Category: cyber security

Cyber First

CyberFirst is a programme of opportunities to help young people explore their passion for tech by introducing them to the fast paced world of cyber security.

https://www.ncsc.gov.uk/cyberfirst/overview

CyberFirst covers a broad range of activities: a comprehensive bursary scheme to financially support undergraduates through university and a degree apprenticeship scheme; a girls’ only competition, thousands of free places on CyberFirst courses at UK universities and colleges and our new initiative CyberFirst Schools and Colleges. Each activity is designed to seek out diverse people with potential, offering the support, skills, experience and exposure needed to be the future first line of defence in our CyberFirst world.

CyberFirst say they were setup by the National Cyber Security Centre (NCSC), part of GCHQ to find diverse young– not just programmers but entrepreneurs, public speakers, analysts and more – who’ll become the next generation of cyber security specialists.

Cyberfirst say that their bursary and degree apprenticeship programmes are designed for a new generation of future cyber security professionals. Even if you don’t know how to code yet, these programmes are open to you. The key thing they look for in applicants isn’t genius programming skills – it’s curiosity.

Is this going to be successful?

Nobody knows but it is likely to help some people, but probably not as many as they hope it will reach.

If you’ve signed up for CyberFirst, let us know, by email.

Cybersecurity Best Practice for Entrepreneurs

A post by Lindsey Weiss

At Fightback Ninja Blog, we know that cyber threats are more common than most people think. While many aspiring entrepreneurs think they don’t have to worry about cybersecurity until their businesses really take off, no one is immune to these threats. In fact, hackers often single out small companies because they’re easier to infiltrate. Small businesses tend to lack the sophisticated cybersecurity systems employed by large companies, and cyber criminals have a better shot at success by targeting weak systems. To ensure your new business is safe from cyber threats, we’re here to share a few essential tips!

Understand Your Vulnerability

Why should you care about cybersecurity? A cyber-attack or data breach at your business can lead to significant losses. A cyber-attack can destroy your reputation and erode your customers’ trust in your brand, leading to loss of customers and loss of sales. Beyond this, a cyber-attack can directly result in financial losses arising from theft of financial information, ransomware demands, and website downtime. Not to mention the costs associated with repairing systems and devices as well as the legal consequences that follow a data breach.

Clearly, there’s a lot at stake. Let’s discuss some ways to prevent these losses and ensure your business is safe from threats.

Save Sensitive Email Information in PDFs

Businesses all over the world send countless emails every day, many of which contain sensitive information like financial data that cybercriminals would love to get their hands on. Email security is essential. To reduce the risk that a criminal can exploit information shared in a business email, try to convert emails to PDF files. Keeping sensitive information in your inbox leaves it vulnerable and prone to data loss. By converting emails to PDFs, you can save important information on your local computer and protect documents with passwords to ensure an additional level of security.

Follow Password Best Practices

We all know that it’s important to create strong passwords, but what does this really mean? Small Business Trends explains that password best practices go beyond the creation of strong passwords through a mix of letters, numbers, symbols, and upper and lowercase characters. While this is an important first line of defence against hackers, there’s more you can do. Use two-factor authentication to ensure you have to verify long-in attempts involving your username and password. This will keep criminals out of your accounts, even if they gain access to your log-in information.

Use Reliable Cybersecurity Software

Antivirus software is crucial for protecting your business from threats. TechForce recommends strongly against relying on the software that came with your computer as this is likely designed to protect consumers rather than businesses. Invest in an antivirus solution that offers the level of protection required for your business. Do your research and read online reviews from other entrepreneurs to make sure the software you choose will meet your needs.

Establish a Recovery Plan

Even if you implement strong safeguards to shield your business from cyber attacks, it’s important to establish a recovery plan so you know what to do in a worst-case scenario. The faster you act after an attack, the more you’ll be able to minimize your losses. First and foremost, be sure to maintain regular backups of your business data so you can get back up and running as soon as possible after a data loss event.

Once you establish a reliable backup and data recovery plan, make note of all the other steps you’ll need to take in the event of an attack. For example, plan how you’re going to identify those affected by the breach and notify your customers. You may also want to consider investing in cyber liability insurance to help you recover from a cyber security attack.

If you plan on launching your own business in the near future, take the time to learn about cybersecurity. Implementing good cybersecurity practices like using two-factor authentication, converting emails to password-protected PDF files, and purchasing robust anti-virus software will ensure your business will withstand anything cyber criminals throw at it!

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

4 Common Mistakes – Safeguard Your Business From Cyber Attacks

A post by Carla Lopez

Small and mid-size businesses are primary targets of cyber-attacks as unlike large corporations, they often do not have sophisticated security systems in place. Additionally, by attacking a small/midsize business, hackers can gain access to a large network of data which includes personal information, bank details, and passwords of suppliers, clients, and partners of the business. As reported by GOV.UK, two out of five businesses in the country were impacted by a cyberattack in the last 12 months. To tackle the increased risk of cyberattacks, this post by Fight Back Ninja explores four common security mistakes to avoid and the best practices to safeguard your business.

Mistake 1: Not Having Trained Cybersecurity Professionals

Cybersecurity for your personal device is entirely different compared to a business. While an antivirus plus malware protection software will suffice for your laptop, business machines and servers need multiple layers of security. This can include a firewall, anti-malware software, backup services, data encryption, system monitoring, and more.

As with any important business function, the responsibility of cybersecurity should be delegated to professionals. You can either hire professionals in-house or outsource it to an agency. Hiring multiple professionals can be costly compared to an agency but will make supervision easier. Regardless of your choice, the business will be in much safer hands with the involvement of professionals.

Mistake 2: Not Keeping Software Up To Date

Whether it be third-party software used for marketing, finance, sales-related activities, or the operating system, developers periodically release new versions that should be installed promptly. Updates are often released to patch security bugs and include new features. Using older versions of software exposes you to the risk of cyberattacks. By exploiting security bugs hackers can gain easy access to your data and reduce the chances of detection by the security system.

While hacking a third-party software may not compromise your entire system, hackers can still steal valuable customer and supplier data. To avoid this predicament, enable the option of auto-update for all software. Additionally, periodically check for newer versions of your operating system and ensure it is applied to all machines in the office.

Mistake 3: Not Password Protecting Documents

Daily, various stakeholders of your business will share documents through email, messaging applications, or other online mediums. As mentioned in the previous point, hackers can steal your data by targeting third-party software (including email as well). However, you can safeguard documents with sensitive information by converting them into password-protected documents.

For instance, if you’ve created a PowerPoint regarding the company’s financials, performance, and supplier partnerships, before sharing it digitally, convert your PPT to a PDF that can be password protected. This way only individuals who know the password can view the document.

Oftentimes, only the owner retains the right to make alterations to the PDF, reducing the risk of important documents being tampered with. As a best practice, instruct all employees to always convert documents into password-protected PDFs before sharing.

Mistake 4: Not Having Data Back-Ups

As reported by Data Bacisx, the average remediation cost of a cyberattack in the UK is $840,000. This can include the ransom companies deciding to pay hackers and the costs of rebuilding the business. However, paying the ransom never guarantees that you’ll get your data back. Hackers do not work on goodwill and use ransomware attacks to trap businesses in a vicious system of extorting money. One of the reasons businesses may agree to pay a ransom is because they do not have a backup.

Not having a backup puts your business at grave risk. Along with cyberattacks, natural disasters, server malfunctions, human error, and other foreseen events can lead to data loss, causing major financial damage to a business. Hence, it is important to create a data backup policy on priority. This can include creating a secure server not connected to primary servers used by the business, having a weekly automatic backup schedule, periodically running recovery exercises to check data integrity, and having a recovery plan for cyber attacks.

Avoiding these four mistakes will significantly reduce the threat of cyberattacks, and safeguard the long-term health of your business.

Fightback Ninja Signature

The UK Gov Cyber Essentials Scheme

https://www.cyberessentials.ncsc.gov.uk/

The government says Cyber Essentials helps your business to guard against the most common cyber threats and demonstrate your commitment to cyber security

Self-Help for Cyber Essentials

The guide explains how to:

  • Secure your Internet connection
  • Secure your devices and software
  • Control access to your data and services
  • Protect from viruses and other malware
  • Keep your devices and software up to date

The Three levels of engagement

Not everyone has the time or resources needed to develop a full-on cyber security system. So we’ve designed Cyber Essentials has been designed to fit with whatever level of commitment you are able to sustain. There are three levels of engagement:

  1. The simplest is to familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.
  2. Basic Cyber Essentials certification.
  3. Cyber Essentials Plus certification.

1.     Self Help

The self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

2.     Certified Cyber Security

Cyber Essentials Certificate £300 approx. (+VAT)

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

In the process of obtaining Cyber Essentials Certification is simple, you can opt to buy as much or as little help as you need from the company you choose to certify you.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

  • Reassure customers that you are working to secure your IT against cyber attack
  • Attract new business with the promise you have cyber security measures in place
  • You have a clear picture of your organisation’s cyber security level
  • Some Government contracts require Cyber Essentials certification

3.     Cyber Essentials Plus Certificate

The cost for this is only available on application.

It has all the benefits of Cyber Essentials PLUS your cyber security is verified by independent experts.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. The advice is designed to prevent these attacks.

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but this time the verification of your cyber security is carried out independently by your Certification Body.

The more rigorous nature of the certification may mean you need to buy additional support from your Certification Body.

Cyber Essentials and Government Contracts

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Cyber Security Breaches Survey 2021

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021

The Cyber Security Breaches Survey is a study of UK businesses, charities and education institutions. It was carried out in winter 2020/21

In the survey, micro business means 1-9 employees, small is 10-49, medium is 50–249 and large is 250 upwards.

On average, 39% of businesses and 26% of charities report having cyber security breaches or attacks in the last 12 months. The figures are higher in medium and large organisations as they are more often targeted by criminals.

However, evidence from the study suggests that the risk level is potentially higher than ever under COVID-19, and that businesses are finding it harder to administer cyber security measures during the pandemic.

Key Points For Business That Have Identified Breaches or Attacks

  • 27% of these businesses and 23% of these charities experience such attacks at least once a week. The most common by far are phishing attacks (83% and 79% respectively), followed by impersonation (27% and 23%).
  • A sizeable number of these organisations report that costs are substantial.
  • 21% and 18% respectively of businesses and charities end up losing money, data or other assets.
  • 35% of businesses and 40% of charities report being negatively impacted e.g. because they require new post-breach measures, have staff time diverted or suffer wider business disruption.
  • The mean cost of all the cyber security breaches these businesses have experienced in the past 12 months is estimated to be £8,460. For medium and large firms combined, this average cost is £13,400.

77% of businesses say cyber security is a high priority for their directors or senior managers, while 68% of charities say this of their trustees.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature