Blog

We are passionate about the work we do, which is why we regularly research and update our blog with original content to keep you updated with industry news.

Cyber Security – Protecting Against Emerging Threats

Date Friday, 22 May 2020 Amy Godfrey-Bawden , In: Technical

Cyber Security – Protecting Against Emerging Threats

Cyber security is a constant concern for businesses as cyber-attacks risk theft of information, financial damage and harm to a company’s reputation (particularly if you regularly store and manage data on behalf of clients). 

While many businesses have protective measures in place to manage security threats in ordinary circumstances, it is pertinent to consider how the current climate poses new challenges and opportunities for cyber-criminals and hackers, including the fear surrounding COVID-19 and the sudden increase in remote working.

What risk does working from home pose?

A gradual shift towards remote working had already begun for some businesses before COVID-19 made it a necessity for the majority, but now it has become the new normal for countless employees who until recently worked in busy office environments.

While working from home has many benefits and has allowed a significant number of businesses to continue to run during this unprecedented time, there are potential cyber security risks that can arise from remote working. Therefore, it is crucial to adapt and prepare for these threats.1

  • WiFi Security – in an office environment, your IT department can manage the security of all WiFi networks, but this is not the case for home WiFi networks. One of the best ways to maintain security while employees work from home is by using a VPN (Virtual Private Network). A VPN encrypts your data so that a hacker cannot detect your online activity or location. It is also sensible for employees to use a firewall to protect their broadband connection.
  • Phishing Scams – Your employees should be informed about phishing scams and any malicious emails they might receive to ensure they do not give over sensitive information or open or click suspicious attachments or links that could result in a computer virus. You can even simulate phishing emails to analyse how well your employees respond to a threat of this kind.
  • Using Personal Devices –Your workforce should only use secured company devices for work so that private files and data remain protected.

An effective way to mitigate human error and ensure everyone is aware of the best practices for security is to produce a remote working security policy to share with your team. If you would like assistance from our cyber security specialists to put together a comprehensive security policy tailored to your business, please get in touch.

cyber-security

Phishing Campaigns

Phishing is one of the most prevalent security threats surrounding COVID-19. There have been many incidents of criminals using spam emails or text messages to pose as official bodies such as the UK government or the World Health Organization, asking for sensitive information or requesting people open/click malicious attachments and links.  

Whether they are enticing unsuspecting victims by suggesting they can “claim a tax refund from HMRC to help protect themselves from the coronavirus outbreak”2 or asking for donations toward coronavirus relief posing as the WHO, cyber-criminals are working around the clock to exploit individuals and businesses.

You can prevent phishing by checking the email address of the sender and comparing it to verified addresses (for instance, the WHO use addresses such as, ‘person@who.int’). However, a sender with the correct domain name may have forged the address to be more challenging to detect.3 It is therefore also wise to consider why someone would need your personal information and to report emails like this as spam.

If you have a security team within your business, they will be able to look into any messages like this for you and verify whether they are a threat. Alternatively, if you are concerned and need to outsource support, you can speak to our expert team by calling 02382 354320.

Although the coronavirus outbreak has sadly been a popular topic for cyber-criminals to exploit by preying on people’s uncertainties and fears, it is also essential to remain vigilant and aware of other threats. As people are preoccupied with the pandemic, many other threats can slip through the cracks. It is imperative to apply the same caution to all suspicious incoming emails or text messages, regardless of the subject matter.

 

Cloud Vulnerability

Now that many companies are working remotely, there is inevitably further demand for cloud solutions as organisations seek to accelerate their digital transformations. While the cloud offers many advantages such as increased flexibility and simplified collaboration between employees, you must be adequately acquainted with necessary security measures to remain protected from attack or penetration. Data backups, strong passwords and encryption help avoid threats.

With many companies having adopted the cloud to store their resources and information, new security challenges arise. Without a robust strategy for cloud security, you risk harmful misconfiguration, distributed denial-of-service (DDoS) attacks and data breaches. You can maintain greater control and privacy through private cloud computing by restricting access to your network. Nonetheless, it remains the responsibility of your business to operate and manage cloud activities securely to detect or prevent attacks.4

 

Help Prevent Cloud Security Threats with These Tips:

  • Employee Education. For your cloud security strategy to work, your employees must be educated on the best practices to reduce the risk of a cyber threat. All employees who use your cloud system should receive training that highlights actions that could compromise security, including misconfiguration and insufficient authentication and weak passwords. This will help prevent unauthorised access and subsequent theft of information.
  • Encryption. Cloud encryption is a fundamental security measure. Using encryption algorithms, you can ensure the protection of your data when moving it to the cloud.
  • Penetration Testing. By thinking like a criminal when you are putting your security measures in place, you can more effectively plan for threats. One of the best ways to put yourself in a criminal’s shoes is through penetration testing, whereby you replicate the possible actions of a cyber-criminal attempting to infiltrate your system. Before carrying out a penetration test, you should ensure you have an experienced professional to execute the test, and you should inform your cloud provider beforehand to make sure your actions are not deemed a genuine threat.
  • Cloud Governance Policies. You should make sure you comply with internal and external data privacy mandates by putting in place the correct cloud governance processes. By regularly documenting risks and converting them into policies and procedures, you can stay one step ahead of the criminals.

cyber security services


How can we help?

Our cyber security team have years of experience helping businesses prepare for all forms of cyber security threats, from phishing to exploitation of cloud vulnerabilities. We specialise in penetration testing, assessments of security policies and procedures, and have first-hand experience successfully managing the potential risks of remote working.

We can help you keep your business and data secure, whether you are looking for temporary help during the current climate or ongoing support. Fill out our contact form, and we will be in touch to help safeguard your business.

 

1 Soare, B., 2019. What Are The Cyber security Issues With Remote Work?. [online] Heimdal Security Blog. Available at: <https://heimdalsecurity.com/blog/cyber > security-issues-with-remote-work/ [Accessed 5 May 2020].

2 GOV.UK. 2020. Examples Of HMRC Related Phishing Emails And Bogus Contact. [online] Available at: < https://www.gov.uk/government/publications/phishing-and-bogus-emails-hm-revenue-and-customs-examples/phishing-emails-and-bogus-contact-hm-revenue-and-customs-examples > [Accessed 5 May 2020].

3 Who.int. 2020. Cyber security. [online] Available at: < https://www.who.int/about/communications/cyber-security > [Accessed 5 May 2020].

4 Ncsc.gov.uk. Implementing The Cloud Security Principles. [online] Available at: < https://www.ncsc.gov.uk/collection/cloud-security/implementing-the-cloud-security-principles > [Accessed 5 May 2020].

Amy Godfrey-Bawden

Amy Godfrey-Bawden

Digital Marketer

Amy joined the Digital Marketing team at Blue Frontier in April 2019. Following graduation from University in 2018, she has accumulated experience writing content for social media and articles on subjects including AI, Smart Technology, Cybersecurity and IoT. She is interested in writing about a diverse range of topics and enjoys the versatility of her role at Blue Frontier.

  • Blue Frontier are accredited with Cyber Essentials Plus
  • Blue Frontier are a Silver Microsoft Partner
  • Blue Frontier is a Google Partner
  • Blue Frontier is a G-Cloud Supplier
  • ISO 27001 ISO 27001
  • ISO 9001 ISO 9001
  • ISO 13485 ISO 13485
  • ISO 14001 ISO 14001