Northampton: 01604 657200    Daventry: 01327 317300

Proactive Chartered Accountants offer the latest financial help and advice

 

[28.06.2017]

Cyber Security – Part One

Welcome to part one of our short series on cyber security. Cyber security is something which is often in the back of all of our minds, in terms of both how can we prevent a breach and what to do should our systems be breached. This is then brought to the forefront when large-scale cyber attacks make it to the news, such as the recent attack which hit the NHS. There are, however, relatively simple low or no-cost steps your business can take to prevent or stop an attack on your systems. We will cover a few of these steps in this blog series.

Cyber Security and the NHS

The recent cyber attack infected over 300,000 computers in 150 countries, including the NHS and FedEx. Security experts have suggested that the attack on the NHS could have been prevented. Microsoft released a security update, after they were made aware of a potential vulnerability, two months prior to the attack. Had all PC’s been updated then this would have stopped the ransomware from taking hold. However some PC’s were not able to be updated, as it was found in December 2016 that many NHS trusts were using an obsolete version of Windows which stopped being supported in 2014.

What can you do?

There are some simple steps you can take to protect your business from becoming a victim of a cyber attacks. These include:

  • Installing Updates – The NHS attack has shown the importance of installing updates along with ensuring you have an up to date Operating System which is supported by the software company (e.g. Microsoft, Apple etc.) and latest versions of programmes (e.g. Internet browsers)
  • Staff Training – It is the view of some IT experts that the most successful cyber attacks target non-IT departments (e.g. HR, sales, finance etc.) in the hope that those staff will have less IT knowledge. Therefore it is important to ensure all staff understand the importance of security and are aware of the potential risks of clicking on a link or opening an attachment contained in an email.
  • IT Support – It is a good idea to have IT staff available as a point of contact for staff that are wary or suspicious of a potential threat or communication. This could be internal or external IT support, depending on what best suits your business.
  • Online Banking – If your company use online banking then your bank will often display messages on the login page warning of current potential security issues. Two common scams currently circulating are shown below:
    • Fraudsters contact a business claiming to be from an existing supplier and advising that the bank details for paying invoices should be changed. If you receive such communication it should be scrutinised for authenticity, and you should not amend any payment details until you are satisfied it is genuine. We recommend that details are checked by contacting the business directly using existing contact details you hold.
    • Another tactic is known as “bogus boss”. This is when a fraudster sends an email which purports to be from a colleague. The email instructs the recipient to make an urgent payment. The email continues to say something along the lines of ‘let me know when you are ready and I will send you the beneficiary account details’. If you or your staff receive an email of this nature speak to the ‘sender’ or a senior colleague to make sure the instruction is genuine before responding to the email or making any payment.

Summary

Following the steps outlined above will decrease the chances of you falling victim to a cyber attack. The above are only examples; there are other methods that can be used. It is important to stay vigilant. The approach to effective cyber security is to adopt clear and simple procedures for staff to follow. These will set out the actions they need to take (e.g. ensure updates are installed and check instructions received), and slot in alongside their regular work. Cyber security systems are constantly evolving to keep us safe from attacks; therefore it is wise to review your procedures and policies regularly. The Police offer support and guidance regarding cyber security via the Action Fraud website and the Government also offer a 10 step summary.

In our next blog we will look at more actions you can take to guard against breaches of your system.

Andrew Picker

 

 

Leave a comment

 

 

Comments left on this post

 

 

 

Next Previous