By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.
As long standing IT security specialists, at PAV i.t. we have the necessary skills, experience and knowledge to help companies large and small guard against cyber attacks. So we were delighted to share our expertise with fellow Sussex firms at the Best4Biz conference in Bexhill this month. Having seen the devastating effect security breaches and hacks can have, we are committed to helping our clients guard against such attacks – and keen to spread the online safety message. As one of the keynote speakers at Best4Biz our MD, Jason Fry, discussed the many different types of attack firms can suffer – and crucially how they can protect themselves.
Sadly, SMEs have hit the headlines in recent months as they have become an increasing target for hackers and cyber criminals.
Government figures showed close to three quarters (74%) of small to medium sized businesses had suffered a security breach in 2015.
As we explained at the conference there can be many reasons why businesses are targeted – and it's not always for financial gain.
Attacks can be personally motivated, triggered by emotions or vendettas, ideologically motivated or simply carried out for fun by hackers, as they perceive the crime as easy and difficult to trace.
Cyber crime can also take a variety of forms, with hackers targeting IT systems, emails, phones and even text messages to get what they want. "Spoofing" websites – which mimic a genuine phone number or email address – are among the tools fraudsters are hijacking to gain a victim's trust and what's frightening is these tools aren't difficult to find.
Jason demonstrated their ease of use for our Best4Biz audience. Using an attendee's LinkedIn profile, he was quickly and easily able to source her managing director's contact details and input these into the spoofing webpage, alongside his own number. Just a click of a button and a call immediately came through that appeared to be directly from the attendee's contact, but was in fact being made through Jason's phone. Scary stuff!
This form of attack is known as vishing (voice calls) but can also be adapted to target SMS messages (smishing) and emails (phishing).
Criminals will look to impersonate CEOs and financial directors in these attacks and often ask for funds to be transferred. The idea is that their victim, who is lower down the organisational chain, will not question the false instructions from their supposed boss and can end up transferring company money into a fraudster's account.
Devices that are linked to the internet, such as printers, smart phones, tablets and even projectors, can also pose a risk, as they provide a way into a company's system that hackers can exploit.
Having the right defences, guidelines and procedures are essential to guard against these kind of attacks – and others.
Educating staff is a key component to protecting your business and its assets. As Jason showed at the conference, hackers can use software and emotional pressure to quickly and easily dupe employees – so alerting them to these kind of scams is essential.
We recommend bosses do as Jason did at Best4Biz and demonstrate how easy it can be to fall into a fraudster's trap. Draw up protocols and procedures for such events – often a simple phone call can confirm whether a manager did text an employee with instructions to transfer a large sum of money.
Investing in an email security screening system can intercept potential malicious emails, which as well as being used for fraud purposes, can also be the carrier for malware – the umbrella term for intrusive software, such as ransomware.
Regularly updating your software will ensure vital security upgrades are installed and known vulnerabilities are fixed, while carrying out routine audits of your network will identify all fringe devices and ensure there are no weak points.
These steps were among the measures discussed at Best4Biz and what we urge all companies to review and carry out in order to tighten up their security. If you would like to know more about how to further protect your firm from the evolving threats of cybercrime, and how PAV i.t. can help, call us on 01273 834 000 or complete our enquiry form.