alt=
203x44-linked-in

dotted globe 700x250

Cyber Security – what does it mean for your business?

There's a worrying trend amongst businesses who haven't yet been through some kind of IT related security issue. It's human nature to think bad things only happen to other people, and especially if it's only something you read or heard about, and don't actually see anyone close to you going through it. When it comes to cyber attacks, however, every business which interacts with the internet now needs to be on alert, because things have changed dramatically recently and are continuing to do so.

I recently caught up with Sarah Green, the Business Manager at Cyber Security, Training 2000 in Nelson, Lancashire in the North West of the UK. I'd already seen the impressive setup at the centre from attending the launch in April 2016, so wanted to see how the threat was being managed and the concerns businesses today have were being dealt with.

I started by asking Sarah about the size of the problem...

1How big a threat is Cyber Crime to Business?

Cyber crime is the greatest threat a business can face in the modern day. As traditional business processes are increasingly moving online and are becoming ever more streamlined and integrated through technology, the risk has, and continues to grow at an extreme speed. The theft of intellectual property, loss of client data or money stolen from bank accounts are all huge threats that can seriously damage a business’ reputation and ability to trade.

2 How are you addressing is this?

At Training 2000 we are working with businesses to help them understand the threats they face every day. Personally, working in the industry, I feel it important to let people get a good grip on how they can protect their business and the measures they can put into place. Cyber security can be a scary and daunting thing, often businesses don’t know where to begin, and I want to help break that down and show them the value and necessity of being protected. At the moment we specialise in employee awareness training, so ensuring your people know how to be safe online, and as far as I am concerned that type of training is as essential as health and safety – your people are the gateway to your most valuable asset - your money and your data.

3 What advice would you give to businesses who say it could never happen to them?

That if it hasn’t happened yet (and you might not even know if it has), then it will, in one way or another. There hasn’t been a day gone by where I haven’t spoken to a business that hasn’t had some form of breach or attempted attack. They vary from something as simple as a generic, mass phishing email sent to millions of people in one go, to a devastating social engineering attack, duping the company into processing transactions of thousands of pounds to a hacker’s bank account.

4 Is the Government offering any advice to businesses?

The Government do provide some useful guidance to businesses – they have invested highly in the industry to raise our defenses as a nation and continue to recognize cybercrime as a Tier 1 threat. The Government’s ’10 Steps to Cyber Security’ provides a really useful backbone for how to adopt cyber security processes to protect your business from cyber threat, as well as rolling out Cyber Essentials – a certification that businesses can obtain to demonstrate that their IT infrastructure is secure against common attacks. Whilst this activity is great, however, it is really the onus of the senior managers of the business to recognize the threat and commit to putting a cyber security strategy in place.  I just really think that many of them are unsure of where to start, or are putting the responsibility in the hands of the IT team. 

5 Are the risks faced by senior managers any different to regular employees?

The risks themselves remain the same throughout the organisation – especially looking at issues with BYOD, remote working and phishing etc. In terms of senior managers, late 2015 and into 2016 we have seen a real spike in whaling, or ‘CEO Fraud’ attacks, where a spoofed email usually goes between a senior director and the finance director asking them to make a payment. They look incredibly convincing, and I know many companies that have unfortunately fallen foul to this attack. Unfortunately, as it’s a manual payment the bank can’t take liability and the money is untraceable. It’s times like this where Cyber Liability Insurance would be the saving grace.

6 Is implementing a security policy in a business complicated and difficult?

I think the main issue in implementing any new policy is culture change. I think the difference with a security policy is helping your people to learn about their responsibilities whilst not making them feel as though they would carry the blame should they be the subject of a breach. I do think that security policies are an absolutely integral part of a security strategy, but so is staff training. They need to know what they are expected to do and not do, as stated in the policy, before they adhere to it. The commitment has to come from the top, but the message needs passing through the middle ranks for a culture of security to be implemented throughout the business.

Stay alert

cyber security image 220x220Whilst each business is different, there are some common best practices all should be aware of, and they differ according to the users platform. As an example, opening a document with an attachment to an email in a smartphone might be harmless if there is no handler for the attachment, whereas if it was a PC and the same email was opened, it could have been a JavaScript file where the PC might then run it as malware.

There are plenty of real-life war stories of businesses being attacked and scrambling round to open BitCoin accounts in order to get the attackers to give them back their data. Most business managers don't even know what BitCoin is, let alone know how to deal with them - it's actually an untraceable online currency the hackers often want payng in.

Clearly, being attacked like this opens up a whole world of unnecessary problems, so I'd like to thank Sarah for her time and valuable information.

Impressive setup

There's no doubting the pedigree of the Cyber Security Centre. This training room, for example, looks like something you'd expect in the Pentagon - and that's no accident, the threat is very real, powerful and global:

cyber security control room 750x250

There are some upcoming dates for training - if you want more information, please feel free to contact Training 2000 on This email address is being protected from spambots. You need JavaScript enabled to view it. or on (+44) 01254 54659.

Upcoming course dates:

19th July 2016 - Cyber Security Employee Awareness training

21st July 2016 - Cyber Security Management training

4th August 2016 - Cyber Essentials Preparation course

25th August 2016 - Cyber Security Employee Awareness training

31st August 2016 - Cyber Security Management training