Out of office doesn't mean out of mind - remember to keep your business secure over the Christmas holidays!
Picture this; the clock is close to striking five on Friday 24th December, keys in hand you’re ready to lock the office doors and send your staff home for the holidays. You’re already daydreaming of relaxing by the fire with a glass of mulled wine. But this all gets rudely interrupted at 4.55 pm when all your systems go down.
Would you know who to call if you found yourself in this situation? What actions would you take if it was on Saturday or in between Christmas and New Year’s Day? Would you know how to reach your key contacts if there was a total system lockout?
At Christmas, when your business defences are down and there’s an extended period where the majority of the workforce is out of the office, presents a prime opportunity for a cybercriminal to buy more time and poke around your systems undetected.
In the days leading up to 4 July, a cybercrime gang infiltrated US IT firm Kaseya and posted a $70m ransom demand on the business’ blog on Independence Day. It had global repercussions affecting more than 1,000 companies in their supply chain.
But you don’t need to be turning over millions to attract the bad guys, in fact, it’s the micro and smaller-sized enterprises that are uniquely at risk. Your business’ digital door may be shut but are you confident that it’s locked securely? It doesn’t take much for hackers to barge their way in and gain access to sensitive data and if vulnerabilities aren’t appropriately identified and fixed, you could end up being repeat business for online criminals.
A report by telecoms giant Vodafone found that more than 1.3 million small and medium-sized businesses across the UK could fold given the cost of an average cyberattack, which government data states is nearly £8,500 - a sobering thought indeed. We hope this never happens to you.
Ways to protect your business this Christmas
Organisations and business owners are now gearing up for the Christmas period, which means radars should be on a higher alert due to increased risk exposure and more of your staff heading off for annual leave.
We can’t stress enough how important having a security plan is for SMEs like yours. The National Cyber Security Centre has provided preparatory guidelines in five simple steps - think of this invaluable resource as your response and recovery bible - to weaken some impact should an attack occur.
12 Tips to stay secure this Christmas
Use a Password Manager to keep track of your passwords - don't write them down on post-it notes!
If you receive a scam email or text message, don't click any links or attachments if you’re unsure that it is genuine. Clicking a link in a phishing email could download viruses onto your computer, or steal personal information. Send them to the Suspicious Email Reporting Service: report@phishing.gov.uk and forward any suspicious text messages to 7726.
If you purchase any new devices this month, don't forget to install the latest updates and patches. Installing the latest updates can stop criminals from exploiting faults in old systems or software.
When you use different passwords for your important accounts, it can be hard to remember them all. A good way to create strong, memorable passwords is by using 3 random words. (For example; purplehollypudding71!).
Avoid giving hackers the toolkit to attack your website, make sure you have a website firewall installed, update your CMS and control access management.
When creating backups, keep them separate, in a different location from your network and systems, or in the cloud.
When you're out shopping use mobile data or hotspot devices instead of public Wi-Fi where possible.
Don’t advertise when you’re out of the office for your Christmas party and post the office Christmas party photos after the event. Cybercriminals might try to hack your systems if they know staff are away.
Keep your social media accounts secure by making sure you know which staff members have access and which devices are signed into each account.
Two-step verification (2SV) ensures that any new device trying to log in or make account changes needs a second layer of security before access is given. 2FA includes single-use codes being sent via SMS, email, phone, or smartphone application.
Download the NCSC's Cyber Security Guide for Small Businesses for an overview of the basics.
Stay secure when you’re heading back to the office with guidance from the NCSC.
Got a security plan in place but want further support? The South East Cyber Resilience Centre can assist you with additional options:
The South East Cyber Resilience Centre (SECRC) itself is a small business which has been set up as a police-private sector-academia partnership, with the simple aim of raising cyber resilience across the South East region. Whilst cyber security can be complex and costly, the SECRC offers a free membership option which helps you understand some of the risks from cybercrime, but also offering support and guidance to businesses in the region.
Since launching core membership the Cyber Resilience Centre for the South East has supported over 1500 businesses who are now a part of the dedicated police-led centre, which has been established to help protect businesses across the region from cybercrime.
Businesses in the South East can sign up for a free Core Membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.
Security Awareness Training – the key to security awareness training is to equip all your employees with a level of awareness to combat online threats. Employees need to be taught what clues to look for that indicate threats, and how to respond when they see them.
Cyber Essentials – this is a government scheme that helps you make your business more resilient against cyber-attacks. Cyber Essentials includes £25k insurance for SMEs and also immediate access to a helpline to support you in the early stages of a cyber-attack. So there’s someone there for you 24/7/365. To find out more about that process, we have a number of trusted partners who can work with you to achieve the qualification.
Our aim is to lend a hand to SMEs in the South East of England, so please do get in touch if you want to know more about this or anything cyber-related. Here’s to a restful and problem-free Christmas and a Happy New Year!