Scammers and cyber criminals use every tool they can to access data and gain control of computers and mobile devices.
That means businesses and employees must be on guard constantly, treating every email, every phone call and even text message with extreme caution.
Here are some of the techniques they use and how to avoid falling victim to them
Email phishing
Phishing scams try to trick you, and sadly, many people fall for them, getting their passwords, account details and business data stolen.
They may pretend to be from your bank or a company you know and trust; that is why it is good practice to treat every email with suspicion, especially those claiming to have noticed suspicious activity in your account or asking for personal information, as well as those asking you to click links.
In the case of ‘spear phishing’, these emails will appear to be targeted at you.
How to protect yourself and your business from phishing and Spear Phishing scams:
Protect your devices with security software (and set it to update automatically)
Protect your accounts by using multi-factor authentication; this can either be something you have, such as a passcode sent to you via a security key or something you are, like a fingerprint scan, retina or facial scan.
Back up your data regularly to a trusted cloud-based storage solution or an external hard drive.
Whaling
Whaling is similar to phishing but aimed at the highest members of an organisation, such as executives and senior managers, particularly those in financial and payment-related businesses.
A Whaling attack can be well-researched and sophisticated, containing personal information, a sense of urgency and often a solid understanding of the industry’s technical terms and tone. They can cause devastating damage to a company’s reputation.
How to protect yourself and your business from whaling attacks:
Training and awareness at the highest level
More training and awareness, including regular refresher courses
Flag emails that are not from your network automatically
Consider making social media profiles private
Invest in data loss prevention measures and protocols
Smishing
Do we treat the danger of SMS or text-based ‘smishing’ with the same levels of diligence as we might with email phishing? Many might not and fall prey to revealing personal information such as credit card numbers and passwords or downloading malicious programs to their work mobile devices.
How to protect yourself and your business from smishing attacks:
Treat so-called urgent security alerts, offers and deals with extreme caution
Remember, no reputable company will ever ask you to confirm banking details, ATM pin codes or account information via text message.
Avoid storing bank details on smartphones; if the information isn’t there, it can’t be stolen.
Be wary of unfamiliar or suspicious-looking numbers
Vishing
Vishing or voice calls are one of the most widely used methods by fraudsters looking to access data, bank details and personal information.
Many scammers are incredibly good at gaining confidence; combine that with an exponential rise in remote working and the ease with which scammers can access basic information about any of us, and it is easy to see why so many are caught off-guard and fall prey to the (friendly) voice on the end of our phones.
How to protect yourself and your business from vishing attacks:
Calls from your bank or official agency are a mobile number; it is almost always a reason to be suspicious
Check the number even if it appears to be genuine. An automated caller ID is no guarantee of a legitimate call.
If the caller asks for money, mentions a deadline or tries to ask about confidential information, that is a sign of vishing.
Refuse to install software on your devices to fix an alleged problem if prompted to do so
If you would like to learn more about how to make your business stronger against the threat of cybercrime and data theft, I’d love to help. Get in touch today to schedule a free chat.
Threats to our technology come from many different sources, and protecting our data can seem like a never-ending job. It is.
It has been well documented that cyber security increased during recent years in personal attacks and those targeting businesses. The National Cyber Security Centre (NCSC) state in its annual report that there has been an increase in online threats.
Whether we use desktops, laptops, tablets or other mobile devices, they all rely on a range of good housekeeping measures to attain the best possible levels of cyber security for the business and the data it handles.
What is Cyber Security?
Cyber security refers to protecting electronic devices, computer systems and entire networks against data loss, theft or corruption. That might even involve disruption to the business and its services, expensive legal proceedings (in the event of a data breach) and irreparable damage to a business or brand.
As we can see, cyber security is a vital tool for GDPR compliance and the business itself.
With those things in mind, here are just a few important things to ensure you’ve got it right.
Move away from unsupported software.
Software, including operating systems, apps and free trial versions, almost always comes with a limited shelf life. That might not always mean replacing them, but it does mean keeping them up to date, replaced or subscribed to in order to access support and updates.
Always download and install the latest software and app
The latest software and apps are vital. The landscape of cyber security changes daily, with new threats emerging all the time. These threats can take advantage of vulnerabilities in even the most well-known software and apps; updates address them.
Run up-to-date anti-virus (even on a Mac)
One of the most important aspects of IT security is the software designed to identify, locate and remove dangers to your IT infrastructure. Keeping it up to date will ensure the barrier between your data and cyber criminals is as robust as possible.
Yes, it can be a hassle… Those long, alpha-numeric passwords with a capital letter here and there and some symbols are thrown in for good measure. However, they are infinitely more robust than “Password123” or the name of your favourite cat that you might have shared on social media.
Most modern browsers and even some ingenious software apps offer to remember them for you, too, safely and securely.
Two-Factor Authentication
Two-factor authentication sends a message, often to a pre-agreed mobile number or alternate email address. Typically it includes a code or link that forms part of a two-stage login process for websites, apps and software.
You enter your login credentials at stage one.
You enter the code or click the link sent to you (and only you) at stage two.
Delete suspicious emails and avoid clicking links
The human element is one of the weakest links in data loss, making training and awareness important for your teams. Phishing emails can seem incredibly realistic, and sadly, many people fall for them, clicking links that install malware or give cybercriminals access to your data.
Back up your data
It is good practice, and it makes sense. Many IT hosting platforms perform several backups daily for the clients they work with, but for smaller businesses, it isn’t difficult to set up. Backups are one of those things, you might go years with no need to for them, but when you do, you really do.
For help and advice on backing up your data, get in touch.
Training
Even the most secure and up-to-date systems are at risk if people are not trained to get the most out of them. Training your team on cyber security awareness is important. Not just from a hardware point of view but from risks such as social engineering, phishing attacks and the use of deception by cybercriminals to obtain confidential information.
If you would like to learn more about how to make your business stronger against the threat of cybercrime and data theft, I’d love to help. Get in touch today to schedule a free chat.
In today’s digital age, data protection is not just a legal requirement but a cornerstone of trust and reliability in business. For micro and small businesses, managing data protection alongside many other responsibilities can be overwhelming.
In the digital era, where data breaches and compliance fines are a real threat, the need to delegate data protection to a specialist becomes paramount. For small and micro businesses, navigating the complexities of data protection laws such as the Data Protection Act 2018, UK GDPR, and PECR can be daunting. This is where the significance of delegating data protection comes into play.
Here’s why a specialist is indispensable:
Expert Knowledge: Data protection specialists are well-versed in the intricacies of laws and regulations. Their expertise ensures that your business remains compliant, avoiding costly legal pitfalls.
Risk Mitigation: Specialists in data protection are adept at identifying and addressing potential security vulnerabilities, significantly reducing the risk of data breaches and the associated financial and reputational damages.
Focus on Core Business: By delegating data protection, your business can concentrate on its core competencies, which are essential for growth and sustainability.
Cost-Effectiveness: Investing in a specialist is often more cost-effective than managing data protection in-house. It saves resources spent on training and keeping up with evolving legislation.
Customer Confidence: Demonstrating a commitment to data protection through a specialist can significantly boost customer trust and loyalty, as it shows a dedication to safeguarding their personal information.
Why Choose Michelle Molyneux Business Consulting?
Choosing Michelle Molyneux Business Consulting for your data protection needs is a decision that offers both peace of mind and strategic advantage. With their deep understanding of data protection laws and a track record of effectively managing risks, they provide a service tailored to small and micro businesses’ unique needs. Their proactive approach not only ensures compliance and security but also positions your business as trustworthy and responsible in the eyes of your customers. Partnering with Michelle Molyneux Business Consulting means you’re not just meeting legal requirements; you’re elevating your business in the realms of security, trust, and professionalism.
As business owners, we are specialists in our own right. But we do not know everything – no matter how much we Google. Sometimes, it is too time-consuming to do it ourselves, too technical or just brain-numbingly boring. That is when we need to look externally for help, either as a long-term solution or as a short burst of guidance using a consultant. But getting that help can be a project in itself. How do you find the perfect fit?
Businesses get accreditations to show they have met a certain standard within a certain area or sector. Some accreditations include CHAS (health and safety), Data Security and Protection Toolkit (Health and Social Care), PQASSO.
The Data Security and Protection Toolkit is a self-assessment that shows commissioners and CQC that you have met a certain level of compliance in data protection.
Where do I start?
One of the hardest parts of getting accreditation is to decifyer what they are looking for and then collating it all.
Getting material together for an accreditation can be difficult and time-consuming.
What is Accreditation Support?
We work with a business to work through the accreditation instructions, identify what documentation you need and collating in a logical way ready to submit.
What do we do?
We breakdown what the accreditation requirements into;
a list of documents you need
easy to understand questions to be answered to provide evidence
schedule online sessions in to ‘blast’ through the questions and collate the evidence, where necessary
complete the questions and upload the evidence provided
We will even help identify what material is missing and support you to create AND implement it in the organisation.
Guarantees
We can not guarantee accreditation, as this is based on the answers and information provided by the businesses. Unfortunately, we can’t get accreditations when information and material is not there. BUT we can work with you towards gaining accreditations.
If you would like to know more, book a free 30 minute chat to see how we could support you best.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
