Key Tips For Cyber Security For Irish SMEs

cyber-security-cybersecurity-device-60504

Cyber attacks on SMEs are becoming more common. What are the biggest threats and how can businesses best protect themselves? Here are some key tips for cyber security for Irish SMEs, things you should look at implementing as soon as possible. 


Join our Business Achievers community and get access to downloads to help your business, free online training courses and network with members to help grow your business.


Irish businesses are increasingly being targeted by cyber criminals. PwC’s recent biannual survey of business crime revealed that 61% had experienced cybercrime over the previous two years, up from 34% in 2016.

Cyber attacks cost businesses both financially and in terms of the impact on reputation in the eyes of customers and suppliers – but only a third of firms have a cyber security policy in place, according to a survey by telecoms, data and security services provider Magnet Networks.

So what are the key risks?

Ransomware

These are programmes that freeze your access to a device and encrypt files until you pay a ‘ransom fee’.

Malware

This is the overarching term for viruses that are introduced into your devices or network. They can be used to extract money from the user, to maliciously damage or disrupt systems or as a ‘hack’ to extract important information such as customer data.

Phishing

This typically takes the form of a spam email which, when opened could: let loose a virus or malware into a system; lead a user to give personal/company details away such as passwords; or sanction a fraudulent transfer of money. Criminals can pose as trusted colleagues, customers, suppliers or banks to con the user.

Social engineering and spear phishing

These are more personalised attacks where a criminal tracks an employee’s activity. They trawl through social media profiles such as Facebook, Instagram or LinkedIn to get as much information on the targeted employee as they can. It helps them to pose as the said individual when sending a phishing email to a colleague.

“The biggest thing we see now is identity fraud, particularly criminals posing as CEOs. They have obtained their personal details and instruct a member of their team via email to move money from one account to another,” says Mark Hurley, chief executive of Spector Information Security. “I’ve seen clients being hit for €25,000 in these types of cases. Criminals want to seize on your mistakes.”


Recommended reading: How Can I Protect My Business From Cyber Attack?


Employee vulnerability

Employees using company networks to open personal emails, and working from cafes or trains for example while using their own devices can leave the door open to malware attacks. These employees are also vulnerable to attackers looking over their shoulders to access device passwords. Criminals can even tail you into the office, steal security badges and head off to the office servers to steal valuable information.

“I was at a conference once and I turned around to find that someone had inserted a small USB key into my laptop to steal information,” says Mark Kellett, group chief executive of Magnet Networks. “Now, I take a demo laptop with me that is not linked to the company network.”

Remember that hackers could also be disgruntled colleagues looking to get back at a disliked boss. It pays to be careful about who you share your password details with.

Business disengagement

The Magnet Network’s survey found that in 27% of firms either the business owner, or no one at all, was responsible for cyber security. If no policy is in place, then security will weaken and make it easier for criminals to launch attacks. “Some SMEs are more operationally mature than others. They have strong cyber-security governance from the top down,” says Hurley. “Others will never get it. They see cyber security as an unwanted spend.”


“I was at a conference once and I turned around to find that someone had inserted a small USB key into my laptop to steal information. Now, I take a demo laptop with me that is not linked to the company network”

Mark Kellett, Group Chief Executive, Magnet Networks


Another risk is transferring your IT responsibility to third party and outsourced suppliers. What cyber security policies do they have in place? Are you happy with their level of defence?


Recommended reading: How Small Businesses Can Protect Themselves Against Data Breaches


Five preventative steps for cyber security

1. Create a risk strategy

“You need to understand the risk and define exactly what in your business you are trying to protect,” says Hurley. “Create a risk register [a tool for documenting risks, and the actions to manage each risk] which will help you build an effective security framework.” 

2. Layered security

Ensure that you have the latest and most up-to-date antivirus and firewall systems installed on your PCs, laptops, smartphones and networks. Firewalls protect your internet connection by creating a buffer zone between your IT network and other, external networks; they prevent a virus or malware from spreading. Other prevention tools can spot spam and ‘spoofing’ emails before they hit your systems.

Business leaders need to implement an antivirus policy that enables you to regularly review your security system and that automatically informs you of new virus software updates or patches. Multifactor authentication, which uses codes on top of passwords and encryption of data, are also crucial for any devices on your business’s network. A layered approach is vital in helping to safeguard against multiple threat access points. “You can also add website filtering, which will highlight unsecure pages to employees before they click,” states Kellett.

Businesses should ensure that they have backup data systems ready to respond after an attack and that employees know whom to inform and when.

3. Virtual private networks

A VPN will encrypt your data, which is particularly helpful if you are an employee logging on to your business email outside of the office using public WiFi – say at a coffee shop. “Any devices, such as smartphones that have contact with the network or data, need to be protected under company policy through authentication or encryption,” says Hurley. Another strategy is to ensure that staff only have access to online services or software that they need to perform their role, rather than the whole network.

4. Managerial control

SMEs could consider making their IT manager or data protection officer the main person responsible for setting and enforcing cyber security. This will ensure that security products, tools, thinking and training will not slip. “Even if you have all the security tools in place you need policies to drive it,” says Hurley. “This could include getting passwords changed every set number of days. Also encourage employees to think about having passwords which are not easily identifiable.”

Having more control also means being aware of systems slowing down or unexpected changes in the company bank accounts, which could be indicators of attacks. Hurley recommends having a series of payment authentication steps to lower the risk of fraud. “Governance is vital. Ensure cyber security is reported on a quarterly basis at every board meeting,” he says.

5. Employee training

Everyone in the business needs to be aware of cyber-security risks, with phishing and social engineering being particularly relevant to the breadth of a workforce. You need to make sure that employees are armed with the tools to spot suspicious correspondence, such as misspellings, inconsistencies in senders’ details or urgent demands for money. Where are their social media vulnerabilities and what shouldn’t they post? As part of this, Hurley recommends carrying out phishing tests to discover vulnerabilities before a real attack hits.

The key is making cyber security an everyday discipline in the business. “If I had €100 to spend on cyber security, I would spend €95 on educating people,” Hurley states.

Kellett adds: “The training needs to be regular, not just once a year. If you spot new trends, the latest scams or vulnerabilities then make your staff aware. Keep them informed.”

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 22 August 2019
If you'd like to register, please fill in the username, password and name fields.

Member Login

Business Insights & Tips

Leaderboard

1
Jill Holtz
1968 Points
2
Tena Glaser
1391 Points
3
Michael Lane
802 Points
4
Ron Immink
732 Points
5
Fionan Murray
720 Points
View Leaderboard