IT SecurityMake Yourself Aware of the Threats you Face
IT Security – It is not a matter of if, but when. Every Business should be aware of what threats are out there, and have some knowledge on how to secure the business against these attacks. 90% of cyberattacks are initiated through email. Enter your details for a FREE IT security audit to see how exposed your Business Email is.
Financial, Employee and Reputational damage can be caused from cyberattacks
The average cost of a cyberattack to a Business is £12,000, would you want to spend this developing your Business or paying a ransom? Almost half of UK Businesses suffered a cybersecurity breach or attack last year. 68% of these were SMEs, and 60% of SMEs that are hit by a cyberattack go out of Business within 6 months. Educate yourself on the threats out there:
The most common type of cyberattack –
Ranking second on most common cyberattacks –
Distributed Denial of Service Attacks
Ranking third on most common cyberattacks –
This is the most common type of cyberattack, and unfortunately it’s extremely likely that without any IT security in place that you will have several viruses on your computer. A virus is a type of computer programme that replicates itself and modifies other computer programmes by inserting its own code. This can damage programmes, delete files and erase your hard drive. Hackers will use viruses to steal personal/Business data or destroy it.
Signs you may have Virus / Malware on your computer:
- Slow Performance
- You observe unexpected software installations
- Missing files
- Unexpected Pop-ups
- Lack of storage space
- Constant crashes and error messages
- Disabled Antivirus
- Unwanted browser toolbars
- A ransom message
If you feel you have a Virus/Malware, seek help immediately, as time is an important factor to prevent major damage. Contact us for help and let us know you think you have a virus, and we will guide you on what to do next.
How to protect yourself against most attacks:
- Installing Anti virus/Anti malware and setting up firewalls to protect the network
- Keep software up to date
- Delete unused programmes
- Minimize downloads
- Outsource IT
- Avoid suspicious websites
- Keep an eye on downloads
- Don’t press links from untrusted sources
- Get proper Email security
- Check links from trusted sources by contacting them through another method (This includes social media links)
Hackers are very clever, they break into computer systems to steal, change and destroy information, making them extremely dangerous. Many hackers will do this through installing malware without your knowledge. A lot of the data stolen by hackers will be put on the dark web for criminals to buy this information, and will be used to harm you or the Business.
Shepherd IT Services provide a service called deep web monitoring, where we can see if your details have been leaked on the web. Contact us for more information.
The goal of Phishing attacks is to steal sensitive data such as credit card or login information. It is also used to try and install malware onto a computer. This is done by someone impersonating a director or colleague and is often attempted through Email or WhatsApp. Many Employees have suffered from phishing attacks due to lack of IT Security, such as advanced email threat detection. If ever someone is acting differently or sending links through social media, ensure that you phone them up to see if they actually sent the link, if they didn’t then they have been successfully hacked, and you should warn them straight away.
An insider threat is a security risk inside the Business. This could be from an employee or even a board member. An employee could be offered a large sum of money to release sensitive Business data, or could be blackmailed into doing so. There have been many cases of this, such as the incident at JP Morgan Chase with an employee selling account information in 2014. An IT security system needs to be set up to restrict certain data and monitor who accesses what data at what time, this way you can determine if data is being leaked, who is leaking the data and intervene before major damage is done. In some cases employees can accidentally assist with an attack on the company. Losing a laptop is one example, or being fooled by an actor within the Business.
- Attempts to bypass security
- Frequently in the office during off-hours
- Displays unusual and hostile behaviour toward co-workers
- Violation of corporate policies
- Discussing leaving or new opportunities
- Multiple requests for access to resources not related to their job function
- Data hoarding, copying files from sensitive folders
- Using unauthorized storage devices
90% of cyberattacks are initiated through Email. All Businesses should have Email security to prevent employees being harmed and to protect the network. Advanced Threat Detection, which is included in email security, will detect which emails are potential attacks and alert you of these emails. 247 billion emails are sent each day, and millions of them are Phishing attempts. Even if you are just starting a Business, your email is a vulnerability that leads straight into your Business network and should be secured straight away.
These are attacks using vulnerabilities from unpatched software, giving attackers a route straight to your network. This is why it is important to keep programmes and software up to date, because it can and will be used against you. Unfortunately hackers will often find exploits before the programme creators can detect and fix the vulnerability, which is why you should have defences in place. Firewalls and a secure Wi-Fi system will be able to protect you against these attacks. Zero-day attacks are fast, the second a vulnerability is discovered in a programme or software the attack will be launched on the same day as the discovery.
Ransomware can infiltrate your devices without any action on your part! Ransomware is malware designed to deny a user or organization access to files on their computer. This happens through encrypting these files and demanding a ransom payment. Businesses will be put into a position where paying the ransom is the easiest and cheapest way to regain access to their files. In many cases, data is still deleted even after Ransom is paid. Ransomware is a common attack for SMEs and often results in the Business failing within 6 months of the attack. Below are some ways Malware is commonly caught:
Attackers develop exploit kits that contain pre-written code designed to take advantage of vulnerabilities in applications, networks, or devices. This type of ransomware can infect any network-connected computer or mobile device. Keep Systems and Apps updated.
Attackers distribute their malware by embedding it in fake online ads. Cybercriminals can place their ads on almost any website, even the most trustworthy sites. If you click on a malicious advertisement, you’ll download ransomware onto your device. So avoid clicking on any internet ads you encounter. Below are some ways Ransomware can be caught:
An attacker will mask themselves as a trusted contact and send you an email containing a seemingly legitimate attachment or link. Common examples include an order form, receipt, or invoice. The attachments have file extensions that make them appear to be PDFs or Microsoft Office files, but in reality, these are disguises. When you download and open the file, you’ll launch the ransomware attack.
Spyware is a malicious software that aims to gather information about a person or Business, and then sends that information to another entity in a way that harms the user. This could be violating privacy or endangering their device’s security. Spyware is installed on a computing device without the user’s knowledge. If your computer’s performance is unstable, sluggish, locks up, or crashes frequently, it could be a sign of Spyware. Spyware programs run in the background taking up disk space and processor speed which will cause serious performance problems. You may constantly get pop-up ads displayed on your screen, even if you aren’t browsing the Internet.
Fact: The average home PC contains 30 pieces of spyware, according to an audit carried out in 2006. Do you work from home?
Passwords are the most commonly used mechanism to authenticate users to an information system, obtaining passwords is a common and effective attack approach. Using social engineering, gaining access to a password database or outright guessing are some ways attackers use to obtain passwords. Setting up an account lockout policy will improve password security.
We're Here To Help!
*The contact forms and contact details on this site are to be used for the purpose of contacting Shepherd IT Services with interest in their services or for help with IT related issues. Any advertising or time-wasting attempt will be chargeable. By pressing *Send Message* or contact us using the details provided on this site, you agree to this.
M-F: 9am – 6pm