How to improve your cyber security

As more printers move their operations or storefronts online, and more workers base themselves at home, they’re more exposed to cyber crime and online fraud than ever before.

 Cyber crime isn’t just something that happens to other people. It’s a huge and troubling issue for many SMEs as such crime has experienced exponential growth while printers increasingly rely on digital tools to manage their business – it’s their reliance that has left them open to exploitation.

Research in the UK by the Federation of Small Businesses has indicated that there are 10,000 cyber attacks on small firms every day, with a particular emphasis on malware, phishing and payment scams – costing SMEs several billion pounds a year.

Printers at risk

Why is it so urgent for smaller companies to address this issue? For starters, larger companies usually have dedicated IT staff to head off problems and provide security, along with increased budgets for preventative security. Many small and medium print companies don’t have the scale or staff to address these issues in such a dedicated fashion, but still rely on internet connectivity to do business. 

As we move towards an ‘internet of things’, more and more of our devices are online. Carlos Fernandes, the CEO of Agile Cybersecurity Solutions, says that, “when you’re connecting devices to the internet, there are vulnerabilities. Printers often have devices on networks that get neglected. This is a critical area.” How can the print sector mitigate this?

What to look out for

There isn’t one kind of cyber attack, and they’re not all launched with the intention of taking your money. Some types of hacking are purely mischievous, others malicious – they can both cost a company money and time..

Cyber attacks can really harm any networked business – and protecting your business is not a one-off event, but a constant fight

Phishing attacks are the most common type, with scam emails growing increasingly sophisticated and hard to filter out. They’re a great way for scammers to relieve you of your money, passwords and card details. The COVID-19 pandemic has seen a plethora of coronavirus-related phishing scams, often using the promise of cheap PPE for sale.

Malware – installing malicious software on your network – has also seen some COVID-related spin-offs such as ‘news malware’. These emails pretend to be authoritative news items on the coronavirus but, when clicked on for more information, copy malware to your system that mines your personal information.

Payment scams are another other issue to look out for, while ransomware is a growing threat. The latter can see your whole system locked down and paralysed, with the actor that embedded it demanding a financial ransom to free up your network. ‘Clop’ is an example of ransomware that has been a huge issue in 2020 – it disables numerous Windows 10 features, including security software, and encrypts your computer before asking for a ransom.

The basics of protection

Knowledge and training are two of the best ways to manage your defences. As one experienced cybersecurity specialist told us, “in my experience it was often the case that the attackers had succeeded due to some pretty basic failures on the part of the SME: not updating virus software, not training staff not to click on links / attachments in unsolicited emails, not looking at the actual email address carefully enough.”

Usually, an email from PayPal or Amazon would have the domain name after the @ in the email address, not in the first half of the address. It would also be correctly spelled – so @amazon.co.uk rather than @amazom.co.uk or @amazonc.co.uk.

When you’re connecting devices to the internet, there are vulnerabilities

Think of your business network as you would your home network. Don’t have a ‘one password fits all’ approach. Don’t use easy-to-guess passwords such as 1234 or password123. Update them regularly. You can also use password software that generates very complex passwords and manages them for you. Both Dashlane and LastPass are well regarded, while the Chrome web browser has a built-in complex password generator.

Install reputable anti-virus and anti-malware software and keep it updated – set it to auto-update so you don’t forget. There’s a constant arms race between hackers and protectors, and out-of-date software may not be able to respond to the latest threats. Also ensure any staff know the do’s and don’ts of work that takes them online.

The next level

Passwords and secure software are only two factors, however. Think about all the different ways you go online, and what would happen if, due to an external attack, all that came crashing down. If you use your smartphone regularly for business purposes, make sure it’s passworded, up-to-date and that you don’t connect to insecure wi-fi hotspots. For example if you are a sales representative in a coffee shop with your laptop raising an urgent quotation you should use your phone as a hotspot instead of using the free wi-fi. 

Are your social media accounts secure and strongly passworded? Are your databases regularly backed up so that you can access them again if they’re hacked? It’s best to imagine a worst-case scenario so that you can plan for how you’d recover and respond.

The Government-backed Cyber Essentials scheme is another path worth considering. This is a certification that protects against the most common types of cyber attack. You can self-asses, or opt for Cyber Essentials Plus, which includes a hands-on technical verification. While it tells your customers that you’re taking care with your security, it does come with a significant cost, which varies depending on your business size. 

The key takeaway here is that cyber attacks can truly harm any networked business – even if you only use the internet to email customers – and that protecting your business is not a one-off event, but a constant fight. As Carlos Fernandes says, “there’s no such thing as 100% security. It’s an ongoing challenge. We talk about the three pillars of predict, prevent and persist, rather than just responding after an event has occurred.”

Tips from the UK National Cyber Security Centre:

1. Set up your risk management regime

Assess the risks to your organisation’s information and systems with the same vigour you would for legal, regulatory, financial or operational risks.

2. Network security

Defend your perimeter and filter out unauthorised access and malicious content.

3. User education and awareness

Produce user-friendly security policies and include in staff training/

4. Malware prevention

Establish anti-malware defences across your business

5. Removable media controls

Limit media types and use. Vet before allowing on to system. 

6. Secure configuration

Apply security patches and ensure the secure configuration of all systems is maintained.

7. Managing user privileges

Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. 

8. Incident management

Establish an incident response and disaster recovery capability. Test your incident management plans. 

9. Monitoring

Establish a strategy, monitor systems and networks, and analyse logs for unusual activity.

10. Home and mobile working

Develop a policy and train staff. Apply secure baseline and build to all devices.