Protecting your business from cyberattacks

Here at PAV i.t. we provide technical solutions to prevent data security breaches, enabling our clients to safeguard themselves against cyberattack

The stats are alarming: UK firms lost £18 billion in revenue from cyberattacks in 2015 alone, and 90% of major businesses have experienced a security breach in the past year.

Digital threats are an increasing threat to businesses and their clients and, while most of us have heard of I.T. sabotage in the form of hacking, spamming and viruses, the latest and biggest threat is now fraud by 'social engineering'.

What do we mean by 'social engineering'?

'Social engineering', in the context of data security, refers to the deliberate, complex and elaborate psychological manipulation of people which results in them either divulging confidential information or performing particular actions which give away business-critical information, system access or allows money to be embezzled.

Human naivety is a big threat to the business community: it is this re-discovered exploitation –  through increasingly sophisticated social engineering scams, and no longer about simply obtaining banking or credit card details – which enables the new breed of fraudsters to dupe their targets so effectively.

Cyberattacks and security breaches do not just cost businesses in financial terms, they can also cause serious reputational damage which is why employee awareness and education are key.  Employees who are unaware of the potential for online scams, or are oblivious to the techniques used by social engineering fraudsters, will leave a company wide open.  

In what ways do fraudsters commit social engineering?

There are many methods which enable scammers to obtain a business's confidential information for monetary gain:

Spear-phishing/phishing – involves imitating a legitimate email so that the recipient trusts that it is from someone they know; for example, when a  company takes a holding deposit then scammers can create an email which appears to be from that company, asking the customer to pay the balance.  The customer sees no reason to question its plausibility and subsequently transfers funds directly to the fraudster.  Another example is requesting 'verification' of information via a link to a fraudulent web page.

Pretexting – the act of creating an invented scenario to engage a targeted victim which encourages them to divulge information or perform actions against standard protocol, e.g. to fool an employee into disclosing confidential customer information.

Quid pro quo – an opportunist fraudster repeatedly calling a company, masquerading as technical support for example. Eventually the scammer will hit someone with an I.T. problem, who is grateful that someone is calling back to help them. The cyberattacker will "solve" the problem and, in the process, have the user type commands that give them access to launch malware.

How to address this problem

It is important to identify those employees most at risk – such as staff who are required to authorise payments or process cash transactions – but in no way does this mean that other members of staff should be neglected, as they could be more of a target if they are considered naïve.  The following are some of our basic recommendations, although this would be supplemented with additional measures dependent on the organisation:

  • Two layer authentication process to help eliminate breaches – a username/password plus randomly generated personal identification number (PIN)
  • No group passwords – give unique passwords and identities to employees
  • Rigorous password policies
  • Adequate email protection
  • Being mindful of mining information from sources such as LinkedIn

So what does the future of social engineering hold?

Fraudsters are becoming increasingly sophisticated in the lengths and means they are employing in order to infiltrate businesses I.T. security and tap into their data.  One such example is the uprising of 'ransomware' – a niche form of malware which systematically encrypts files on a system's hard drive, rendering it impossible for users to access without paying a ransom.

Whilst security, anti-virus and firewall software is advancing rapidly to counteract these complex duping techniques – and this certainly provides a considerable level of protection and a deterrant effect – it is of paramount importance that companies and their employees are educated and adopt a suitably robust security policy.

To discuss how PAV i.t. services can safeguard your business, please call us on: 01273 834000


PAV i.t. services
Reeds Lane, Sayers Common
West Sussex, BN6 9LS
General enquiries: +44 (0)1273 834 000
Support / service desk: +44 (0)1273 834 433


PAV study highlights phishing threat to SMEs
A recent study carried out by PAV i.t. Services in conjunction with one of the UK's leading insurers highlighted that 29% of staff working at Small and Medium Sized Businesses (SMBs) open phishing emails.

Legal firms prime target for cybercriminals warn experts
With 62% of law firms falling victim to cybercriminals in the last year, and only 35% with a mitigation plan in place in the event of an attack, experts are warning that practices need

Security should be top priority for mobile developers to protect consumers
With the recent surge in fake apps tricking consumers out of personal data, experts are warning that manufacturers and developers of mobile devices need to make security a top priority in the design process to mitigate the serious risks posed by hackers.

PAV i.t. hosting free cybersecurity workshop for businesses
PAV i.t. will be holding a free cybersecurity workshop for businesses at Sussex Downs College in Eastbourne on Friday 24th February from 10am to 2pm.

From computer to crash helmet: Andy going for rally car glory
Andy Hollingham, an employee from PAV i.t., will be swapping his computer for a crash helmet when he takes part in the South Downs Stages rally car racing at Goodwood on Saturday 11th February.

From fiction to fact: the cybercrime threats of the future
Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK.

PAV i.t.'s experts examine security breaches at Yahoo and TalkTalk
Big business are not immune to cybercrime: PAV i.t. examines high-profile hacks at Yahoo and TalkTalk

Festive season prime time for IT outages warns PAV i.t.
With the cost of IT downtime, outages and failures costing UK businesses in excess of £12 billion in lost productivity in 2015, PAV i.t. is warning companies to be prepared...

It's good to talk: PAV i.t. urges firms to share their experiences to help in the fight against cybercrime
We regularly discuss the threats to businesses from the online world, and offer our expert advice about the steps firms can take to protect themselves. But despite various awareness campaigns about the threat of cybercrime, it remains a taboo subject


@SophosPartners @AspireCharity How about the London Revolution next year ? - would love to…

Thanks @Sophos @krishagerman our MD Jason really appreciated the lightweight cycling gear for his ride to a very wa…

We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.