Strengthening the security of your Microsoft 365

The pressures of running a business are many, and – with the unprecedented times that we are living in thanks to COVID-19 – these issues are being accentuated even further than normal. But these matters cannot distract you from what should be one of the most important concerns in every business - cyber security.

Most don’t realise the importance of cyber security in a business. Recent figures show that ‘64% of companies have experienced web-based attacks’¹ and, astonishingly, ‘Despite nearly one-in-five (18.5%) of small businesses experiencing cyber attacks or data breaches, 60% of those surveyed SMB owners think their businesses aren't a likely target of cybercriminals’ which is simply not correct.

Cyber criminals are now using ever more elaborate means of attacking vulnerable systems. This is partially due to the change in the way many of us work, as a lot of organisations were forced to adopt a remote work team in order to continue trading when COVID-19 struck, opening the floodgates for cyber criminals to target users. Often, when not in the work setting, systems are more susceptible to attack.

Whatever sector your organisation resides in, your IT systems are the key to your organisation’s sensitive data and therefore success - if that system comes under attack and you cannot adequately defend it your business is in big trouble. Most businesses have customer information, intellectual property and bank details on their systems, and cyber criminals will do anything to get their hands on them.

Being a small business doesn’t make you immune.

Thinking that you aren’t in the cyber criminal’s scope because your business isn’t large enough to warrant attack would be a big mistake. Arguably, the smaller your organisation is, the higher the likelihood of a cyber attack, as small businesses rarely have the technical infrastructure or budget to implement adequate defences. Now, that doesn’t mean go and break the bank by spending obscene amounts of money on a security system that wouldn’t be out of place in a bank, but it does mean that it is time to explore the various cost-effective methods on the market that will benefit a business of your size.

With email phishing and Ransomware attacks being the most common of cyber breaches (resulting in financial loss within a small business), it could never be more important to defend the areas of your IT infrastructure that are the most vulnerable to these types of attack. Let’s explore the vulnerabilities of Email.

The vulnerabilities of Email

For most businesses in the world Email is their chosen choice of communication. Without it some organisations would simply cease to be. No matter the cyber security measures you have in place there is no escaping the fact that your system must stay open to a certain degree to allow for the necessary inbound and outbound email traffic.

It is getting more and more difficult to determine a malicious email from a genuine one - two of the most common forms of email phishing attacks include:

The cyber criminal masking themselves as a known brand or company

As common as this form of attack was before COVID-19 its commonality has grown considerably over recent months. During the COVID-19 pandemic, countless fraudulent emails were sent impersonating HM Revenue and Customs (HMRC) – ‘dangling the carrot’ of tax rebates and support funds to draw in unsuspecting victims.

The cyber criminal masks themselves as a company employee or director

It is hard to understand how it is possible to do this as users know their employees and ‘E’ signatures are used to ensure that emails are coming from the correct source. We will explain this in more detail using a hypothetical example based on a real-world form of attack.

A well-known company was targeted and fell victim to a cyber attack, when the cyber criminal masked themselves as the financial director of the company. They did this by sending an email to the finance team – impersonating the CFO’s personal mailbox – instructing immediate payment of a substantial sum of money to a particular account. The email even contained the CFO’s correct and full ‘E’ signature. Understandably, the finance team did as instructed and paid the full amount to the cyber criminal without question.

How Ransomware can slip through

Ransomware is designed with the intention of removing access to your data. It does this by encrypting your files behind a secure ‘key’. The aim of the cyber attacker is to hold the ‘keys to your system’ and hold your files to ransom – demanding money in exchange for returning your access.

Do you need advice on how to protect your systems against cyber attack?

Ensuring your systems are secure – 1-Fix

Our team of specialists at 1-Fix offer a range of business IT services ranging from desktop to server management, to network design and cyber security assistance. Our experts want to become a vital member of your team and help you strengthen the security of your Microsoft 365 ecosystem. We can help you achieve a level of security that allows you to feel confident 100% of the time that you are not going to be a victim of a cyber attack. Please do not hesitate to contact the 1-Fix team for a conversation on any aspect of your IT.

¹ https://thrivedx.com/resources/article/cyber-security-facts-statistics?referrer=cybint.

² https://www.thesslstore.com/blog/15-small-business-cyber-security-statistics-that-you-need-to-know/