Cyber security can often seem daunting and expensive but it doesn’t need to be. By taking simple steps such as installing

up-to-date anti-virus measures and educating your team, you can help protect your business against damaging cyber attacks and breaches.

Unfortunately, it’s often the human factor which puts businesses most at risk so ensuring that your employees are able to identify any suspicious content will go a long way to preventing attackers infiltrating your business.

According to the Cyber Security Breaches Survey 2022, the most common cyber threat facing UK businesses is phishing which accounted for 83 per cent of identified attacks. Even some of the most damaging cyber attacks start with an initial malicious email, encouraging people to click on a link and enter credentials or download malware, giving hackers the tools that they need to escalate the attack by installing ransomware.

With compromised login credentials being one of the biggest causes of network breaches, many businesses have implemented multi factor authentication (MFA) where individuals are asked to provide other factors of information, such as a text or code, when signing in. However, even implementing MFA is not infallible.

Attackers have now discovered a number of ways of getting around MFA. Some types of MFA rely on ‘push notifications’ whereby an employee will receive a notification on their phone to allow access using their fingerprint.

Hackers have discovered that spamming an employee with MFA requests until they become so annoyed that they approve the request is an effective way of bypassing the additional layer of security.

We have also seen instances where MFA codes sent via SMS have been compromised due to a vulnerability. These codes can stay active for a longer period of time, giving the cyber criminals a larger window of opportunity.

Our advice is to use an authentication app which provides a MFA code that changes every 30 seconds.

It’s always a good idea to have a response plan in place for an attack.This will reduce the financial and reputational damage associated with a data breach and ensures that you comply with GDPR. It’s also important that your team knows about the plan and who they should report a suspected breach to within your organisation.

Businesses can access free cyber training resources via the National Cyber Security Centre website (ncsc.gov.uk) which has step-by-step guides on how to protect against cyber attacks – and what to do if you are affected.

You can also speak to your IT provider who will be able to tailor staff training, anti-virus software and other measures to your individual business or organisation.

This article was first published in the February 2023 edition of In-Cumbria magazine