Key Security Risks for Businesses in 2020

Security risks to businesses are not completely new, however the risk has significantly increased this year with the rise in home working introducing new vulnerabilities to company networks.  We explore some of the biggest cybersecurity threats you could be facing, and what can be done to mitigate them.

Malware

More than 90% of all malware is now sent via email. It can be extremely difficult to defend against; attacks are getting more sophisticated and can fool even the most experienced users. Despite this, the majority of businesses in the UK don’t make use of any third-party software or add-ons to scan their incoming emails for malicious attachments or code.

User training and strict email policies are key to protecting yourself against malware, but unfortunately won’t catch all instances. All it takes is one email to slip through the net to cause havoc, therefore we recommend making use of email protection software as well as training users to spot fraudulent emails.

Sophos Email is compatible with Microsoft 365, Exchange and almost all other business email solutions, adding an extra layer of protection. It scans all incoming emails for malicious attachments and code, isolating any known malware and protecting users from infection.

Our security experts can check the health of your email services as part of our free security audit. Get in touch with the team if you’re concerned about the security of your emails.

Working from home

With the increase in remote working, we have all adopted new processes and ways of working. Remote work however, does open up the possibility for attackers to gain entry to your central office network.

When working from home, users connect to the office through a VPN. Each home network and user device could introduce vulnerabilities into your office network, allowing hackers to bypass your firewalls.

There are several steps you can take to both minimise the risk of compromise and mitigate the impact of a breach to user devices or networks. Introducing Two Factor or Multi Factor Authentication (2FA/MFA) to your business services is critical, adding an extra layer of protection to your valuable business data.

Synchronized Security from Sophos provides an umbrella of protection over your office network, user networks and devices. Synchronized Security combines endpoint, network, mobile, Wi-Fi, email, and encryption products, all sharing information in real time and responding automatically to incidents. This ensures that your staff devices are as secure as your office network, defending you effectively against would-be hackers. 

If you think your business could benefit from Synchronized Security, our team of experts can perform a full audit of your network and devices, identifying any vulnerabilities and suggesting solutions.

Ransomware

Ransomware has had all the headlines in the last few years. The notorious WannaCry attack in 2017 impacted as many as 300,000 Windows PCs worldwide. The NHS was one of the hardest hit organisations, with an estimated bill of £92 million in direct costs and lost output.

Perhaps the most frustrating element of the WannaCry attack was that it exploited a vulnerability in Windows that Microsoft had already patched; the only machines affected were those that had not had the patch applied. So, it would seem that one of the easiest and most effective ways to protect yourself against ransomware attacks would be to ensure that all security patches are deployed promptly when they are made available.

Security patches are a critical element of protection, but there are still un-patched vulnerabilities which can be exploited by hackers. Again, your first line of defence should always be to train your users to spot malicious links, but this will never be 100% effective.

Protecting your user devices with powerful security systems like Sophos Intercept X provides the best defence against ransomware attacks. Intercept X includes built-in ransomware detection and state-of-the-art CryptoGuard features that automatically roll-back unauthorised encryptions.

Phishing

While more than 90% of all malware is transmitted through email, 90% of all successful breaches are accomplished through phishing.

Phishing is one of the more insidious methods hackers use to compromise your security. Relying more on social engineering than technological vulnerabilities, phishing can be difficult to defend yourself against. Phishing comes in many forms, but almost always relies upon impersonating a trusted person or website to extract sensitive data from users like credit card and contact details.

Known phishing schemes and sites can be defended against readily by employing filters at the network level, but since new phishing scams are being created every day, this does not provide complete protection. Defending yourself and your users against phishing requires a constant level of vigilance. Simple steps like not following links in emails and double-checking web addresses before entering sensitive details pay dividends, and are your first line of defence against phishing.

If you think you’re vulnerable to phishing, get in touch with our experts to arrange a free audit of your security systems. We’ll check your services are up to date, and can even help you review policies to minimise the risk of a security breach.

Business Email Compromise (BEC) 

Compromised business emails can cost companies thousands. The FBI reported in September 2019 that the cost to businesses of compromised emails over the previous three years was in the region of US$26bn.

It’s a huge problem. Dublin Zoo, for example, was attacked in 2017. Hackers compromised their email servers, intercepting invoices and payment orders and replaced account numbers and payment details with their own. Dublin Zoo sent more than £500,000 in payments before the breach was found.

Integrating with Microsoft 365 and most other business email services, Sophos Email, combined with Synchronized Security, identifies compromised email accounts and the devices that use them, isolating them from your network and preventing any further damage being caused.

The threat of hacking is always a risk, but there are several steps you can take to protect yourself and your business.  At Chalvington, we’re passionate about defending our customers from hackers; that’s why we offer free security audits, and even provide free trials of software and services to our customers when they need them.