Is your business prepared for the Government’s new Cyber Essentials Scheme?

As technology continually advances, and as we become increasingly more dependent on our internet-ready devices, cybercrime is becoming more difficult to both deal with, and avoid. Because of this, the UK government has launched a new cyber security equivalent of the MOT certificate – The Cyber Essentials (CE) Scheme.

The new initiative has been developed on three core pillars: defend, deter, and develop, and aims to regulate businesses and the processes they apply to stopping cybercrime and data breaches internally. The government has also set aside £1.9billion for further investment into ending cybercrime.

With the recent high-profile cybercrimes committed against the NHS, TalkTalk, Microsoft, Sony, and Marks & Spencer, it is easy to see why the government has intervened. Attackers can gain access to confidential data belonging to millions of people with relative ease.

Did you know you can view a live map of cyberattacks as they occur on the Norse website?

Visit the Norse website: Click Here

What are the potential costs if companies get it wrong?

Businesses are at risk of being fined if found to be in breach of data protection laws, particularly in the UK where these laws are extremely strict. For example, the Stockport Primary Care Trust, was fined £100,000 by the Information Commissioner’s Office back in 2013 for the careless and incorrect disposal of confidential data.

Printers and photocopiers are also under attack, with 64% of IT Managers reporting a likely malware infection, and 60% having a printer data breach.

Midshire’s IT Manager Phillip Sundet explains:reputation. “Data breaches, malware, and ransomware are prevalent in business today, costing companies thousands in lost data, regulatory fines, and los

More and more businesses are holding personal information digitally that can be used by criminals, ensuring safeguards are in place on your network and devices is paramount for data protection.”

Midshire have compiled the most common software used in cybercrime below, including some useful tips on how best to evade such software.

Ransomware

Q: What is it?

A: There have been high profile cases involving ransomware. Ransomware encrypts your files and demands ‘ransom’ in the form of bitcoins to get them unencrypted.

Q: What can I do?

A: Ransomware is constantly evolving, meaning that antivirus software sometimes struggles to stay ahead. So, as defensive software is not guaranteed to prevent ransomware, the first and most important line of defence is with you, the end user. Ensure that you avoid suspicious links and websites.

Cyber-Attack

Q: What is it?

A: Cyber-attacks are usually employed by individuals or organisations, and targets computer information systems, infrastructures, computer networks, or personal computer devices. Cyber-attacks usually originate from an anonymous source that either steals, alters, or destroys a specified target by hacking into the susceptible system.

Q: What can I do?

A: Weak passwords are generally exploited by a cyber-attack, allowing hackers to gain access to your work computer systems. Therefore, using a strong password with letters, numbers, and capital letters strategically placed throughout is a good way of avoiding
a cyberattack.

Social Engineering

Q: What is it?

A: Social engineering refers to the manipulation of people by ‘engineering’ them
to perform actions online or divulging confidential information.

Q: What can I do?

A: Social engineering normally comes in the form of emails disguised as your bank asking for account information. You should never give your account information over an insecure website. If in doubt contact your bank directly, being sure to avoid contact details on the email you are questioning!

Malware

Q: What is it?

A: Malware is short for malicious software, and refers to any software that is used
to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.

Q: What can I do?

A: There are generally two broad strategies used by criminals to try and break through
a computer’s defences:

1.    They try to install malware on your computers via breaking into accounts guarded by simple passwords.

2.    They try to trick you into installing their malware from emails or websites.

In short, you should not open any suspicious emails or email attachments, and protect your accounts with secure passwords.

General Advice

Use secure passwords – ensuring that you have a secure and complicated password, and ensuring that you frequently change your passwords greatly reduces the risk of being the unfortunate victim of cybercrime.

Think before clicking links or opening mail attachments – Stop and think!

Before opening a suspicious email, instant message, text message, or messages on social networks like Facebook, LinkedIn, and Twitter stop and think. Is it safe? If your company has an IT department double check with them, especially if you have clicked something you don’t think you should have.

Never plug in a USB/Flashdrive from an unknown source

USB sticks and flashdrives are a common means of virus infection, however if you do not connect the device to your computer it has no way of transmitting a virus. This also applies to a USB stick that you have connected to your home computers if you believe your personal devices may have a virus, as it is possible to spread the virus to your workplace this way.

If you suspect that your machine has been infected with a virus or malware, simply disconnect your device from the network either by turning off the Wifi and/or unplugging the network cable and seek IT support.

If you would like Midshire to review your current IT security measures please call 03300 414 570, or email requests@midshiremarketing.co.uk.