Southampton: Mid-sized businesses warned not to ignore cyber risks

Strategic IT specialist Aura Technology is warning that IT security breaches still pose an enormous risk for companies as the global business community marks Data Privacy Day on January 28.

Tim Walker, MD of Southampton-based Aura Technology, says the international awareness day, led by the National Cyber-Security Alliance and marked across the world, should act as a prompt for businesses to review their IT protocols and implement changes, slamming the door on hackers and fraudsters.

“Although there have been a host of high-profile corporate businesses who have fallen foul of data privacy laws in spectacular and costly fashion, it’s businesses in the mid-market that are most at risk of attack and most likely to suffer devastating consequences if their systems are breached,” said Walker.

“These businesses often believe that they are unlikely to be targets of hackers and are largely unaware of the tenacity or creativity of the cyber-fraudster until they are on the receiving end of an attack. In reality, they are often a more attractive target, especially if they are third-party suppliers to a corporate or larger business. They are also often less prepared to deal with the aftermath, costs and logistics of a breach which can be devastating.

“There are some basic security measures that all businesses should take. But we live in a busy world, and often simple steps are overlooked - with disastrous consequences.”

Tim explains a simple six-step process to check that the door to some of the most sensitive and potentially damaging information about your business is firmly shut and locked.

Anti-virus is a given. It should be installed, checked and reported on regularly for every computer in a business. 99% of viruses mutate every time they install, so traditional anti-virus software is largely less effective these days and needs to be supplemented with other security steps.

Passwords are the IT equivalent of a house key, unlocking the door to highly confidential information. Setting secure passwords is simple, but as creatures of habit many of us don’t follow the basic rules: never share passwords or write them down; use an online management tool; always use different passwords and change them regularly; use maximum characters with letters, numbers, symbols and upper and lower case; don’t use a dictionary word, DOB or obvious choice; don’t use substitutions such as zero for the letter O; ideally try not to use passwords on public wi-fi.

Email security is critical to a business with 91% of hacking attacks beginning with phishing or spear-phishing - and the fraudsters are cunning. Email security protects your staff and your business and also reduces email spam. Don’t forget outbound emails as well. Your business is at risk from your own staff and outbound Data Loss Protection will ensure that your corporate data is not at risk.

Web security ensures that visited websites are clean, with no dangerous code embedded in them. The majority of ransomware attacks are as a result of an unprotected user opening up a single webpage that’s compromised with malicious ransomware code. Ransomware has the potential to render all business files useless unless protected with good backup. It only takes one user to infect an entire network. Web-security products should protect when in the office, working from home, in a hotel or on a laptop.

Patch Management is essential to keep computer operating systems and software up-to-date. Don’t use an operating system that is no longer supported. Modern operating systems such as Windows 10 are more secure, but they must be patched at every opportunity. With 99% of virus mutating with every install, patch management is just as important as anti-virus.

Backup is exactly that – if anything goes wrong, your backup could save you time or in the worst scenarios, save your business. Backup needs to run frequently and more often than once every night, check that backups are successful and that your data is stored securely and offsite.

Tim Walker added: “All businesses need to ensure staff a vigilant, but a trusted managed IT provider will ensure all of these measures are in place to minimise risk. There are costs involved, but they are nothing like the financial, logistical and emotional fallout of a system breach.”