For business management solutions email us or call 020 3004 4600

Cyber-attacks: the mistake no business wants to learn from

When will British businesses learn that they need to get their act together and stop exposing the British public to unnecessary privacy and security risks? Read through the pages of any major newspaper and you’ll see organisations, big and small, falling for the same sorts of cyber-attacks over and over again. 

Just last month, the head of the National Cyber Security Centre (NCSC) Ciaran Martin, boldly declared that a major cyber-attack on the United Kingdom was not a matter of if, but when. And yes, he said this after the U.K. experienced one of the worst cyber-attacks in its history, the WannaCry ransomware assault that crippled the NHS for a whole week in 2017. Thankfully, on a scale of ‘forget about it’ to ‘this is the end’ the attack fell somewhere in the vicinity of ‘thank heavens nobody died.' In all seriousness though, the fact that there was “no risk to life” was the only reason the attack got away with being classified a C2, rather than a C1 (a C1 is the most severe classification a cyber-attack can get). But what if there had been a risk to life? It certainly isn’t impossible to imagine, after all, there were 37 NHS Hospital Care trusts infected, with ambulances having to be redirected to different A&Es and a staggering number of critical operations being cancelled. Britain should consider itself lucky none of these mishaps resulted in any lives being threatened. 

You'd think after experiencing such an attack, the NHS would have done a complete 180 and beefed up their cybersecurity to a standard befitting an organisation that performs a critical public service and holds mountains of extremely sensitive information on the majority of the British public. Unfortunately, that isn’t the case. In the parliamentary hearing that took place after the WannaCry attack, the Department of Health (DOH) admitted that despite increases in their security provisions, all 200 trusts failed to meet standard cybersecurity requirements.

Now before you go and ready the pitchforks, the NHS is just one very obvious example, and to be fair to them, they are an organisation that does a great deal of work with minimal support. Should they do better? Yes. Can they? Of course. Are they the only organisation in England letting the country down when it comes to cybersecurity? Not even close. As Philip Hammond warned earlier this year, cyber-attacks are on the up and up, both in frequency and severity and it's time British firms seriously considered their role in preventing these types of attacks from happening. 

So, how can your business protect itself from serious cyber-attacks and stop making the mistake every other business seems to be making?

An IT Security Partner: the affordable and effective security solution

One of the reasons small businesses struggle to protect themselves against cyber-attacks is because they lack the human and financial resources of large private firms. If you're an SME, you know having a dedicated, in-house IT department is a huge financial investment.

Often, SMEs resort to 'Steve' in finance, who being quite nifty with excel and a desktop, gets tasked with installing the business’ anti-virus software and making sure the Wi-Fi is working. Steve – as helpful as he is – should not be your first line of defence when it comes to protecting your business against a cyber-attack. In fact, Steve shouldn’t be involved at all.

Bring in the partner

Even if your business does have a small IT department, the reality is that they are unlikely to be familiar with security best practices and the overall threat landscape. It’s got nothing to do with them being bad at their job and everything to do with the speed at which cyber criminals adapt and enhance their tactics. Having a dedicated partner that is constantly keeping themselves abreast of the latest in cybersecurity ensures your business has an up-to-the-minute understanding of what malicious software is out there and ready to strike. The sheer fact that we live and breathe security every day of the week gives us an incomparable advantage to any in-house SME IT team. 

And it doesn't have to be a case of your IT team versus our IT team. Any cybersecurity partner worth their weight will happily work alongside your existing IT department to support and advise them; coming in as and when they are needed to run complex projects that enhance your business' security the second new threats enter the equation. 

Why we recommend Microsoft

Part of the reason we align ourselves with Microsoft is because we respect and admire the level of dedication and care they take when it comes to building products that meet rigorous security test.

Take a product like Microsoft 365 (M365). M365 is an integrated productivity solution that brings together Office 365, Enterprise Mobility + Security and Windows 10 so that SMEs can work in a secure and creative environment. An end-to-end solution, M365 is built to integrate with the way businesses are working today; mobile and cloud first. It offers enterprise-level identity protection, information control and protection, proactive attack detection and prevention, and regulatory compliance. And, most important of all, it won’t break the bank (subscriptions administered by Advantage start from as little as £20 a month, per user).

But wait, there’s more

Security with Microsoft doesn’t just stop at M365. SMEs can also add Microsoft Azure’s security services and supercharge their cyber defences so they are on par with many of the world’s leading organisations. Azure allows you to be a small business with a big (cyber) army. For example, Azure’s Security Centre gives your business the ability to centralise policy management, meaning you can set how your business complies with any regulatory security requirement no matter how specific to your industry or geographical region it may be.

Additionally, Azure’s Security Centre provides businesses with the ability to continuously monitor the integrity of their machines, networks, storage and data services, as well as any applications. The actionable recommendations function identifies any potential security vulnerabilities and guides you through a step-by-step process for addressing those issues. This self-diagnosis, self-help model means your first line of defence against a cyber-attack isn’t poor old Steve in finance, but a robust Microsoft driven AI that’s on the look-out for everything from endpoint protection through to network stability. Add to this a dedicated partner – like Advantage - that has the ability to implement even more tailored cybersecurity tools – such as WatchGuard, Mimecast, Symantec and Webroot – and your business is in as good a position as possible to face what is sure to be a turbulent, cyber-attack filled year.

Lesson learnt

It’s going to happen. I’ve told you, Ciaran Martin’s told you; even the Chancellor of the Exchequer has told you. It’s not a matter of if, but when, and that when could be as soon as today.

It’s time your business took advantage of the fact that the technology available to protect your businesses has never been this easy or affordable to access: with Microsoft’s help, you can be small but act big. If you still think your business can survive 2018 attack-free with your current security infrastructure then I’m sorry to say, you've yet to learn the big lesson of 2017.

To find out how Advantage can help you keep your business' critical data and IT systems secure click here.

Words by Camilo Lascano Tribin