In recent weeks, we have seen a few IT breaches that affected our members and partners.
On one occasion a fit-out company had their email account breached and a fake payment link was sent to a client. The client transferred the funds via the link, resulting in difficulties and uncertainty for both parties. The other situation affected a shopfitter, whose IT system got infected and was used to send out emails encouraging recipients to download a file, which would likely have caused the infection to spread.
Below are few things you can do, to help to avoid being caught in these kind of scenarios.
Keep your systems up to date. This includes the operating systems on your devices, as well as all the other software you use to run the business (office packages, specialist design tools, etc.). Do not ignore the official update notifications and do schedule some time to review the version of software you run and compare it with the vendor.
Keep your passwords safe. Do not reuse your passwords, as this is one of the most common mistakes people make. It only takes one data breach within a service you have signed up for, to have your email and password exposed. These can be subsequently used to log in to all the other services where you set the same credentials. You can use haveibeenpwned.com to check, whether your email address is included in one of the stolen databases. Remembering a different password for each service would be impossible, so consider using LastPass or 1Password. These are advanced password managers, where you will set one strong master password and all the remaining passwords will be generated and stored by the manager. You will never need to remember more than your master password and all your accounts will remain safe. Where possible, enable Two Factor Authentication (2FA) and double up your password with a code sent to your mobile device.
Be vigilant online. Do not immediately open all attachments that appear in your inbox, especially if anything about the message raises your concern. It could be a strange looking address, unusual language, or suspicious detail. The sender’s inbox could have been hacked into, so even if you’re receiving the email from someone you know, this could be a trap. If in doubt, reach out to the sender using a different channel and double check. If you have received a suspicious looking email, report it to your IT or email provider.
Pay attention to website addresses you visit, specifically if you are about to use any login credentials. The page should always be secure (address starting with https, not http) and be easy to identify (for example: bank.barclays.co.uk, not bank.barclays-bank.io).
Get your business audited and accredited with Cyber Essentials Scheme (or Cyber Essentials Plus). As the National Cyber Security Centre describes it: “Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security”. The audit and certification will cost you much less than results of a potential attack.
If you are our Member, you can reach out to the NAS insurance partner, Darwin Clayton, who provide cover for the loses caused by the IT attacks and offer preferential rates for the NAS Members.