A heavy topic; not to be shelved: CYBER SECURITY
With the GDPR deadline imminent and a relentless increase in scams and hackings, cyber security has never been more important or pertinent to businesses.
At IQ4Business, we’ve put a lot of time and investment into ensuring we are as secure and compliant as possible. There’s a minefield of confusing information out there, so in this month’s blog we offer our hints and tips in the hope that you may learn from our experiences…and save yourself some time!
We started our journey towards cyber security by seeking a recognised standard to follow and comply with – and decided upon the Cyber Essentials accreditation.
Cyber Essentials is an independently verified self-assessment. Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.
The five basic controls are:
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Simple information on how to be cyber secure is harder to find than one might imagine…but we found the process of becoming Cyber Essentials certified very concise; the guidance on their website is methodical and written without jargon.
We became Cyber Essentials certified in September 2017 and would recommend it as – not only does it help to protect your business – it demonstrates to your customers that you take cyber security seriously.
Ensuring control systems are in place is vital but staff training is equally crucial when it comes to cyber security.
Training should be rolled out across all team members, covering (as a minimum):
- Data processes (your company’s procedures for handling client data securely).
- Safeguarding (actions to take to reduce the risk of/avoid an attack).
Training can help to reduce the risk of your staff members being duped by a hacker.
Raising awareness of the latest scams is the best way to prevent them from spreading and causing damage.
Wisdom is power…so when you come across a scam, share away with your staff, contacts and clients!
Here are a couple that we’ve come across/been made aware of recently:
1. Change of bank details
An email is received from one of your suppliers saying they have changed their bank details and all payments should be made to the new account. The email appears legitimate as it comes from a known email address connected to your supplier’s domain.
How to act
If one of your suppliers says that they have changed their bank details PLEASE ensure you speak to a known contact – face to face or over the phone – to verify the information. Do not change bank details based on an email alone (regardless of the email address). Your supplier’s email system may have been hacked.
2. Email from a senior staff member
You receive an email from a senior staff member asking for an attached invoice to be paid, or for a staff member’s bank details to be amended. The email comes from an internal address and is written in their usual style (the hacker has been monitoring their email account, so knows how to imitate them).
How to act
Check with the senior staff member over the phone or in person that the email is legitimate. They would rather lose a minute of their time to your scrupulousness than thousands of pounds to a hacker! Don’t make the payment based on the email alone.
Till next time, stay safe out there…it’s a big world (wide web).