Cyber safety made simple
The easy ways to protect your business from hackers
As businesses adapt to the ongoing pandemic, digital ways of working have become more important than ever.
But as technology advances, so do the scams designed to target weaknesses in firms’ cybersecurity.
Protecting yourself from online crooks and hackers can seem like a daunting task. However, some of the most effective tools are also the simplest – and are often free.
Declan Doyle is Head of Ethical Hacking at the Scottish Business Resilience Centre (SBRC). Ethical hackers search for vulnerabilities that a crook could exploit so organisations can stop attacks before they happen.
He said: “There’s a misconception that cybersecurity has to be expensive, but the most important things you can do are free. Even something as simple as doing an update on your computer can really help.”
Pick a passphrase
One of the most important steps a business can take is to review the passwords it uses. Declan explained: “We like to think of ‘passphrases’ now because one word no longer cuts it. ‘Dictionary attacks’ use software that attempts every word in the dictionary until it gets a password that works.
“Choose three random words, something that’s not associated with you. Put a random number in the word and throw in special characters. The spacebar is your friend – add spaces between words and letters and add in underscores.
“It’s also important not to reuse passwords. All it takes is for a hacker to get access to one account and they can log into others.”
If you’re worried about remembering multiple passwords for different accounts, Declan recommends making the most of tech tools you probably already have on your computer.
Password managers are like a bank vault for your details – keeping them secure and meaning you only have to remember one password to access them.
Phishing for info
Another common tactic used by crooks is to send phishing emails – messages that pretend to be from legitimate sources to trick you into handing over details. If you think an email looks suspicious or if it’s unexpected, the best thing to do is call the person it claims to be from to see if the message is genuine.
“If you’re concerned about something then just pick up the phone and double check,” said Declan. “It might be frustrating, but it’s far less frustrating than losing thousands of pounds and it’s always better to be safe than sorry.
“If you’re not expecting it, definitely raise an eyebrow. I’d also look out for vagueness. If someone is chasing an outstanding payment then they would usually provide a lot of detail.
“Spelling mistakes can also highlight the fact that something’s not right, as well as emails with a sense of urgency about getting you to do something right away. They want you to panic so take a breath, calm down and think about it.”
During the COVID-19 pandemic, scammers have changed their tactics to try to take advantage of the health crisis.Phishing messages urging people to click to claim government help or PPE have become increasingly common and security experts predict a rise in hoax emails offering vaccines. Lockdown has also made businesses increasingly reliant on video and the move to virtual meetings has brought with it a new set of risks. “Check your surroundings,” advised Declan. “Do you have any passwords or sensitive documents in the frame or on the walls, maybe written on a whiteboard? Something as simple as an invoice number could be used against you. It’s the same with your social media presence. Do you have your children’s names on there and also use them as a password? Are you giving anything away that could make it easier for a hacker?”
As online scams get more sophisticated and convincing, people often don’t realise they have been targeted until they’ve already clicked on a hacker’s link. If you find yourself in that situation, Declan’s advice is not to panic. “Take a deep breath – it’s not the end of the world. If it’s your personal email details, then change your password straight away and contact your account provider. If it’s your business, speak to your service provider.
“You can also call the SBRC’s cyber incident response hotline, which is completely free. We’ll talk you through what to do and do a check-up a couple of weeks later. We hate blame culture and don’t want anyone to panic. We don’t want to make anyone feel stupid.
“Cybersecurity is for everybody in an organisation and it’s important to make everyone feel involved.
“Being aware of it and having a good attitude can make a real difference.
You should never feel scared to come forward if you think you’ve clicked on a phishing email. If companies aren’t making people feel comfortable with talking about cybersecurity, they’re putting themselves at risk.”
Declan added: “Talking about cybersecurity can feel like it’s all doom and gloom but we are in the best position we’ve ever been.
“People are more aware of it and even by just consciously thinking about cybersecurity you’ve taken the first step that will make such a difference to how a hacker could affect you.”
Boost your defences
To help you learn more about cybersecurity, the SBRC runs free training sessions to help organisations find out how resilient they are to cyber attacks and practice their response in a safe space. To find out more, visit www.sbrcentre.co.uk/prevent-protect/cyber-services/exercise-in-a-box
Find out More
Cyber Scotland Week 2021 is taking place from 22-28 February and will be full of events and advice to help you protect yourself and your business.
Find out more by going to www.cyberscotlandweek.com
If you’ve been the victim of a cyber attack, the SBRC’s free cyber incident response hotline can provide support and advice on what to do next. Call 01786 437 472 weekdays from 9am to 5pm.