Category Archives: Business Security

The cyber protection dos and don’ts of starting a new job

Posted on by

Starting a new job or position can be exciting, but it's important to keep cybersecurity in mind.

Here are some dos and don'ts to keep in mind:

DO:

✔️ Use a strong, unique password for all of your accounts

✔️ Use a password manager to store your passwords and create complex and unique passwords.

✔️ Keep your computer and mobile devices updated with the latest security patches - if it needs a restart, restart it!

✔️ Be cautious of suspicious emails or messages, and never click on links or provide personal information without verifying the sender's identity - including executives and managers within the organisation.

✔️ Use a reputable antivirus software and firewall to protect your devices- make sure it is on and updated regularly.

✔️ Take advantage of any security training or resources offered by your employer - free training is also available at wiser-training.

✔️ Be the force for change in the cybersecurity space of the business.

DON'T:

✖️ Share your password with anyone, ever, no matter who!

✖️ Use public Wi-Fi networks to access sensitive business information or to complete financial transactions

✖️ Always use a VPN when connected to an unsecured or insecure wifi network

✖️ Leave your devices unlocked or unattended - before you walk away (Microsoft -control alt delete - enter)

✖️ Click on links or download attachments from unknown sources

✖️ Neglect to report any suspicious activity or security breaches to your IT department or supervisor.

✖️ Take a selfie with your security pass and post it on social media

By following these guidelines, you can help protect yourself and your employer from potential cybersecurity threats.

Stay safe and enjoy your new job!

Why SMEs need an MSP

Posted on by

In 2023 and beyond, cyber threats will continue to be the biggest risk to small businesses.

These threats can come in the form of malware, ransomware, phishing attacks, and other forms of cybercrime, and they can have severe consequences for small businesses.

In a survey conducted by the National Cyber Security Alliance, 60% of small businesses reported being a victim of a cyber attack, and more than half of those attacks resulted in financial losses.

One of the main reasons that small businesses are at such high risk is that they often lack the resources and expertise to properly protect themselves.

Many small businesses do not have dedicated IT staff or cybersecurity professionals on hand, making them more vulnerable to attacks.

They may also have limited budgets for cybersecurity measures, which can leave them exposed to threats.

Another reason that small businesses are at risk is that they often have weaker cybersecurity defenses.

Small businesses may not have the same level of security measures in place as larger organizations, making them an easier target for cybercriminals.

This can include things like outdated software, a lack of firewalls, and insufficient training for employees on how to identify and prevent cyber threats.

A managed service provider (MSP) can play a critical role in helping small businesses reduce the risk of cyber threats.

One of the main ways that MSPs can help is by providing proactive monitoring and management of a small business’s IT systems and networks.

This can include things like identifying and addressing vulnerabilities, implementing security measures such as firewalls and antivirus software, and monitoring for suspicious activity.

In addition, MSPs can help small businesses implement a disaster recovery plan in the event of a cyber attack.

This can involve regularly backing up data and having a plan in place for how to restore systems and recover from an attack.

This can be particularly important for small businesses, which may have a harder time recovering from a cyber attack due to limited resources.

MSPs can also provide training and education on cybersecurity best practices to small business employees.

This can include things like teaching employees how to identify and prevent phishing attacks, how to create strong passwords, and how to recognize and report suspicious activity.

This can help small businesses create a culture of cybersecurity awareness and reduce the risk of attacks.

Overall, a managed service provider can help small businesses reduce the risk of cyber threats by providing proactive monitoring and management of IT systems and networks, implementing a disaster recovery plan, and providing training and education on cybersecurity best practices.

By working with an MSP, small businesses can take steps to protect themselves from cyber threats and reduce the potential impact of these threats.

Building cyber resilience into a business is essential in today’s increasingly digital world.

Posted on by

With the increasing reliance on technology, businesses are exposed to a wide range of cyber threats, from data breaches and ransomware attacks to phishing scams and network intrusions.

It is therefore important for businesses to have a robust strategy in place to ensure that they are prepared to handle these threats and minimize the impact on their operations.

One of the key elements of building cyber resilience in a business is to ensure that the organization has strong security controls in place.

This includes implementing effective firewall and antivirus software, as well as regularly updating and patching systems to prevent vulnerabilities from being exploited.

It is also important to ensure that all employees have trained on cybersecurity best practices, such as avoiding clicking on suspicious links and using strong passwords.

Another important aspect of building cyber resilience is to have a disaster recovery plan in place.

This plan should outline the steps that the organization will take in the event of a cyber attack, including how to restore systems and data, communicate with employees and customers, and maintain business operations.

It is also essential to regularly test and update this plan to ensure that it is effective and relevant.

One of the key components of a disaster recovery plan is having backup systems and data in place.

This means having copies of important data stored in a secure location, such as in the cloud or on an external hard drive, so that it can be accessed if the primary systems are compromised.

It is also important to ensure that these backup systems are regularly tested to ensure that they are functioning properly and can be accessed as needed.

In addition to having strong security controls and a disaster recovery plan, it is also important for businesses to invest in cyber insurance.

This type of insurance can help cover the costs associated with a cyber attack, including legal fees, data restoration, and business interruption.

It is important to carefully review the terms of a cyber insurance policy to ensure that it meets the needs of the organization.

Another important aspect of building cyber resilience is to have strong incident response protocols in place. This means having a team in place that is trained to handle cyber incidents and can respond quickly to minimize the impact on the organization.

This team should be trained on how to identify and contain an attack, as well as how to communicate with relevant stakeholders, such as employees, customers, and the media.

One of the most effective ways to build cyber resilience into a business is to regularly conduct risk assessments.

This involves identifying potential threats and vulnerabilities, as well as evaluating the potential impact on the organization.

Based on the results of the risk assessment, the organization can then implement measures to mitigate these risks, such as implementing additional security controls or updating disaster recovery plans.

In addition to these measures, it is also important for businesses to be proactive in their efforts to build cyber resilience.

This includes regularly updating and patching systems, conducting employee training on cybersecurity best practices, and staying informed about the latest cyber threats and trends.

By taking a proactive approach, businesses can better protect themselves against cyber attacks and minimize the impact on their operations.

In conclusion, building cyber resilience into a business is essential in today’s digital world.

By implementing strong security controls, having a disaster recovery plan in place, investing in cyber insurance, and regularly conducting risk assessments, businesses can better protect themselves against cyber threats and minimize the impact on their operations.

By being proactive and staying informed about the latest cyber threats, businesses can build a robust defense against these threats and ensure their long-term success.

Why non-profits need to invest in cybersecurity

Posted on by

Cybersecurity is an increasingly important concern for all organizations, including non-profits.

In the digital age, non-profits rely heavily on technology to carry out their mission and serve their constituents, making them vulnerable to cyber attacks.

Here are seven advantages of prioritizing cybersecurity for non-profits:

⚔️ Protecting sensitive information:

Non-profits often have access to sensitive information such as donor and volunteer data, financial records, and personal information.

⚔️ Complying with regulations:

Many non-profits receive funding from government agencies or foundations that have strict requirements for data security.

⚔️ Maintaining donor and volunteer trust:

A data breach or cyber attack can damage a non-profit’s reputation and undermine the trust of donors and volunteers.

⚔️ Protecting against financial losses:

Cyber attacks can result in financial losses for non-profits, including costs associated with recovering from the attack and repairing damage.

⚔️ Enhancing employee productivity:

Cybersecurity measures can help employees work more efficiently by protecting against cyber threats and minimizing downtime due to cyber attacks.

⚔️ Increasing competitiveness:

In today’s digital age, non-profits that demonstrate a commitment to data security may have a competitive advantage over those that do not.

⚔️ Reducing insurance premiums:

Many insurance companies offer discounts to organizations that have implemented robust cyber security measures.

In conclusion, cybersecurity is an essential consideration for non-profits.

By prioritizing it, non-profits can protect sensitive information, preserve financial resources, maintain trust, enhance their reputation, facilitate collaboration, ensure compliance, and support their mission.

It is important for non-profits to assess their cybersecurity needs and implement appropriate measures to safeguard against potential threats.

3 reasons that cybersecurity is in the state it is!

Posted on by

Cybersecurity is at a low level for several reasons.

One reason is that organizations, governments and individuals are not investing enough in cybersecurity measures.

This can include not allocating sufficient budget or resources for cybersecurity training, hiring, and technology.

Another reason is that many organizations and individuals do not have a clear understanding of the cyber threats they face, and as a result, do not prioritize cybersecurity.

Additionally, many companies and individuals are still using outdated software, hardware and systems that are vulnerable to cyber-attacks which could have been prevented if they were updated.

Furthermore, the sophistication and complexity of cyber attacks are increasing at a faster rate than organizations and individuals can keep up with.

All these factors combined have led to the current low level of cybersecurity.

Lowest entry-level ever

Today, the entry-level for cybercrime is at an all-time low.

This is due in part to the increasing availability of easy-to-use tools and resources that allow individuals with little technical expertise to engage in cybercrime.

For example, there are now numerous online forums, tutorials, and hacking tools that can be easily accessed and used by anyone with an internet connection.

Additionally, the rise of the dark web has made it easier for individuals to purchase and use malicious software, such as malware and ransomware, for criminal activities.

Furthermore, the increasing use of automation and AI in cybercrime has made it easier for cybercriminals to launch large-scale attacks and target a wide range of victims.

All these factors have led to the lowering of the entry-level and increase of cybercrime which is a major concern for organizations, governments and individuals.

Education and training from the wrong direction

Education and training that is delivered in a top-down manner, where the information and knowledge is passed down from the top level of an organization to the bottom, can fail for several reasons.

One of the main reasons is that it does not take into account the unique needs and perspectives of the individuals or groups who are being trained.

The information may not be tailored to their specific role or level of understanding, making it difficult for them to apply it effectively in their work.

Additionally, top-down education and training can lead to a lack of engagement and buy-in from the individuals or groups who are receiving the training.

Without their active participation and interest, the training may not be as effective in achieving its goals.

A bottom-up approach, on the other hand, is more inclusive and empowering, and it starts with the needs and perspectives of the individuals or groups who are being trained, ensuring that the training is more relevant and meaningful to them.

Software was written for the first to market, not as a secure platform

Software that is written with the primary goal of being the first to market may not prioritize security.

This means that the software may have vulnerabilities or weaknesses that can be exploited by cybercriminals or hackers.

These security flaws can lead to data breaches, loss of sensitive information, and other types of cyber attacks. Additionally, software that is not designed with security in mind may not comply with industry regulations or standards, which can lead to legal and financial repercussions for the company that developed the software.

To avoid these issues, it is important for companies to balance the need for speed to market with the need for a secure and compliant software platform.

Additional

AI

Artificial intelligence (AI) will have a significant impact on both cybersecurity and cybercrime.

On the cybersecurity side, AI can help organizations and individuals detect and respond to cyber threats in real time, by using advanced machine learning algorithms to analyze large amounts of data, identify patterns, and make predictions about potential attacks.

Additionally, AI-based systems can also be used to automate many security processes, such as patch management and incident response, which can help organizations and individuals become more efficient and effective in defending against cyber attacks.

On the other hand, AI can also be used by cybercriminals to launch more sophisticated and automated attacks, such as spear-phishing, social engineering, and malware campaigns.

AI-based malware can also be designed to evade detection by traditional security systems and can spread quickly across networks.

Additionally, AI can also be used to enable new forms of cybercrime, such as deepfake generation, which can be used to impersonate individuals or organizations in order to steal sensitive information or money.

Therefore, AI can have a significant impact on both cybersecurity and cybercrime and it’s important for organizations and individuals to stay aware and adapt to the new technology.

The risks associated with online shopping and banking

Posted on by

Online shopping and banking have become an integral part of our daily lives, but with the convenience of these services comes the risk of cyber threats.

cybercriminals and scammers can target your personal and financial information in order to steal your identity, money, or both.

That’s why it’s so important to practice good cybersecurity habits when shopping and banking online.

Here are some best practices to keep in mind:

🔰 Use a password manager to create and store strong, unique passwords for each of your online accounts.

It can be tempting to use the same password for multiple accounts, but if a hacker gains access to one of your accounts, they will have the key to all of them.

🔰 Enable two-factor authentication (2FA) on your online accounts whenever possible.

This adds an extra layer of security by requiring you to enter a one-time code in addition to your password when logging in.

🔰 Make sure that the websites you shop on and use for banking are secure.

Look for a URL that starts with “https” and a padlock icon in the address bar.

This indicates that the website is using a secure connection to encrypt your data.

🔰 Use a credit card rather than a debit card for online purchases, as credit card companies generally have stronger fraud protection policies.

If your credit card information is stolen, you can typically dispute the charges and get your money back.,

🔰 Avoid using public Wi-Fi networks for sensitive transactions, as they may not be secure.

Cybercriminals can easily set up fake public Wi-Fi networks in order to steal your information.

🔰 Regularly check your bank and credit card statements for any unauthorized charges or activity.

🔰 Be wary of phishing emails or texts that try to trick you into entering your login or financial information on fake websites.

These scams often use fake logos and branding to make them look legitimate, so it’s important to be on the lookout for red flags.

If you receive an email or text from a company that you don’t recognize, do not click on any links or enter any information.

🔰 Keep your computer and other devices up to date with the latest security patches and software updates.

These updates often include important security fixes.

🔰 Use a firewall and antivirus software to protect your computer from malware and other threats.

These tools can help to prevent malware from infiltrating your system and can also detect and remove any malware that does get through.

🔰 Consider using a virtual private network (VPN) when connecting to the internet, as it can help to encrypt your data and protect your online activity from being monitored.

By following these best practices, you can help to protect yourself and your personal and financial information while shopping and banking online.

Remember, it’s always better to safe than sorry.

It is the responsibility of the board of directors to carefully consider and manage these risks.

Posted on by

Business risk is an inherent part of any enterprise, and it is the responsibility of the board of directors to carefully consider and manage these risks.

When it comes to cybersecurity, there are several factors that the board of a small, medium or non-profit enterprise should consider in order to determine what is an acceptable business risk.

First and foremost, it is important for the board to understand the potential consequences of a cybersecurity breach.

This includes not only the financial costs of responding to the breach and repairing any damage but also the impact on the company’s reputation and customer trust.

The board should also consider the likelihood of a cybersecurity breach occurs, as well as the potential severity of the consequences.

One way to manage cybersecurity risk is through the implementation of robust security protocols and technologies.

This includes ensuring that all software and systems are regularly updated and patched, using strong passwords and implementing two-factor authentication, and regularly training employees on cybersecurity best practices.

The board should also consider investing in cybersecurity insurance, which can help to mitigate the financial impact of a breach.

Another aspect of managing cybersecurity risk is having a robust incident response plan in place.

This should outline the steps to be taken in the event of a breach, including how to communicate with employees, customers, and the media, as well as how to restore systems and recover from the incident.

It is important for the board to consider the potential for external threats, such as cybercriminals.

This includes considering the use of security tools such as firewalls and intrusion detection systems, as well as implementing processes for monitoring and detecting potential threats.

In addition to these technical measures, the board should consider the role of company culture in managing cybersecurity risk.

This includes promoting a culture of cybersecurity awareness and education among employees, as well as setting expectations for responsible behavior online.

Ultimately, the acceptable level of business risk when it comes to cybersecurity will depend on the specific circumstances and needs of the enterprise.

The board should carefully consider the potential consequences of a breach, the likelihood of such an incident occurring, and the measures in place to mitigate and manage these risks.

By taking a proactive approach to cybersecurity, the board can help to protect the company’s assets and reputation, and ensure the long-term success of the enterprise.

Cybercrime – You can’t win a fight if you don’t know the rules

Posted on by

Cybercrime – You can’t win a fight if you don’t know the rules

Most of us do not know the rules when it comes to the digital space.

We assume that what applies in the real world is what we should live by in the digital space.

This is an assumption that will get you into a lot of trouble.

Here are four areas everyone needs to keep in mind when using a digital device.

Who you are!

You know who you are.

In the digital space you do not want to talk about who you are to people you have never met.

We assume that most people are like us, in the digital world that assumption will cause irrefutable damage.

In the digital world only talk in generalities, not specifics.

What you talk about!

To connect to people you are told that you have to talk about feelings and personal attitudes.

For some that can be difficult.

If you need to talk to that personal level learn to hide the information behind other things.

Why you can lie!

We have been programmed to tell the truth, some people can and some people cannot.

Some people have major issues with lying.

I work on the principle, in the digital world, to lie where possible.

In your profile you cannot lie on government websites, medical websites and other sites where the real information is required.

When faced with the request for information learn to lie.

Make up a date of birth, license number, passport number.

If you think that the site does not need that information or the information is never going to be checked against real data – just lie.

Trust/verify

Just like fight club, do not talk about fight club, when it comes to the digital world, lying is a necessary evil.

It is a matter of trust and to tell you the truth, from someone working in the the industry, I trust no one on the internet.

I have people that I know who I trust implicitly, I know they would do anything just like I would do anything for them.

In the digital world I do not trust their avatar.

Even if I have verified them I still do not trust them.

Why we need to rethink Business Security

Posted on by

Security is an IT problem.

How many managers, owners, C Level Executives and board members agree with this statement?

More than 50% of small and medium businesses and not-for-profit organisations think that the ICT department is the go-to people when it comes to protecting your business’s crown jewels.

There has been a significant push in the last 5 to 10 years to get SMEs away from this thinking and to think about business risk, compliance, governance and business security.

Yes there is still a significant place for the ICT management of security around technology.   They are the ones who have to work with limited resources, doing more and more with less and less, and producing the same level of protection year in and year out.

When it comes to a cyber event, the problem in today’s business world is that not everything can be secured with technology.

At a basic level, there are 6 areas that create a secure business environment, technology and frameworks is one of them.   The others are risk management, people and education, policy and governance, resilience and finally continuous improvement.

As you can see, technology is only a small part of the solution.

The normal situation for SMEs and Charities is to think that ICT department knows it all.   We have had similar situations ever since computers have become an integral part of the business.

People who “know computers” were called on to fix the business infrastructure simply because of the know computers.   So a web designer was asked to fix a printer or a programmer was asked to set up an internet connection.   Yes, they could do it but in today’s world it is so much more complicated and complex.

Business security needs to be addressed by someone who knows security.   Someone who understands risk!   Someone who understands the fundamental security practices required to protect the organisation.

You would never go to an unqualified accountant to do your tax return, or an unqualified electrician to rewire your house, or even an unendorsed mechanic to repair you new BMW.

When it comes to protecting the business, especially from a cyber event, we rely on people who have minimal understanding of what needs to be done to create a secure business environment.

Where to start your Business Security / Cybersecurity Journey

Posted on by

Start

Time

3-hour program

What is done

Audit on assets and risk management.

What you get

  • Report on where your organisation is in relation to business security
  • Roadmap to implement basic changes to your business organisation
  • A number of process, procedure and policy templates
  • A number of Plans templates

Tools we use

  • Care-app diagnostic tool
  • Questionnaire similar to basic SWOT
  • Proprietary diagnostic tools
  • Open-source intelligence gathering tools

What do you need to do

  • Implement changes
  • Discuss with management
  • Implement proactive responses to cybersecurity

 

Threshold

Time

8-hour program

What is done

 

What you get

  • Implementation of Internet policy
  • Implementation of online security awareness program
  • In depth Risk analysis
  • In depth Risk mitigation process
  • Full blown digital SWOT

Tools we use

 

What do you need to do

 

 

Baseline

What is done

 

What you get

 

What do you need to do

 

 

Beyond

What is done

 

What you get

 

What do you need to do