The world today is dishing out surreal challenges, the likes of which are rarely seen in a lifetime and yet we are being subjected to two traumatic disasters in really close succession. Having just managed to fight our way through a gruelling two years plus of the Coronavirus pandemic, we are now plunged into the horrors of the Russian invasion of Ukraine.
Right now, the National Cyber Security Centre for the UK and Cybersecurity and Infrastructure Security Agency in the USA, have issued strong recommendations for businesses to ensure their cybersecurity is increased to protect against the very real threat from the Ukraine situation.
Obviously, the fallout from war always brings its financial burden, but there comes an ever more direct risk that your business is facing. Geographically you may be many thousands of miles from the direct warzone, but as Lindy Cameron, National Cyber Security Centre’s CEO pointed out recently -
“The UK is closer to Ukraine than you might think. While 2,000-odd miles separate us physically … that distance is much shorter in cyberspace – and attacks targeting Ukraine’s digital infrastructure could be felt here in Britain.”
Cameron is urging organizations “to accelerate plans to raise their cyber-resilience in the longer term … to build greater resilience.” What was good enough yesterday, really is not good enough anymore.
Make sure you know what is going on – 24/7/365
Cybercrime is increasing rapidly. It’s no longer kids in bedrooms, but highly intelligent cyber experts, who are specialists in getting into systems.
They are relentless in their attacks and their favourite time to strike is your downtime: holidays, night-time, weekends... You need to make sure your guard-dogs are in place 24/7/365. You can’t afford to turn a blind eye.
But how will they get into my systems?
There are many ways that cybercriminals can gain access, but as Cloud solutions, and specifically Microsoft, are the main business systems across the world, it’s obvious we need to make sure any weak areas are covered.
Microsoft 365 is an excellent business solution, but the most sophisticated software is only ever as good as its users. This will always be your weak spot. You can’t be on top of your staff 24/7/365, making sure that they don’t click any rogue links, turn off multi-factor authentication, inadvertently ‘give away’ their usernames and passwords… The list goes on.
You know users shouldn’t use their business accounts for personal use, but are you sure they adhere to this 100% of the time?
What about when they’re out and about and want to catch up with their jobs/emails, etc. That local coffee shop is just the place to do this, but are you sure the wi-fi connection they are using is safe?
Once cybercriminals have gained access, unless you are consistently monitoring for it, you won’t know. They’ll sit hidden in systems, watching and waiting for the ideal time to strike – usually when they can reap the most financial reward, or cause you the most distress!
Do you use apps that link with your Microsoft 365?
I know this sounds confusing and you’re probably thinking, ‘I have absolutely no idea.’ Nor, do you need to know, but the fact is that you probably are. They exist in basic every day business programs like Calendly, Docusign, Microsoft 365 remote backup software …
Whilst these are perfectly legitimate and do not offer a threat, the problem arises when cybercriminals decide to reference these common programs to attempt to gain access. They send utterly convincing, albeit totally fraudulent, emails with messages requesting users to take action to upgrade/secure/enhance the purported software. All the user has to do is follow the simple link and it’s all done.
Your staff will never know they’ve done anything wrong and neither will you, but what they’ve just unknowingly done is granted cybercriminals access to all of your systems.
This is a very popular means of gaining access to systems right now as it gives rapid access without any hacking: the user lets them in themselves!
In the paraphrased words of Kevin Mitnick, ex-cybercriminal turned good guy, if he wanted to break into a system, he wouldn’t waste time hacking firewalls, etc, but he’d go the most direct and easiest route – through socially engineering users.
But I educate my staff, so they’d never fall for this!
Isn’t that what we all think?! However, our experience as experts in this field shows that this is not the case.
Members of staff from all sectors: accountants, solicitors, retailers, teachers … have all fallen prey, clicking on and ultimately inadvertently giving away security details without even knowing.
It doesn’t matter how clever you think you are or how much you educate your staff not to click, we are all vulnerable to our emotions and cybercriminals will use this to their advantage.
So What Can I Do To Protect My Business?
Be in control – know what’s going on 24/7/365
We have invested in brilliant security monitoring software for Microsoft 365. It will do all of this for you 24/7/365. Yes, even when you’re sleeping soundly in your bed or enjoying quality time while away on holiday.
We can be rapidly alerted if anything suspicious is spotted so it can be dealt with before any damage can be done.
It’s like a sophisticated CCTV and alarm system for your cyberworld.
What’s more alongside the alerts, you can see everything that is going on in your Microsoft 365 systems, with clear, detailed reports, showing key security information: what is shared with who, who has access to what mailbox, etc, etc.
If this is something, that you think you could benefit of and would like some more information regarding this then please do not hesitate to get in touch.