In 2020 two in five small and medium businesses across the the UK and US didn’t have a Cyber Security defence plan in place for their organisation. Cyber attacks continue to become increasingly common and sophisticated, and our team at Systemagic believe that businesses need to make securing their IT systems a priority for 2021. Ensuring your business is equipped with the appropriate security measures isn’t a difficult task and doesn’t break the bank, but still tends to take a back seat when most businesses decide how to spend their IT budget.
We’ve listed some of the must-have solutions that we believe all businesses should use to protect themselves against malicious activity. We’ll be expanding on these in future blogs, but to give an overview…
A super simple way to ensure your business is protected from threats like phishing, social engineering and hacking is to implement Advanced Threat Protection (now more commonly known as Microsoft Defender for 365) into your business. If you use Microsoft 365 then this is one of those bolt-ons that we believe all businesses should use. The solution works by identifying, blocking and mitigating malicious security threats before users have the chance to even view them. For existing Microsoft 365 users this can either be added on for £1.51 per month and for those with certain packages it’s even included as part of your subscription. The key is then to configure it correctly – too many IT companies simply add the license and walk away, where we’ve developed some comprehensive best-practice configurations that we use to ensure maximum protection from Microsoft Defender.
Once seen as the gold standard of login security, multi factor or two factor authentication is quickly becoming an expected standard of security on accounts. It’s extremely easy (and free) to set up on most cloud platforms, and simply means entering an authentication code after your username and password (usually a text message, code from a mobile phone app, or code from an automated phone call). This means that even if someone guesses or steals your password they can’t log in to your account. It’s also possible to stop the requirement for codes in certain circumstances, for example when you’re in a trusted location like your main office, or using certain devices.
If you’re using Microsoft 365 or G Suite to store documents and you don’t have a third party backup in place, then you have the equivalent of an onsite server with no backup. Nobody would ever run an onsite server without backing it up, but for some reason we find businesses get a false sense of security when storing documents in the cloud. Microsoft’s own service level agreement specifies that you should use a third party backup when storing data in SharePoint and/or One Drive. Our backup facility backs up G Suite and Microsoft 365 3 times each day, ensuring if you are hit by ransomware, malicious activity or even accidental deletion of data, we can quickly and easily restore all your data and emails. Again, it costs very little indeed but can save your business if you need to use it.
Cyber Essentials is a Government-backed and industry-supported scheme helping businesses identify and prevent cyber-attacks. The scheme sets out security goals and organisations are awarded a certificate once those security controls have been implemented. We find that most clients already have most or all of what’s needed to pass, and the certification is quickly becoming a must-have for those who tender for work or engage with larger customers. Achieving your Cyber-Essentials certification not only prevents your businesses from around 80% of cyber attacks it also demonstrates to your client base and prospects you’re taking security and data protection seriously. We work with a local accreditation body to help our clients achieve Cyber-Essentials status. Successful certification also comes with free cyber insurance.
22% of small and medium size businesses who started to work remotely in 2020 did so without a Cyber Security prevention plan in place. In the rush to get working from home users were often set up on older laptops, personal devices or temporary machines. It takes a quick lapse of judgment from one of your users to accidentally click a phishing link and as more employees are operating outside of the regular office environment we’re seeing a shift in cyber-attacks taking place on home networks as time goes by. Prevention is always better than cure, and educating your team against threats is better than simply locking everything down to prevent issues. Our Phishing Awareness training platform is designed to ensure your team has the knowledge and skills to recognise spoof emails and security threats therefore minimising the risk of not spotting a suspect email.
Would you like some assistance in putting a plan in place for reacting to cyber attacks? If you’d like any more information on the above solutions our expert team would love to hear from you.