Your Step-by-Step Guide: Layering your Security

In this new era of technology, no one is safe from the ever-growing threats to our cyber livelihood. With the rise of work from home policies and crypto-currencies, it is easier than ever before for cyber-criminals to infiltrate our systems and steal our information for mal-intent.

We want to support your business both in preventing attacks and providing resolutions in the case of an attack. This guide will help outline what layers of security you can introduce to fortify your business.

Step 1: Cyber Security Training

The first step of preventing an attack is staying vigilant; your employees must be aware of the many risks involved with having an email inbox. Educating your staff about the different kinds of phishing scams is key to preventing them from clicking unauthorised links or opening harmful documents. See below for an example of a phishing email that appears to be from Microsoft and how this could easily be perceived as authentic.

An example of a phishing email

Key things to look out for in a malicious email include:

  • When you hover your mouse over the link you are about to click, does the link look overly long, use inconceivable language, or reference a website that isn’t related to the email you have just received?
  • Sender addresses that you don’t recognise or that are pretending to be someone else. Look out for small differences such as ‘’, being changed to’ (the I has been replaced with an L).
  • Unrecognised attachments with random file names or formats.
  • Spelling mistakes are a dead giveaway of someone who is involved in phishing scams.
  • If the email appears to be from someone inside your organisation and there is a ‘CAUTION: this email originated from outside your organisation’ banner at the top of the email, then this is a tell-tale sign that this is a phishing email.

Find out more about our Cyber Security Training courses at

Sometimes the only way to identify who needs training and what they need to be trained on is to test their knowledge; BCS offer Phishing Simulation Campaigns that can discover whether there are gaps in your workforce regarding email vigilance. BCS will work with the IT point of contact to set up and schedule fake phishing emails to be sent to different users at different times (without their knowledge) and work through the findings with you to curate a bespoke Cyber Security Training plan for those users. This Phishing Campaign service is a controlled and safe way of providing bespoke education for the specific threats to your business.

You can contact our IT Security Engineer Lee Hutton here to find out more about BCS Phishing Campaigns.

Step 2: Email Security – Advanced Threat Protection & Phishing Campaigns

To prevent some of these malicious emails even reaching your inbox it is important that it is monitored by an email security service. BCS Advanced Threat Protection offers an algorithmic barricade to vet incoming emails and give caution to those that might be a threat to your company. This is a deep inspection of your incoming emails, even down to the font used or whether the colour of the logo matches the company it is claiming to be from.

If a malicious email is to get through to someone’s inbox (which is more likely without Advance Threat Protection) there are generally two things that can happen. Firstly, if the user clicks the malicious link and it asks for credentials, the cyber criminal now has them. With these credentials accessed a criminal can now complete the below:

  • Sit on the users emails for months, watching the way they communicate with key members of the business, such as the Finance Director and begin inserting themselves into email chains. They can then start a conversation with said member of the business and set up rules in the users inbox so that their communication efforts are hidden. This can result in the pretender asking another member of the team to ‘send them Joe Bloggs pay slips’, or ‘pay them their fuel claim into a different account this month’, and this can escalate.
  • Criminals can also use these credentials to log into any Microsoft 365 products such as SharePoint and hold your business data to ransom if it includes sensitive information.
  • Clicking an unauthorised link can also result in malicious programs being installed onto your computer, such as Keyloggers; “Keylogging is the action of recording the keys struck on a keyboard, so the person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program” .For example, when administrators have to input their username and password onto your PC, the letters and numbers used are logged into this keylogging program and as a result, the hacker now has the admin credentials to your business server.

To find out more about Email Security, please view our guide here: 

Step 3: Multi Factor Authentication

Passwords have always been a topic of security as they are so important for preventing the wrong people from accessing private data. MFA has been a game changer in bolstering log in security, by requiring both a password and another method of authentication such as a push notification. This stops cyber criminals from accessing your accounts – even if they know your password.

MFA services also will notify you of every log in attempted on your account, meaning you can even catch cyber criminals in the act and notify your company that there is an attempted breach. BCS prides itself with offering the best MFA services available, making it easy for your end-users to staying secure.

For example, as mentioned above when discussing ATP, should the cybercriminal obtain your Office 365 credentials, when they attempt to log into your account, you will get a push notification to your phone to authenticate this log in. You can decline this log in to prevent the criminal from accessing your account and inform your IT Administrator immediately so you can have your passwords changed.

Find out more here: 

Step 4: Threat Management

Firewalls and Web Filtering are another big part of improving your security, specifically when online. Ever get a pop-up ad or accidentally visit a dodgy website? Both of these features can pre-empt unsecure web pages or downloads, and detects any malware attached to the things you do download. Whilst your computer comes pre-installed with these features, using an advanced version of them will keep you the most secure and will increase the uptime on your business.

Step 5: Backup & Disaster Recovery

This guide is all about layering your security, so ensuring the above is in place to prevent an attack on your business is crucial. However, putting measures in place to protect yourself should an attack take place is also vital.

If an attack were to happen, you may feel panicked and will be looking for the next step in making things right. Having provisions like backup and disaster recovery plans in place gives your business the best chance of recovering after an attack or considerable data loss. Our BDR service is a necessity in keeping peace of mind when there are threats to the livelihood of your business.

Once cyber criminals gain access to your servers, it is likely they begin encrypting, stealing, and deleting your data. However with BDR, your servers are backed up every 15 minutes; if an attack begins at 14.03 and we are alerted at 14.14 of the attack, we can restore to your most recent back up at 14:00 and only 14 minutes of data would have been lost. Your servers will no longer be able to be used whilst we are working on removing the threat, therefore, we will spin your cloud server up and have you back working within the hour.

A secondary form of backup to consider is Cloud-to-Cloud, which will backup your Microsoft 365 accounts. Should a user’s Office 365 credentials be compromised, C2C backup is what will allow you to recover any data that is compromised. BCS will be able to restore items and files quickly and easily when using Office 365 and Sharepoint.

We hope this guide helps you understand why your business is worth taking the time to layer up your security. If anything in this article interests you, feel free to get in touch by filling in the form below!