New Security Challenges…and How to Fight Them

Cyber criminals are constantly getting more sophisticated and adept.

This week, Microsoft blamed a Chinese state-backed group for attacks on Microsoft Mail platforms that allowed the attacker to access email inboxes, a crucial step in any well-run hack. And a short while ago, Solarwinds had to admit their software had been hacked prior to being distributed.

So, how do you make yourself safe? We use home security as an analogy: your house is safe once you’ve closed and locked the doors and windows. But you have to do it yourself; no-one will do it for you. The same can be said of online security: your company’s security is your responsibility.

Cyber criminals are scanning and testing your company all the time. But they no longer use the doors or windows. They have ways to look like your staff or suppliers; they’re already inside your office before you’ve shut and locked the doors!

And like a terrorist, the cyber-criminal only has to get lucky once. You have to be lucky all the time, and without your constant vigilance, the cyber-criminal will find a weakness.

As the owner of the business, you can’t be responsible for all the technical details. But you can, and must, be able to ask the right questions of the people responsible for security—and stay on top of them. We recommend you ask your IT team or suppliers four simple questions:

  1. Who on the exec team is accountable for our security and risk strategy? When was the last time we reviewed and tested our security?
  2. Are our security systems up to date and comprehensive? How do we know they’re up to date? Do we have assessments or accreditations?
  3. Does staff—and that includes the CEO—get regularly trained in cyber security and social engineering? Have we ever tested that knowledge?
  4. If we do end up in trouble, who’s in charge, and what’s the plan?

Most successful attacks use tried, tested and simple methods. The reason they’re successful is because companies have forgotten to get the basics right.

If you could use a reminder on how to nail down the basics, we have a 13-point list of simple key steps a non-technical board member can take right now.

Also see our Cyber Security Knowledge Center, which includes more plain-English content related to this topic.

You don’t need to be the technical expert. But you do need to take the lead. No-one but you will make your house or your business safe. Our briefing will provide you with free, straightforward advice.

If you have any other questions about cyber security or IT, feel free to get in touch. We’re always happy to talk.

Freeman Clarke is the largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organizations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.