1. What are the types of Cyberattacks?

• Malware Phishing – Tricking a user into downloading a malware attachment.
• Ransomware – Links into Phishing, Criminals Encrypt data then ask for money to decrypt
• Vishing – Trying to extract valuable information/bank details by pretending to be someone else over the phone.
• Spear Phishing – Researching a high value target(in Finance etc), developing a convincing backstory with personal information and intercepting an email conversation.
• Business Email Compromise – Using a phony email with a contrived pretext to request payment
• Clone Phishing – Replacing a single element of a legitimate email with malicious one to create a nearly identical email.
• Smishing (SMS + Phishing)- Delivering a malicious link via a short code to a Smartphone
• Pharming – Rerouting a legitimate traffic to an attackers page.

2. Why has there been an increase in Cyber Attacks?

• Attacks have tripled since 2020.
• Remote Users are being attacked because they are more vulnerable, are working disparately and separated from their processes & colleagues
• Reliance on Technology During the Pandemic – Technology can be easily used to impersonate
• Home machines are more vulnerable/Used by more than one person/Not Patched or Updated

3. How to increase awareness within your organisation

• People are the weakest link
• Clear IT Security Policies at induction, plus reporting procedures
• Regular Staff Training to ensure staff are aware of the latest threats
• Highlight attempted email scams so staff can know what to look out for
• Alerts work well for creating awareness

4. How to protect your organisation in remote working situations

• Agree policies that relate to all devices/BOYD policy/Protection
• Strong security policy to enforce user and device rules
• Strong password policies should also apply to 3rd party applications being used in the business, like CRM applications and Finance applications.
• Conditional Access based on user location

5. Which Threat Protection Solutions do you need?

• Anti-Virus – The best products are paid solutions with proven detection rates/Make sure that you include phones, tablets, laptops/Our recommendation is Webroot.
• Advanced Threat Protection (ATP) – ATP solutions block attempts to attack your network through inbound/outbound email in real-time. Security policies can be defined at individual and department level to meet the specific needs of your business.
• Multi-Factor Enablement – This is activated within the application itself/best practice to ensure your application is secure, particularly if you store personal identifiable or finance data.
• Data Loss Protection – For those organisations that have more stringent compliance. DLP is a built-in feature of Office365/activated through the management console.