Sometimes the only way to identify who needs training and what they need to be trained on is to test their knowledge; BCS offer Phishing Simulation Campaigns that can discover whether there are gaps in your workforce regarding email vigilance. BCS will work with the IT point of contact to set up and schedule fake phishing emails to be sent to different users at different times (without their knowledge) and work through the findings with you to curate a bespoke Cyber Security Training plan for those users. This Phishing Campaign service is a controlled and safe way of providing bespoke education for the specific threats to your business.
You can contact our IT Security Engineer Lee Hutton here to find out more about BCS Phishing Campaigns.
Step 2: Email Security – Advanced Threat Protection & Phishing Campaigns
To prevent some of these malicious emails even reaching your inbox it is important that it is monitored by an email security service. BCS Advanced Threat Protection offers an algorithmic barricade to vet incoming emails and give caution to those that might be a threat to your company. This is a deep inspection of your incoming emails, even down to the font used or whether the colour of the logo matches the company it is claiming to be from.
If a malicious email is to get through to someone’s inbox (which is more likely without Advance Threat Protection) there are generally two things that can happen. Firstly, if the user clicks the malicious link and it asks for credentials, the cyber criminal now has them. With these credentials accessed a criminal can now complete the below:
- Sit on the users emails for months, watching the way they communicate with key members of the business, such as the Finance Director and begin inserting themselves into email chains. They can then start a conversation with said member of the business and set up rules in the users inbox so that their communication efforts are hidden. This can result in the pretender asking another member of the team to ‘send them Joe Bloggs pay slips’, or ‘pay them their fuel claim into a different account this month’, and this can escalate.
- Criminals can also use these credentials to log into any Microsoft 365 products such as SharePoint and hold your business data to ransom if it includes sensitive information.
- Clicking an unauthorised link can also result in malicious programs being installed onto your computer, such as Keyloggers; “Keylogging is the action of recording the keys struck on a keyboard, so the person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program” .For example, when administrators have to input their username and password onto your PC, the letters and numbers used are logged into this keylogging program and as a result, the hacker now has the admin credentials to your business server.
To find out more about Email Security, please view our guide here: https://www.bcs365.co.uk/email-security/
Step 3: Multi Factor Authentication
Passwords have always been a topic of security as they are so important for preventing the wrong people from accessing private data. MFA has been a game changer in bolstering log in security, by requiring both a password and another method of authentication such as a push notification. This stops cyber criminals from accessing your accounts – even if they know your password.
MFA services also will notify you of every log in attempted on your account, meaning you can even catch cyber criminals in the act and notify your company that there is an attempted breach. BCS prides itself with offering the best MFA services available, making it easy for your end-users to staying secure.
For example, as mentioned above when discussing ATP, should the cybercriminal obtain your Office 365 credentials, when they attempt to log into your account, you will get a push notification to your phone to authenticate this log in. You can decline this log in to prevent the criminal from accessing your account and inform your IT Administrator immediately so you can have your passwords changed.
Find out more here: www.bcs365.co.uk/what-does-mfa-stand-for/
Step 4: Threat Management
Firewalls and Web Filtering are another big part of improving your security, specifically when online. Ever get a pop-up ad or accidentally visit a dodgy website? Both of these features can pre-empt unsecure web pages or downloads, and detects any malware attached to the things you do download. Whilst your computer comes pre-installed with these features, using an advanced version of them will keep you the most secure and will increase the uptime on your business.
Step 5: Backup & Disaster Recovery
This guide is all about layering your security, so ensuring the above is in place to prevent an attack on your business is crucial. However, putting measures in place to protect yourself should an attack take place is also vital.
If an attack were to happen, you may feel panicked and will be looking for the next step in making things right. Having provisions like backup and disaster recovery plans in place gives your business the best chance of recovering after an attack or considerable data loss. Our BDR service is a necessity in keeping peace of mind when there are threats to the livelihood of your business.
Once cyber criminals gain access to your servers, it is likely they begin encrypting, stealing, and deleting your data. However with BDR, your servers are backed up every 15 minutes; if an attack begins at 14.03 and we are alerted at 14.14 of the attack, we can restore to your most recent back up at 14:00 and only 14 minutes of data would have been lost. Your servers will no longer be able to be used whilst we are working on removing the threat, therefore, we will spin your cloud server up and have you back working within the hour.
A secondary form of backup to consider is Cloud-to-Cloud, which will backup your Microsoft 365 accounts. Should a user’s Office 365 credentials be compromised, C2C backup is what will allow you to recover any data that is compromised. BCS will be able to restore items and files quickly and easily when using Office 365 and Sharepoint.
We hope this guide helps you understand why your business is worth taking the time to layer up your security. If anything in this article interests you, feel free to get in touch by calling 0800 6521 365 or emailing email@example.com.