fbpx

Author: matthew

Is the Internet of Things a Doorway into your business?

The Internet of Things presents many opportunities for businesses of all sizes in terms of productivity, profitability, and development. Alongside the advantages are some risks that every business should consider and act upon. 

 

Most businesses consider a level of cybersecurity, but have you thought about how you can secure devices and Internet of Things software?

 

You’ve installed anti-virus software, defend against malware attacks, have security measures in place like 2fa, cycle your passwords regularly, and so on. But have you considered what other means there might be for threat actors to access your systems? Those are the people who will make cyberattacks against your business. 

And here’s the thing. They only have to get lucky once. They’s try, try, try again to get into your business through a variety of means. Some of these hackers will have preferred methods, some will have a clear MO. 

 

Internet of Things

What is the Internet of Things?

Put simply, it falls into two categories.

Firstly, software that shares data with other software and devices. And there’s a lot of it. In general terms, it manages data, processes, projects, and people. It sits in the cloud and accesses various systems in your business.

This directory lists a range of IoT software.

 

Secondly, devices. These are non-standard computing devices that can connect wirelessly to your network and transmit and receive data. 

Here are a few examples of devices in the Internet of Things:

  • Smart Mobiles
  • Smart refrigerators
  • Smartwatches 
  • Smart fire alarms 
  • Smart door locks 
  • Smart bicycles
  • Medical sensors
  • Fitness trackers
  • Smart security system

Are you cycling your passwords? Are your employees and anyone else with access to your systems doing the same? Your policy should be clear about what you expect, frequency, and how you audit that. And proper training is crucial. 

 

But that may not be enough to deny a hacker access through your Internet of Things (IoT) devices and software. How secure is your fire alarm, for example, if it’s connected to the internet. And do your staff need to have their fitness watches or phones connected? The more doorways you have, the more likely it is that someone can break into your business systems.

 

To use an analogy, no matter how much you try and keep your pet dog out of the living room and off the sofa, you’ll always fail in the end. The dog will keep on trying until he’s successful. Fido only needs to get lucky once. 

 

Threat actors behave in exactly the same way. They’ll keep on trying, maybe lose interest for a while as they seek out easier prey, and come back and try again. So your unending task is to make sure that they can’t get into your systems, and that means embedding an effective strategy that’s implemented across your business. And that’s where we come in!

 

 

 

Cybersecurity, risk assessments and GDPR

Cybersecurity, risk assessments and GDPRYou might think that cybersecurity is something that large enterprises and nation-states need to worry themselves about, but the small and medium-sized business sector is just as at risk from cyber attacks as any other business, NGO, or governmental organisation.As an SME you’ll be aware of GDPR and the responsibilities that come along with it. Part of the requirements for GDPR compliance includes a risk assessment and for every business to take the necessary steps to keep personal information safe and secure.The language that you use as an SME owner is different from how the director of a large enterprise might speak. Your computer system might be referred to as critical infrastructure or systems networks. Whatever the differences, the security risk to all businesses from cyber attacks is rising, and unlikely to ease anytime soon.If you receive suspicious messages, you can report them to the National Cyber Security Centre 

Cybersecurity Risks the SME sector must consider

Malware

This encompasses many of the more common attacks, including viruses, trojans, worms, ransomware, and spyware. All of them seek to enter a computer system to usually do one or more of three things: deny access to parts of the network, steal information from hard drives, and disrupt a system so that it cannot be operated.

Phishing

These are extremely common, and most people will have seen them. This is where fraudulent emails or messages are sent from a supposedly reliable source. Amongst the more common are fake emails from banks asking for login details, or messages from Royal Mail or couriers asking for money to make a missed delivery.

Man in the Middle

This is where an attacker takes advantage of vulnerabilities in a network- like a public network- to position themselves between a visitor and the network and intercept traffic. It’s very difficult to detect, and the user thinks that they are sending sensitive information to their intended source.

Denial of Service(DoS) Attacks

These work by overwhelming a system by flooding it with traffic that overloads resources and bandwidth. This means that the systems are unable to respond to requests for service. These attacks can be launched externally, or from infected machines within the network. This is known as a Distributed Denial of Service Attack (DDoS)

SQL Injections

An attacker will insert malicious code into a server using Server Query Language(SQL), which forces the server to deliver protected information. Website comment or search boxes are particularly sensitive to this kind of attack.

Zero-Day Exploit

Zero-Day Exploit attacks are often reported in the news. This is where a new or recently announced update to a system has been announced, and before a patch or upgrade can plug the gap. Attackers will constantly monitor systems for such vulnerabilities, so this is very much a proactive approach to cyber threats.

Password Attack

There are very many versions of this type of cyber attack, from brute force attacks to gaining access to password databases. We’ve all read about these in the news, particularly when banks are successfully attacked.

Cross-Site Scripting

The attacker will send a scam email injected with code to their victim. The victim visits the genuine website which activates the code, sending private data like login details to the attacker. The attacker can then access the genuine user account- often a bank or online shop where personal information or bank details can be stolen.

Rootkits

These are found inside legitimate software, usually through email attachments or downloaded from insecure websites. Once installed, the software is activated by action or by the attacker, and personal information, keys, and passwords can then be stolen.

Internet of Things(IoT) Attacks

There are billions of devices connected to the internet, from computers and servers to central heating controls, phones, and even light bulbs. All of these devices are vulnerable, and most are not prioritised in the same way from a security standpoint as critical infrastructure or computer systems.

Cybersecurity, risk assessment and GDPR

3 Steps to Better Cybersecurity

In the face of so many potential cyber threats, it might seem like there isn’t much chance of avoiding attack, but there are steps that you can take to mitigate, if not remove the risk to your business.There may be a cost to some elements, but consider the impact on your balance sheet if your information security is compromised,or worse, breached and you suffer a significant data theft.Even the smallest business keeps information that falls under data protection laws. That might be for a member of staff, a client database, bank details in your accounting system. Payments software that might collect direct debits, or a larger customer database if your business is consumer-facing.

Step 1: Cybersecurity Risk Assessment

First of all, it’s important to understand the risk to your business. Conducting a risk assessment will help you to understand your systems and their weaknesses and the threats to them. You will understand the level of personal data that you are managing, and whether you need to appoint a controller and processor according to GDPR.And with risk assessments completed you will have the information that you need to make informed choices about the level of risk to your business, and the changes that you will need to make.

Step 2: Putting Systems and Security in Place to counter cybersecurity risks

Securing your business from attack isn’t simply about spending money on expensive software, It’s about systems and processes as well. Many of the types of attacks that we’ve mentioned rely on people doping things like opening malicious emails or messages. These attacks simply go round antivirus and security software, and by the time anyone realises, the damage is done. So considering your working practices is just as important.For example, do staff use their own devices (even if they shouldn’t), do you have a work from home policy, and how have you secured it? Can company devices like laptops access insecure networks, or are they prevented from doing so? How do you manage software and hardware updates? Of course, there is an element of cost in terms of keeping software up to date and replacing hardware regularly so that it is not vulnerable simply because of its age.

Step 3: Training, Accountability, and Review

Regular training and updates on cybersecurity with your team will embed what is required of them to keep your business safe and help them to understand how important it is to follow the processes in your organisation. It also allows for accountability, so that everyone is motivated to stick to good practice. You’re then in a strong position to manage expectations so that your hardware is used for its intended purpose, reducing risk, and identifying training needs going forward.Periodic review keeps you up to date and allows you to take into account new staff, updates to software and systems, and changes to your business operations. So your cybersecurity becomes a proactive part of your operations.To take a look at your cybersecurity and to arrange a review drop us a line, or take a look here for more info about GDPR

Tech Tuesday Week 24

Tech Tuesday Week 24

This week on Tech Tuesday, Team 39D visit a client in Dunton and let you spend the day with them. The team were starting their preparation work for interconnect to be put in between two units. Team 39D were pulling in a 200m fibre link between two of their units to help improve connectivity.

Visit our website www.39d.co.uk

Call us on 01279 800 039

Get in Touch With Our Team

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

The Trusted Business Community Association

The Trusted Business Community Association

This week Team 39D would like to introduce to you The Trusted Business Community Association, where Members Reputations Meet The Expectation of Their Clients. The founder of The Trusted Business Community Association is Called Sean Hewitt, Sean founded the Association 8 ½ years ago. 

Sean started the Association as he recognised that although businesses were offering a quality service, there was little on offer to express this through being accredited. Giving the accreditation brings consumer confidence to those in membership by The Associations endorsement of their brands, placing themselves ahead of the competition due to our interviewing of each would-be member that includes a vetting and verification process before they can join. Sean helps connect businesses with one another all around the UK, to help businesses gain new clients and contacts. To make sure Sean only recommends the best of the best, part of his process is vetting everyone’s businesses. At The Trusted Business Community Association, they recognise the need for standards and safety for everyone within the association. Sean has even completed courses to understand domestic abuse in and around the workplace to know that all his businesses and staff are acting correctly in the environment. 

The Trusted Business Community Association is all about building trust and community to help promote good business practices and services. Being part of the Association brings together the best in the business to collaborate with each other, whilst the Association works on the reach and exposure to the wider audiences across social media on their behalf.  To find out more information on how the Association for SME’s can assist your business growth, do get in touch via their website below:

The Trusted Business Community

Get in Touch With Our Team

[contact-form-7 404 "Not Found"]

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

Tech Tuesday Week 23

Tech Tuesday Week 23

In this weeks Tech Tuesday, Mitchell talks about how we print our ID cards in house using an inkjet printer. He also talks about the technology used with in the passes!

For any advice get in touch with Team 39D today!

Call us on 01279 800 039

Email us at [email protected]

Visit our website www.39d.co.uk

Follow our other social media platforms:
https://lnkd.in/dr–aBr
https://lnkd.in/dUM6mhf
https://lnkd.in/dRhMb_r
https://lnkd.in/gNW3J_X

Get in Touch With Our Team

[contact-form-7 404 "Not Found"]

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

Tech Tuesday Week 22

Tech Tuesday Week 22

In this weeks Tech Tuesday Mitchell our network Manager demonstrates how we test defective network cables and diagnose faults within a network, using a network tester. If you are facing network problems get in touch with 39D now!
Call us on 01279 800 039
Email us at [email protected]
Visit our website www.39d.co.uk

Follow our other social media platforms:
https://lnkd.in/dr–aBr
https://lnkd.in/dUM6mhf
https://lnkd.in/dRhMb_r
https://lnkd.in/gNW3J_X

Get in Touch With Our Team

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

Tech Tuesday Week 21

Tech Tuesday Week 21

With people working on more Cloud systems, and the big exit from cities over the last year and moving to more rural areas, it is more important to have a backup for your Broadband. However having the right 4G and 5G provider is important. We can provide a survey to ensure a reliable backup service is there when you need it. Get in touch for 39D to assess the best providers for your business now! 🙂
 
Call us on 01279 800 039
Email us at [email protected]
Visit our website www.39d.co.uk

Follow our other social media platforms:
https://lnkd.in/dr–aBr
https://lnkd.in/dUM6mhf
https://lnkd.in/dRhMb_r
https://lnkd.in/gNW3J_X

Get in Touch With Our Team

[contact-form-7 404 "Not Found"]

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

Tech Tuesday Week 20

Tech Tuesday Week 20

On this weeks Tech Tuesday video Matthew, Director of 39D, shares part of his passion for Sailing based on a subject in the news about the Evergreen Cargo ship. He explains how AIS is used to show the speed and location of ships all around the world 🛳
Call us on 01279 800 039

Email us at [email protected]
Visit our website www.39d.co.uk

Follow our other social media platforms:
https://lnkd.in/dr–aBr
https://lnkd.in/dUM6mhf
https://lnkd.in/dRhMb_r
https://lnkd.in/gNW3J_X

Get in Touch With Our Team

[contact-form-7 404 "Not Found"]

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

Tech Tuesday Week 19

Tech Tuesday Week 19

In this weeks Tech Tuesday video you will get an insight into how we shoot our Tech Tuesday videos 🙂
 
Watch now to find out more about our filming location and equipment!
 
If you or your business need any advice or tips for filming your own videos, please get in touch and we will be happy to help 😁
Call us on 01279 800 039

Email us at [email protected]
Visit our website www.39d.co.uk

Follow our other social media platforms:
https://lnkd.in/dr–aBr
https://lnkd.in/dUM6mhf
https://lnkd.in/dRhMb_r
https://lnkd.in/gNW3J_X

Get in Touch With Our Team

[contact-form-7 404 "Not Found"]

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

Tech Tuesday Week 18

Tech Tuesday Week 18

In this weeks Tech Tuesday video you will get an insight into how we shoot our Tech Tuesday videos 🙂
 
Watch now to find out more about our filming location and equipment!
 
If you or your business need any advice or tips for filming your own videos, please get in touch and we will be happy to help 😁
Call us on 01279 800 039

Email us at [email protected]
Visit our website www.39d.co.uk

Follow our other social media platforms:
https://lnkd.in/dr–aBr
https://lnkd.in/dUM6mhf
https://lnkd.in/dRhMb_r
https://lnkd.in/gNW3J_X

Get in Touch With Our Team

[contact-form-7 404 "Not Found"]

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

Scroll to top