We we’re recently approached by The Telegraph to provide our thoughts on how cybercrime is currently affecting SMEs.
After all, we’re fairly well placed to do so given that we work with organisations of all sizes throughout the UK (indeed, globally too!).
Our MD, Eddie Whittingham, gave some interesting insight and the article even includes a great quote from Andy Gill of Pen Test Partners:
“A business should conduct training to better educate staff about the dangers of phishing and to be more vigilant about emails and opening links and attachments.”
Although we weren’t as keen on his comments about people being the weakest link! We actually don’t believe that’s fair – in fact, people can be the strongest defence – but the organisations need to empower them to do so!
Top tips for cyber security:
- Invest in up-to-date security software as a fundamental defence against basic cyber threats
- Plan to get compromised; ensure that systems and procedures are in place for leaks, hacks and issues such as Direct Denial of Service (DDoS) attacks, and consider both PR and communications-led responses as well as those from IT
- Encourage the consideration of data and cybersecurity at all levels of the business via security awareness training – not just within the IT department. GDPR has initiated reviews of unnecessary data retention for many businesses but more can be done at lower levels
- Include a security expert on the executive board and seek their input on major business decisions, where cyber risks may not be immediately apparent
- Demand information from suppliers and partners about their cybersecurity measures and consider any obvious weaknesses as a back-door into your own organisation
- Aim for continuous improvement in security, rather than annual reviews or upgrades, as cybercrime evolves quickly