Anthony Green, Chief Technology Officer for FoxTech, explains the top cybersecurity problems and how to fix them
Cybercrime is on the increase. Since the onset of the Covid-19 pandemic, cyberattacks on businesses have surged; a UK Government survey found that 39% of businesses came under attack during the first quarter of 2021. Even more worryingly, attackers are starting to move away from large corporations to focus on small businesses, which are seen as softer targets.
1 Experts, not products
Business owners believe that the best way to protect against cyberattack is to buy and install the latest security products such as endpoint detection, firewalls and anti-virus software. However, these are simply tools – without the staff and expertise to run them, they offer limited protection.
Businesses can significantly improve their security using the basic products they already have, as long as they have the skills and knowledge to configure them appropriately. A 2021 report by the Department for Digital, Culture, Media & Sport found that although 83% of UK companies have up-to-date anti-malware software, only 29% have all the National Cyber Security Centre’s (NCSC’s) recommended cyber essentials in place to protect them from attacks.
Most commonly missing are simple measures such as installing software updates and securely configuring laptops.
With cybersecurity specialists in high demand, it is not practical for the typical small or medium-sized business to have this expertise in-house – which is often why they are drawn to expensive cybersecurity products. Yet many such businesses could make significant improvements to their security systems by engaging a cybersecurity firm rather than relying solely on expensive software.
2 Email protection
Email is the number-one initial attack point for malicious cyberactivity. Every company uses email, and many have insufficient email security set-ups. This means attackers can easily gain access and send phishing emails with the intent of stealing company information and carrying out further attacks via ransomware, trojan horse installation or credential theft.
Alarmingly, only a single employee has to fall for a phishing email for an attacker to gain access to a company’s email system. Businesses should take steps to reduce the risk, such as staff training, two-factor authentication on email accounts, and securely configuring the email service.
Only 14% of UK companies perform security awareness training, even though the NCSC provides this for free: see bit.ly/NCSCtraining.
3 Not knowing your vulnerabilities
One of the only ways to learn exactly where hackers could gain a foothold in your systems is to get an independent specialist to make a cybersecurity assessment. They can scan for the weaknesses that hackers are looking for and implement a defence strategy. Without this, businesses have little way of predicting an attack and preventing it.
Unfortunately, a lack of knowledge means money spent on cybersecurity is not always spent in the right places. But there are simple ways to improve the cybersecurity of your business and make sure your company isn’t an easy target.
For more information, visit foxtrot-technologies.com/get-in-touch