Tech Results

Gone ‘Phishing’ – Why You Should Never Take A Break From IT Security

We all need to rest, but there’s one thing you should never take a break from, and that’s your IT security. Here’s how we’re catching cyber criminals before they catch you out…

According to the 2024 Gov.uk Cyber Security Breaches Survey, half of all businesses report having experienced any kind of cyber security breach or attack in the previous 12 months (rising to 70% and 74% of medium and large businesses respectively). What these stats tell us, is that businesses of all sizes have to be extremely vigilant, and no organisation is safe from the ingenuity of cyber criminals. Cybercrime can result in financial loss, data breaches and loss of reputation. It’s a costly business, so how can you protect your data?

Phishing is one of the most prevalent types of cyberattack where attackers impersonate legitimate entities (such as banks, social media platforms, or government agencies) to trick individuals into revealing sensitive information such as usernames, passwords, credit card numbers, or other personal data. Phishers use various tactics to make their messages appear legitimate, such as using official logos, URLs, fake logins, or employing urgent language to create a sense of urgency. There’s a good chance you’ve encountered phishing emails, text messages, or phone calls before, but as they can be very convincing, you might not have even noticed, until it was too late.

Microsoft 365 is not as secure as you think

Microsoft 365 and other platforms have a ‘report’ functionality that allows you to block suspicious emails and the address they come from, but that relies on careful scrutiny from the recipient, which is just not a realistic expectation for businesses and their busy staff members. Despite being one of the most widely-used softwares on the planet, Microsoft 365 has its vulnerabilities, in reality, there are a huge number of configuration changes that need to be made to ensure that your data isn’t stolen by hackers through the platform. A simple click of an email can result in severe data loss and denial of access to your email services, which could cost hundreds of thousands, or even millions of pounds to remediate. This would be a devastating cost for a small business. That’s why Tech Results developed our robust security software to add additional protection to the out-of-the-box Microsoft 365 platform.

Our software automatically blocks connection when a user clicks on a compromised 365 link, preventing users from accessing dangerous websites and warning them not to continue. And it goes a lot further, by allowing businesses to lock down permissions that are automatically awarded by 365 to its users. This additional layer of security means that you are much less vulnerable to phishing attacks.

Simple training to prevent hacking

Another area to be sure that you’re managing is your staff’s training. Your staff are the first line of defence against hackers. Clicking on malicious emails is the biggest reason hackers are able to access systems, so you need to train all of your staff to act as a human firewall. We call this phishing training. It’s not expensive, and it’s a simple process where we send people faux malicious emails, training them to recognise the signs. Alongside this, we provide regular training, which only takes a few minutes, to keep this front of mind for your staff. This is important because hackers are constantly evolving the clever tactics to manipulate you into clicking, and simply clicking on an email can in some cases lead to a devastating cyber attack. Unfortunately, small businesses are an ideal target for this type of attack, because they don’t have a team of people to manage their cyber security and ensure that they stay safe. So it’s even more important that you get these tools in place.

In summary, make sure that you have your Microsoft 365 account optimised for the best security configuration, which is not the default. And ensure your staff have regular phishing Cybersecurity Awareness Training. This needs to be front of mind, because it’s the biggest risk to your business.

Here are some additional tips to prevent you being reeled in by phishing attacks:

1. Have a cyber security assessment
When is the last time you did a cyber security assessment? Do you know the holes in your security? If not, it’s time to get familiar so that you can start to plug them. We have a range of cyber security audits depending on your needs, from Cyber Essentials, to full security reviews. 

2. Improve awareness in your organisation
Scams are ever evolving. Keeping abreast of current and ongoing scams is essential to prevention. Investing in training for your employees and providing them with regular updates could help them identify suspicious emails, messages, or phone calls before they become a problem.

3. Multi-factor Authentication (MFA)
MFA should be in place wherever possible, providing an additional, unique ‘set of keys’ for criminals to have to get past before they can gain access to your valuable data.

4. Keep software updated
Software updates include the newest security measures based on recognised scams, so ensure you automate regular updates in order to patch known vulnerabilities that attackers could exploit.

5. Implement ‘zero trust’ software
Zero trust software requires continuous authentication to prove it’s you that’s really trying to access the data, minimising the risk of access by an unauthorised person.

Gov.uk’s research highlights that due to an increase in hybrid working, businesses are under greater pressure to maintain security virtually, and the risks for breach are significant when devices are not managed effectively in a hybrid environment. Unfortunately, due to the impact of higher costs on businesses, cyber security is being overlooked by many as a priority. A lack of knowledge and time are also proving to be barriers.

It only takes one breach of security to stir up the waters of fraud and create ripples throughout your organisation. If you need help preventing phishing from becoming a problem, Tech Results is here to help you find the most appropriate solution for your business.

You’re in safe hands

Tech Results provide businesses with the freedom to thrive. If you’re in need of further IT advice, get in touch.