Techcess Technology Podcast episode 50: The Techcess 57 Minute Data Security Challenge (See show notes for lower bandwidth version)
If you're working with technology in your business, you probably assume that you're quite safe from attack.
You see big organisations getting phished and hacked - despite investing in IT security - and you think to yourself that it'll never happen to you.
Well, we're afraid to say, you're absolutely wrong.
If anything, you're more at risk than the bigger organisations.
As Mark reveals in this episode, he's confident that he'd be able to find leaks and holes in your cybersecurity, regardless of how good you think your antivirus software is.
During this episode of the Techcess technology podcast, Mark reveals several home truths regarding your company's data security, including:
Seriously, take a listen to this episode, and determine whether you're confident enough in your company's data security to take the Techcess 57 Minute Data Security Challenge!
(Want to download your free copy of m3's IT services buyer's guide that Mark mentions in the episode?)
You can do that by clicking here:
Click this is you're hard of hearing and want to just download and read the episode as a PDF:
You would have probably already seen the link to the PDF above.
Here's a very quick sneak preview of that transcript of episode 50
"Will you take the techcess 57 minute data security challenge?"
"Another misconception is that cybersecurity is an expense I can't afford. Fair enough. When you're running a business, of course you want to keep costs down. But the fact is, you stand to lose a lot more money if you take chances of your cybersecurity than if you just get the cover that your business needs in the first place. And when you consider the fact that noncompliance with things like GDPR can mean multi-million-pound fines and carries a thorough risk to your business or reputation, spending a bit of money and protecting your data is actually the smart thing to do.
IT security is an investment, not an unnecessary expense..."
Scroll down to read the full transcript on the bottom of this page or click the link above to get a printable version!
Get more valuable technology insights from m3's blog pages, here.
Mark Riddell's technology podcast "Techcess" is an m3 Networks production. Mark and the team have created this podcast to help you and their clients understand how technology can help them in their industry and business, including helping them with cyber security solutions. To find out more about Mark Riddell and the rest of the m3 team, visit them here and follow them on Linkedin.
If you want to get in touch about technology or cyber security, just address an email directly at Mark here. He'll be very happy to hear from you.
Thanks for listening! If you enjoy this episode, make sure you follow the podcast via your favourite app.
Episode 50 full transcript
Would your business pass our 57 minute data security challenge?
Are you brave enough to take the techcess data security challenge?
In the 50th episode of Techcess, today, we are asking the question would your business pass or fail our 57 minutes Data Security Challenge?
Yes, this is the 50th episode of Techcess. I can't believe it's been almost a year since we started to show. It's one of these things that I'd planned to do for quite a long time and we eventually pushed the button to make it happen. And here we are. And it's been enjoyable recording and producing this free content for business owners out there. And today it's going to be no different. And today, I'm setting out for all your business owners out there to take the 57 minutes Data Security challenge. And what does that mean? Well, I'm going to tell you about that.
It's easy to believe that cyber criminals are not interested in your business because you're not a big household name or you don't have thousands of staff across dozens of locations. Okay? Sadly, that hasn't been true for some time. And these days, cybercriminals don't go after specific targets. Instead, they release malware and other bad software into the wild, seeking out easy targets. And here's how easy it is to be affected.
It only takes one computer on your network to be a little bit out of date to allow some bad software to get in, or one member of your team to click a dodgy link and a spammy email, or a USB stick infected with software placed into one of your laptops.
And most businesses are a lot more hackable than they realise. And the consequences are huge. If you are hit with something like crypto locker or another type of ransomware, you can get locked out of all of your devices and data for days. It takes a lot of time, effort and often cash to get back to business as normal. Here's a bold challenge for you. I'm confident that if I was to visit your business today, I'd find a weakness in your IT systems within just 57 minutes. And I call this a 57 Minutes Data Security Challenge. I bet I can uncover a way to get into your system or an unsafe working practice.
And all I'll do is ask you some questions and have a quick look at your computers and the systems that your staff are using. Cyber criminals are always looking for ways into computer systems, and countless business owners make it really easy for them. Just having antivirus software in place, even if it's really good, simply isn't good enough in 2022. There are a lot of great antivirus products out there, but never assume that they will protect you from all threats. If cyber attackers really want to find a way in, there are plenty of other options available to them. It's all about perception. You see, one of the biggest security problems I see every day is the attitude that it's only the bigger companies that are at risk. The fact is, companies of all sizes face exactly the same threats. And cyber attackers particularly love the ones that take a blasé approach to security. So I'm just going to share with you a few other common misconceptions that IT professionals like me here every day.
Cyber threats are always external, and this is false. The majority of data breaches happen internally and some are deliberate and others are completely unintentional. With more businesses employing short term staff and giving all the sundry access to internal systems, it's easy for data to end up in the wrong hands. There are countless employees who innocently click infected links or open email attachments that put their entire networks at risk. And most of the time, your biggest threat isn't a 'Cyber Barry' lurking in the shadows. It's the lovely, friendly person who makes everyone a cup of tea in the morning and makes one easy mistake without even realising it.
Now, the next misconception is, nobody could ever guess my password. And if only this was the case. To the seasoned, cybercriminal passwords are surprisingly easy to figure out. In fact, if you want to see just how strong your password is and how long it would take for it to be cracked, you can head over to our website and use our free Password checker tool. And that's at m3networks.co.uk/passwordgenerator.
Now, it is a password generator too, but you can also put in your current password and it will tell you how long it'll take to crack. And if you find out that it's a really easy password to be cracked, you can just click Generate Password and the free tool will give you a new password that you can use in your online accounts. Now, we all know that it's a pain to thousands of different passwords using uppercase, lowercase and funny symbols.
So this is where a lot of people cut corners, right? The vast majority of users are going to choose a password that means something to them, like a name or an important date. And they also use the same password over and over again. The reality is, if you're using the same password for multiple accounts, you might as well not have one in the first place.
And the next thing we hear is that I'm safe from viruses because I only open emails from people I know. Yeah, but cybercriminals are cleverer than that. They're able to create incredibly realistic looking emails that can fool even the most eagle-eyed administrator into opening a dodgy attachments. They replicate email addresses that are almost identical to the real thing, even down to the signature and the phone number. And at five minutes to home on a Friday afternoon, would you be on the ball enough to notice? You can't count on this.
The next thing that we hear a lot is it's easy to spot an infected computer. Well, that's not necessarily true. Sure, if your screen is full of popups and takes half an hour to download a photo, it's probably a good sign that it's sickly. But a lot of viruses and malware can now run completely undetected, sneakily stealing all your critical data without any outward signs of infection.
And the final misconception is that cybersecurity is an expense I can't afford. Fair enough. When you're running a business, of course you want to keep costs down. But the fact is, you stand to lose a lot more money if you take chances of your cybersecurity than if you just get the cover that your business needs in the first place. And when you consider the fact that noncompliance with things like GDPR can mean multi-million-pound fines and carries a thorough risk to your business or reputation, spending a bit of money and protecting your data is actually the smart thing to do.
IT security is an investment, not an unnecessary expense.
Let's take a look at some statistics. Of course, it wouldn't be a podcast about cybersecurity if we didn't throw in some stats there. But according to a recent survey conducted by the Digital Culture, Media and Sport Committee, over four in ten of all UK businesses suffered at least one cyber breach in the last year. And over half small businesses have been targeted. 81% of attacks are due to employee negligence and poor password management. And the average number of records stolen per attack has risen from just over 5000 to 9350, which is an increase of 87%. And the average cost of a data breach comes in at just over £1.2 million. Now, if you think these figures are scary enough, here's one that really wants to make me cry. Around 87% of small businesses still think that they won't be targeted by cyber attackers.
Now, you might even be listening to this and thinking, yeah, but chances are it still won't happen to me. I'm going to take my chances. But please don't. It's true that smaller businesses are different to huge multinational corporations, but that certainly doesn't make them less attractive to cyber attackers. It's quite the opposite in fact. It makes them positively irresistible. Because one of the most important differences is that the big boys usually survive attacks because they've got sufficient resources to fall back on, and small businesses like yours on the other hand usually don't. About half of all small businesses that experience cyber-attacks go bust within the next six months. And the bad guys love that. Bullies pick on weaknesses after all.
If they see that you've got minimal security measures in place, they'll see it as the perfect opportunity to pick on you. It's the old analogy of I don't need to outrun the bear, I just need to outrun you. You probably all heard that one before. Perhaps one of the reasons that the average business owner takes that 'it wouldn't happen to us approach' that we usually hear about is because we only hear about high profile cases in the news.
The headlines are full of stories about cyber-attacks. But when the only names we hear, the big ones, like Facebook, Talk Talk, Netflix, LinkedIn, Carphone Warehouse, NHS, it's really easy to switch off. So let's take a look at some cases that might feel a little bit closer to home.
These are cases that were featured in The Daily Telegraph in the last couple of years or so. Now, there's a guy called Marcos Steverlynck I think I pronounced that properly, who runs an ecommerce marketplace called Rise Art. This site was subjected to several attacks, including a denial of service attack, which is a distributed denial of service attack, which basically floods the website with so much data that it can't respond and basically just shuts down. And this deliberately restricted the London based company's access to the internet. And for an ecommerce site, that's pretty bad news. So imagine your business can't access the Internet for a day or two days or a week. How would that impact your business?
Another example is a Nottingham-based plant nutrition firm Micromix was it by ransomware attack. And they were very open about the fact that they took a relaxed approach to cybersecurity prior to the event, believing that they would be of little interest to hackers. Now, their operations manager at the time told The Daily Telegraph, we felt it wouldn't happen to us. We are now far more security conscious. As we know, it's not just the Talk Talks and Tescos of the world that hackers have in their sights. And another example of an auto components manufacturer Tow Bros, fell prey to the wanna cry virus. Remember that one from a few years back? It also hit the NHS in 2017. The company had security systems in place, but they weren't robust enough to prevent the virus infiltrating their network and accessing their critical data. And their head of it told the Daily Telegraph, when we tried accessing our data, money was demanded in the form of bitcoins. It seems a little bit more real now, doesn't it? So, while you're here, I'd like to show some of the most common ways that attackers get into your network.
I've got five things here to cover, and number one is socially engineered malware. And this involves tricking users into running things like a Trojan horse programme that comes from trusted websites, where a website is temporarily compromised and delivers malware that tells the user to install a new piece of software in order to keep using the website. For example, you've probably all seen these things and they'll keep being given prompts to click past security warnings and disable any defences. And this might sound something like you wouldn't get caught out by, but surprisingly, they are believable and they're responsible for hundreds and millions of attacks each year.
And the next up is phishing. Now, around 70% of all email is spam. A huge proportion of that spam is phishing attacks created to trick your users into handing over important information. The attackers masquerade as a reputable person or organisation and they distribute links and attachments that, when opened, will steal login credentials and account details. They may even take you to a fake login site that looks like the Office 365 login, but actually isn't. And of course, if you enter your username and password into their believing that you're logging into the legit site, you've just given an attacker your email password to your account.
Next up is social media. Now, social media is brilliant. It connects us with people from all over the world, opens up a huge new commercial opportunity for businesses that wouldn't have been possible 20 years ago. But it's not without problems. And corporate hackers are always on the lookout for ways to hack into your Facebook, Twitter or LinkedIn accounts and steal your contacts or identity.
The next one, which is a really common thing that we see a lot, is out of date software. So if your software is past its sell by date and missing out on latest patches and updates, your gambling with your IT security. Technology has a way of becoming damaged in ways that aren't obvious to the untrained eye. Cybercriminals, however, can easily spot flaws in software and use them as a way into your network. So don't assume that because it seems to be working fine that you won't be at risk. And we've seen examples of that here at m3 with customers that have outdated software and the software company isn't supporting it anymore, so there's no updates and patches, but it's going to cost quite a bit of money to make the upgrade. And for the business owner, I can completely understand that. Sometimes you look at that and say, well, we're not going to get much business benefit from upgrading to the latest version of their software, but you are going to get a massive security benefit. So I definitely want to be on supported versions of all the software that you use, which is also a Cyber Essentials requirements. So if you are Cyber Essentials certified, or you're thinking about getting certified, then making sure your software is up to date and supported by the software vendor is critical to maintaining compliance.
And the final thing is mobile apps. A lot of people think that if an app is available through Google Play or the Apple App Store, then it's got to be safe. But sadly, this is not always the case and many apps contain malicious code that can steal data and compromise user's privacy. If your staff are using their own devices for work, there's potential for a data disaster.
So let's come back to the original question, then. Would your business pass my 57 minutes data Security challenge? Well, why not let's find out. When it comes to cybersecurity, you simply cannot afford to take risks and any shortcuts. A proactive preemptive approach is what's needed and it doesn't have to cost a fortune. In fact, most of the people we speak about this are actually quite surprised about how cost effective some of the most common cybercury services can be put in place for. And it's not something that's only accessible to the big companies out there. But the only way to see what it's going to cost is of course to have a conversation and find out. Start the ball rolling. So if you want to book in to have a cybersecurity challenge with me, and let's find out ways that your business is vulnerable and may be open to hack or being exposed, then get in touch. You can get in touch with me in various ways. You can call our main number, which is 01738 237001, or you can connect with me on LinkedIn. I'm easy to find on LinkedIn and the link to my LinkedIn profile will be in the show notes of this episode.
And the final thing I'm going to leave you with today is just do something, start somewhere. Please take proactive action to make sure your business doesn't fall foul of a cyber-attack that could have easily prevented.
Have a great day.
Techcess is a podcast from m3 Networks
Transcript provided by Podknows Podcasting