Cyber Education has become recognised as a powerful tool for any business to have in its artillery. It is one of the easiest security measures a business of any size can initiate to reduce its cyber security risk.
If you are a small business without IT support you can access a multitude of professional, up-to-date advice, tips, and guidelines from NCSC.gov.uk. This can also include gaining your Cyber Essentials certification.
If you are a growing business, you can seek advice from a professional IT Support company such as Southern Solutions. We will be able to give you clear, safe and trusted advice to point you in the right direction or discuss working alongside your company and providing this service.
If you are a business with an IT support company in place, they should provide Cyber Education alongside their security advice as part of your contract. Their advice should be formed from the continual professional development they provide for their staff. Trust is key when it comes to working with an IT company.
However, you can have the most up-to-date firewalls and equipment, but without education to run alongside this, you are still at risk of a security breach.
There are many blogs about how to prevent a breach; however, with 96% of breaches due to human error, what do you do if someone has made a mistake?
Clicked on a phishing email?
Do not panic! There are several practical steps that you can take.
- Open your antivirus software and run a full scan. Follow any instructions given.
- If you have been tricked into providing your password, you should change it immediately and on any other accounts with the same password.
- If you have lost money, report it as a crime to Action Fraud www.actionfraud.police.uk
- Contact your IT Support company immediately.
Received a blackmail email or a sextortion email?
- Do not communicate with the criminal.
- Do not pay the ransom.
- Check if your accounts have been compromised.
- Do not panic if your password is mentioned, as they may have grabbed this from a previous data breach. You can check this on haveibeenpwned.com
- Change any passwords that they mention.
- Report any losses to www.actionfraud.police.uk
- Contact your IT Support company.
Had your account hacked?
- Update your devices.
- Contact your provider.
- If it is your email check your email filters and forwarding rules
- Change passwords.
- Set up 2-factor authentication.
- Notify your contacts.
- If you can’t recover your account, you can make a new one but notify your contacts, including your bank etc.
- Contact action fraud.
Been Infected with malware.
- Immediately disconnect the infected computers, laptops, or tablets from all network connections, whether wired, wireless or mobile phone-based.
- In a very serious case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.
- Reset credentials, including passwords (especially for administrator and other system accounts) – but verify that you are not locking yourself out of systems that are needed for recovery.
- Safely wipe the infected devices and reinstall the OS.
- Before you restore from a backup, verify that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you’re connecting it to are clean.
- Connect devices to a clean network to download, install and update the OS and all other software.
- Install, update, and run antivirus software. Reconnect to your network.
- Monitor network traffic and run antivirus scans to identify if any infection remains.
Had your computer locked, data stolen, deleted, or encrypted with ransomware?
Ensure you have adequate backup and/or disaster recovery in place.
Usually, hackers send an email and ask you to follow instructions to pay a ransom. Then they will release the data.
Law enforcement does not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom:
- there is no guarantee that you will get access to your data or computer.
- your computer will still be infected.
- you will be paying criminal groups.
- you’re more likely to be targeted in the future.
If you have an IT support company in place, contact them immediately. They will provide you with all the support and advice you need.
Finally… have a safe and comfortable culture within your business of reporting mistakes. If staff feel too “frightened of the consequences“ to report a mistake this will increase the risk to your business. Everyone makes mistakes!