The pandemic has sadly created the perfect climate for cyber criminals to prey on people and businesses who are already dealing with unsettling changes in their lives. The criminals have used this time to their advantage, to seek to exploit fears and uncertainty for financial gain. Unfortunately, Cyber Security is a 24/7, 365 days a year task and these scams are only going to increase.
Does your business have a disaster recovery plan around this? How would your business be affected if you were a victim of hacking, data theft or a virus that infects your IT and that of your clients’?
Here at soVision IT we know to be forewarned is to be forearmed! Working with us means that you will be protected too.
We ourselves have just had a very smart scam spotted by our brilliant cyber security expert, Alex.
We had an enquiry from the 'University of Nottingham' initially requesting quotes with 30 day terms on low value items. This is then followed by a request for, and subsequent acceptance of, a quotation for a large number of easily disposable items (in our case 250 x WD passport 2 TB).
Through our security checks we established this was a Fraud. Had we fallen for the scam, 250 WD Passports would have been winging their way to Nigeria, and we would have been left with losses amounting to many thousands of pounds.
The fraud is actually very sophisticated and someone really has done their homework - a genuine PO has been copied and legitimate members of staff imitated.
We won't be the first company they try this on, and almost certainly not the last. Readers beware!!
Don’t open emails from people you don’t know, and never open unknown attachments or links. Check that the email address in the browser matches the company it comes from.
Weak login passwords:
81% of adults use the same password for everything. Cyber criminals have programs that search public profiles, looking for these password combinations. Use unique passwords.
Often you can notice passwords on sticky notes on a screen with a password written on it. If you do have to write them down make sure they are protected and kept in locked and safe environment. Unprotected passwords can be inadvertently seen, particularly when staff are working from home.
Passwords are a necessity but aren’t always enough to guarantee security. Multi-Factor Authentication or Two-Factor Authentication is best.
Access to everything:
Compartmentalise data, and ensure it isn’t accessible by everyone. The number of people who have access, increases the number of people who can mishandle information.
Lack of training:
Only 29% of staff received cyber security training in 2019, compared to 81% of directors or senior management. All of your staff need to be trained.
Not updating antivirus software:
Everyone in the company should be expected to update the latest antivirus software, whether they are working in the office or remotely. Remember though, that Anti-Virus software only protects you from already known threats and not the new ones that have yet to be identified and solutions found.
Unsecured mobile devices:
If your company use mobiles, tablets or laptops, ensure that these are also secure.
Data security policies:
Policies are not just tick boxes. Hopefully, your team will remember the data security training they have had, which means they will remember what to do when an incident arises. The question is are these policies really in place and understood with clearly defined actions should an issue arise?