Why cyber security should be taken seriously

In 2022 Cyber security should be one of the key focuses of your business, the number of threats have increased and your business needs to stay up-to-date in order to avoid these threats. They come in many shapes and forms, and many people have this perception that the most important method to employ would be an anti-virus with backups, however today, this is simply not enough. Systems like biometrics, two factor authentication and extensive user training should be applied in order to protect you and your organisation.

What is Ransomware and how has it caused this amount of damage?

Ransomware is a malicious piece of computer software which can enter a network from various methods, such as phishing a users login details, in the form of downloaded software and spread through social media. Due to all these different ways of attacks, it is difficult to maintain a consistent anti-virus software across all devices and failing to keep virus databases up to date can also cause problems. This is why user training is one of the most crucial steps in cyber security, even if it is only training to make a user suspicious and teaching them to check with their IT department first. This is a great idea to keep your business from becoming compromised. Ransomware seeks to encrypt all of a users files and folders and displaying a message only offering to decrypt the data if a sum of money is paid, often in untraceable sources such as bitcoin. This is always a bad idea as even if they do decrypt the files (unlikely) you are still vulnerable to the same attack occurring again and more money being requested.

Social Engineering

Social engineering is the process of using people to gain unauthorised access to a network or computer system. Today, this definition is quite broad as often many people would associate social engineering with something such as phishing, where a hacker would email in using a compromised account you may recognise or with a piece of data you would not expect them to know and get you to fill out forms or download files.

Even the best firewall and spam detection methods may not be able to protect you from something such as another user who you are in contact with having their account compromised or details leaked. Social engineering does not only occur through this method. It can occur when someone calls up pretending to be your bank to get account details or more commonly in your business to gain unauthorised access to places or data they shouldn't have. This can be something like being friendly in the workplace in order to gain access to files and documents that they would have you believe they are allowed to look at when in reality they are trying to steal the data.

Trojan

A Trojan is as the name suggests a malicious piece of code or software which disguises itself as another application. These methods can often be destructive to data. Trojans often occur most frequently in unlicensed, non commercial software which may be a pirated copy of the original software or a software that does something similar to another commercial software except is cheaper or free. In business typically programs are only allowed to be installed by your IT team and they will likely be aware of the threats. Nevertheless it is still crucial that you keep your IT team trained well on these type of threats and even if users cannot install software themselves keeping them aware is a great idea especially in BYOD (Bring your own devices) environments where user devices can bring external threats into their network.

In 2022 these are the biggest threats to security that often struggle to be dealt with by typical anti-malware methods. Being aware is always the best method of protection as users will be able to look after themselves and not feel like they rely on an anti-virus to protect them if they do something wrong.

Logixal takes cyber security very seriously. From our printers to IT department we make sure any potential access point is safe and secure. To support this, as you would expect, we have completed and achieved the Cyber Essentials certification.