Recently our Managing Director Daragh Naughton gave an interview with Jason Walsh from the Business Post entitled “Sleepless aims to help keep SMEs safe from ‘malware as a service’”.
The article is packed with great insight and sound advice for business owners to act upon without costing the earth.
Here are the 10 takeaways from the article businesses can implement today.
1. Implement two-factor authentication (2FA) or multi-factor authentication across all of an organisation.
According to Daragh, 2FA has been around since the 1980s. Anyone with a bank account should be familiar with using two authentication methods to access their account. There’s no reason in the 21st century not to have this simple step in place in your organisation.
As he said in the article, “If you break down two-factor authentication, it’s something you have and something you know. You have to have both.”
For example, you have a code sent via SMS and you know your password.
2. MFA prevents 90 per cent of hacking attempts on your accounts.
By implementing this simple measure you can fend off 9 out of 10 attacks on your system. That is an overwhelming argument in favour of MFA.
To quote our MD, “Statistics show that if you have two-factor authentication, any kind of two-factor authentication, then you immediately prevent 90 per cent of hacking attempts on your accounts.”
3. Use a secure authentication key
A significant step up is to use an authenticator app or hardware key:“It’s a low-cost key, you buy it and pair it to your identity. That gets your account up and is 99 per cent impossible to hack.”
These sound like great odds! We recommend YubiKey as a solution. The investment is minimal and the benefits are clear.
4. SMS is the weak link
SMS is the weakest form of 2FA/MFA because an SMS can be hijacked using multiple methods. It is well-documented that SIM scamming and SIM hijacking is a prevalent way that an attacker takes over your phone number and SMS.
5. Businesses need to take security and authentication seriously
As cyber threats continue to become more sophisticated, organisations must take a proactive approach to protect their sensitive data and safeguard their systems. By prioritising security from the top down, companies can create a culture of security awareness and ensure that everyone in the organisation, from management and admin to the factory floor and customer-facing staff, is doing their part to mitigate risks.
6. Cybercrime is a business
Criminal organisations are effectively run as businesses, providing ‘malware as a service’ to bad actors. Criminal enterprises that breach cyber security have a singular focus: – how to take your money.
Daragh said, “What they’re typically trying to do is find a target: ‘How are we going to extract money from this company?’“
7. Cybercriminals are targeting small businesses – aiming for small amounts of money.
With all the recent media attention on cyber security, large businesses are getting better protection and have means to combat cybercriminals. In the last year, we’ve seen a pivot in cybercrime aiming at the more vulnerable SMBs and SMEs.
To quote the Business Post article, “Many of the recent ones [extortion attempts] we have seen have been for less than five grand – two; two and a half, three – because the skill level needed to do it is now so low.”
8. Your data is your responsibility
A common misconception among business managers is that their SAAS provider handles cyber security on their behalf. Unfortunately, in most cases, whilst the cloud, backed up and defence tools are provided, it’s still up to the business to ensure that their data is backed up and stored correctly.
9. Zero-trust and verify
Companies must adopt a zero-trust policy. This means you and your colleagues must be suspicious of every email message, text, phone call and social media link. Don’t be fooled!
Phishing exercises are the number one method used by hackers to gain access to your data. All employees must be on guard and if there is any doubt about an email, verify its authenticity before clicking on a link.
10. Partner with the right Support team.
Partnering with the right IT Managed Support partners is essential. Darragh said, “If someone partners with the right cyber security company they can get a competitive strategy in place and it doesn’t have to cost the earth.”
With these basic principles choosing the right security partner does not have to burn a hole in your business and with a few simple steps you can already improve your setup today.
In a world of evolving cyber threats, Sleepless offers the peace of mind that your data, systems and devices have the maximum protection to safeguard your business. As an ISO 27001 and 27018 certified company, our IT Security Managed Service experts monitor and protect your assets so that you can focus on growing your business.
Contact our team if you need help implementing these cybersecurity takeaways.
Thank you to Jason Walsh and the Business Post.
You can read his fantastic interview with Daragh here: Sleepless aims to help keep SMEs safe from ‘malware as a service’ | Business Post