New security challenges…and how to fight them

Cyber criminals are constantly getting more sophisticated and adept at what they do.

This week, Microsoft blamed a Chinese state-backed group for attacks on Microsoft Mail platforms that allowed the attacker to access email inboxes, a crucial step in any well-run hack. And a short while ago, Solarwinds had to admit their software had been hacked prior to being distributed.

So, how do you make yourself safe? We use house security as an analogy: your house is safe once you’ve closed and locked the doors and windows. But you have to do it yourself; no-one will do it for you. The same can be said of online security: your company’s security is your responsibility.

Cyber criminals are scanning and testing your company all the time. They no longer use the doors or windows. They have ways of looking like your staff or suppliers; they’re already inside your office before you’ve shut and locked the doors!

And like a terrorist, the cyber-criminal only has to get lucky once. You have to be lucky all the time. And without your constant vigilance, the cyber-criminal will find a weakness.

As the owner of the business, you can’t be responsible for all the technical details. But you can, and must, ask the right questions and hold those who are responsible to account. We recommend you ask your IT team or suppliers four simple questions:

  1. Who on the Board is accountable for our security and risk strategy? When was the last time we reviewed and tested it?
  2. Are our security systems up to date and comprehensive? How do we know they’re up to date? Do we have assessments or accreditations?
  3. Does my staff (including the Board and the CEO!) get regularly trained in cyber security and social engineering? Have we ever tested that knowledge?
  4. If we do end up in trouble, who’s in charge and what’s the plan?

Most successful attacks use tried, tested and simple methods. The reason they’re successful is because companies have forgotten to get the basics right.

If you’d like a reminder of the basics, we recommend you follow our 13-point list of simple key steps a non-technical board member can take right now.

Also see our Cyber Security Knowledge Centre which includes more content related to this topic.

You don’t need to be the technical expert. But you do need to take the lead. No-one but you will keep your house or your business safe. Our briefing will provide you with free, straightforward advice.

If you have any other questions about cyber security or IT, feel free to get in touch. We’re always happy to talk.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it ‘fractional’) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.