, your operating system or anti-virus software –  have vulnerabilities, it gives the bad guys an easy route into your systems. Once they’re in, confidential employee information, financial data, and everything else your business guards closely, is at their fingertips. 

And it’s not just your business. As Wannacry proved, a weak link anywhere in a supply chain puts everyone in at risk. 

How do you make sure your business is protected?

The best thing about patching is that it’s the simplest thing you can do to improve your business’s cybersecurity. All it requires is that you continually update the software and tools you use. This could mean checking for updates every few days or just simply switching on the auto-update setting for all company devices.

This is very easy to do on a personal level. But what about if you scale this practice up company-wide? Surely keeping track of several or even tens of employees’ devices is tricky, to say the least?

There are two relatively simple routes around the problem. 

Clear security policies

The first is clear company security policies. Make it clear to your people that everyone needs to update software as soon as a new version or patch is released and explain why. Most of us are more likely to adhere to a policy if we know why it’s there and what we risk if we don’t follow it. And don’t squirrel it away on some long-forgotten corner of your company server. Ensure everyone has access and knows where to find it. 

Use an active protection tool

The second approach is to use an active protection tool like CyberSmart Active Protect. Active Protect scans all of your company devices every 15 mins, checking everyone is using the latest versions of software and security settings are configured properly. If anyone in your business has missed something, you’ll know about it through the CyberSmart Dashboard.

Our products can even help with creating clear policies. CyberSmart Policy Manager allows you to host your security policies in-app and distribute them to all company devices. So you can be sure everyone has access to and reads your organisation’s policies. 

Although it doesn’t sound like much, ensuring every tool your business uses is running the latest version really is the first step to a safer working environment. So why not start making it part of your routine today?

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

All through September, we will be sharing the free tips and tricks, that you can implement straight away to ensure your organisation protects itself from cybersecurity threats.

Currently in the UK, 32% of SMEs experience cyber-attacks every year, a figure that is increasing, with costs running into the thousands of pounds. With a few preventive measures, it is actually possible for you to fight these threats. By implementing various techniques, strategies, using free tools and being aware of the main ways your business might be targeted, you can take protect your business today.

Come back throughout September as we add more tips. It's time to become CyberSmart.

1. Use Two Factor Authentication (2FA)

Adding an extra layer of security to your accounts can never be a bad idea. With a lot of platforms these days, 2FA is available, where you either: receive an SMS (least safe), Email (medium level safety) or authenticate via an app (recommended). There are free and premium solutions available, such as 1Password, allowing you to enable higher levels of security and 2FA across all your personal and business accounts.

2. Time to have an app clear out

Do you know all those apps you have installed but you never use, they should go. If you have apps that have been installed for months, not been updated, they could be full of vulnerabilities, waiting for a cybercriminal to exploit. When you delete these apps make sure to delete your account and unlink any credentials.

3. Are your email details available on the internet already?

This can be a scary thought but more than likely, your email has been compromised before. With the introduction of GDPR, more and more companies are openly admitting cyber breaches. We recommend using haveibeenpwned.com to check if your email has been compromised in a data breach before. Simply enter your email, check for breaches and address the situation.

4. Are you really going to plug that USB in?

You should be extremely careful with USB devices. Even after formatting, malware can still be present so ensure you completely trust the source of the device or go one better, do away with using USB full stop.

5. Update, Update, Update

Updating your apps and software can prevent 85% of targeted attacks. Make your business safer by allowing all updates to be automated, you don’t even need to think about it.

Make sure your operating system (on all your devices) and all applications are updated, at all times, updates are free after all.

6. Always lock your devices

It’s often funny when you walk away from your computer to come back and find a funny background picture, right? During the time you allowed for that to happen your business could have experienced a catastrophic and business impacting data breach (and many other potential risks).

Always lock your screens, and make them only accessible by you.

7. Might be 2019, but that doesn't mean Antivirus is out of fashion

Antivirus is a necessity for all your devices, desktop and mobile. Without an antivirus, you are putting your business at risk of those pesky viruses but also of Malware, lurking in the background, dormant or actively damaging your device. There are many antivirus options out there, some may even come pre-installed with your device, others with free and premium versions. There's no excuse not to be using an antivirus.

8. Turn on your firewall

Most operating systems come with a firewall and there’s a very good reason for this. Ensure all your business devices have this on, as it’ll create a buffer zone between your network and the internet, a highly valuable preventive measure for cyber attacks.

9. Ransomware, sounds scary but what is it?

Ransomware is one of the biggest cyber threats your business faces as it encrypts ALL YOUR DATA and locks you out of your device.  Then normally it requests a ransom payment of a few hundreds of pounds in order to give you a decryption key.

How do you protect yourself?

• Backup all your data (often and in different locations)
• Vital business information shouldn’t be only on your computer
• Don’t click on emails from unknown senders (and NEVER access .zip files in emails from these senders)
• Like we mentioned earlier, UPDATE your OS and apps
• Have an antivirus installed

10. Do you know how to spot a phishing email?

Firstly, a phishing email’s intention is an attempt to collect your personal data, and more than likely you have come across it one (or many) before.

• Serious businesses will never display your email address in the subject line
• Check out the sender and their email, try to spot how valid it is
• You don’t have to open an email just because it instils some sort of urgency (the more urgent it may look, the higher the likelihood of a breach)
• Always check links before you click.

11. Check back tomorrow

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

Simple controls your company can implement today to stay protected tomorrow!

Cybersecurity and data protection can be overwhelming. There is an enormous amount of advice on the Internet, but it is quite difficult to know where to start.

At CyberSmart, we believe cybersecurity should be accessible and easy for everyone. Therefore we have compiled a series of actionable steps to help you protect your data. Each week we focus on one control, provide some background information and answer common questions.

(more…)

Simple controls your company can implement today to stay protected tomorrow!

Cybersecurity and data protection can be overwhelming. There is an enormous amount of advice on the Internet, but it is quite difficult to know where to start.

At CyberSmart, we believe cybersecurity should be accessible and easy for everyone. Therefore we have compiled a series of actionable steps to help you protect your data. Each week we focus on one control, provide some background information and answer common questions.

(more…)