fbpx

Blogs

Is the Internet of Things a Doorway into your business?

The Internet of Things presents many opportunities for businesses of all sizes in terms of productivity, profitability, and development. Alongside the advantages are some risks that every business should consider and act upon. 

 

Most businesses consider a level of cybersecurity, but have you thought about how you can secure devices and Internet of Things software?

 

You’ve installed anti-virus software, defend against malware attacks, have security measures in place like 2fa, cycle your passwords regularly, and so on. But have you considered what other means there might be for threat actors to access your systems? Those are the people who will make cyberattacks against your business. 

And here’s the thing. They only have to get lucky once. They’s try, try, try again to get into your business through a variety of means. Some of these hackers will have preferred methods, some will have a clear MO. 

 

Internet of Things

What is the Internet of Things?

Put simply, it falls into two categories.

Firstly, software that shares data with other software and devices. And there’s a lot of it. In general terms, it manages data, processes, projects, and people. It sits in the cloud and accesses various systems in your business.

This directory lists a range of IoT software.

 

Secondly, devices. These are non-standard computing devices that can connect wirelessly to your network and transmit and receive data. 

Here are a few examples of devices in the Internet of Things:

  • Smart Mobiles
  • Smart refrigerators
  • Smartwatches 
  • Smart fire alarms 
  • Smart door locks 
  • Smart bicycles
  • Medical sensors
  • Fitness trackers
  • Smart security system

Are you cycling your passwords? Are your employees and anyone else with access to your systems doing the same? Your policy should be clear about what you expect, frequency, and how you audit that. And proper training is crucial. 

 

But that may not be enough to deny a hacker access through your Internet of Things (IoT) devices and software. How secure is your fire alarm, for example, if it’s connected to the internet. And do your staff need to have their fitness watches or phones connected? The more doorways you have, the more likely it is that someone can break into your business systems.

 

To use an analogy, no matter how much you try and keep your pet dog out of the living room and off the sofa, you’ll always fail in the end. The dog will keep on trying until he’s successful. Fido only needs to get lucky once. 

 

Threat actors behave in exactly the same way. They’ll keep on trying, maybe lose interest for a while as they seek out easier prey, and come back and try again. So your unending task is to make sure that they can’t get into your systems, and that means embedding an effective strategy that’s implemented across your business. And that’s where we come in!

 

 

 

Cybersecurity, risk assessments and GDPR

Cybersecurity, risk assessments and GDPRYou might think that cybersecurity is something that large enterprises and nation-states need to worry themselves about, but the small and medium-sized business sector is just as at risk from cyber attacks as any other business, NGO, or governmental organisation. As an SME you’ll be aware of GDPR and the responsibilities that come along with it. Part of the requirements for GDPR compliance includes a risk assessment and for every business to take the necessary steps to keep personal information safe and secure. The language that you use as an SME owner is different from how the director of a large enterprise might speak. Your computer system might be referred to as critical infrastructure or systems networks. Whatever the differences, the security risk to all businesses from cyber attacks is rising, and unlikely to ease anytime soon. If you receive suspicious messages, you can report them to the National Cyber Security Centre 

Cybersecurity Risks the SME sector must consider

Malware

This encompasses many of the more common attacks, including viruses, trojans, worms, ransomware, and spyware. All of them seek to enter a computer system to usually do one or more of three things: deny access to parts of the network, steal information from hard drives, and disrupt a system so that it cannot be operated.

Phishing

These are extremely common, and most people will have seen them. This is where fraudulent emails or messages are sent from a supposedly reliable source. Amongst the more common are fake emails from banks asking for login details, or messages from Royal Mail or couriers asking for money to make a missed delivery.

Man in the Middle

This is where an attacker takes advantage of vulnerabilities in a network- like a public network- to position themselves between a visitor and the network and intercept traffic. It’s very difficult to detect, and the user thinks that they are sending sensitive information to their intended source.

Denial of Service(DoS) Attacks

These work by overwhelming a system by flooding it with traffic that overloads resources and bandwidth. This means that the systems are unable to respond to requests for service. These attacks can be launched externally, or from infected machines within the network. This is known as a Distributed Denial of Service Attack (DDoS)

SQL Injections

An attacker will insert malicious code into a server using Server Query Language(SQL), which forces the server to deliver protected information. Website comment or search boxes are particularly sensitive to this kind of attack.

Zero-Day Exploit

Zero-Day Exploit attacks are often reported in the news. This is where a new or recently announced update to a system has been announced, and before a patch or upgrade can plug the gap. Attackers will constantly monitor systems for such vulnerabilities, so this is very much a proactive approach to cyber threats.

Password Attack

There are very many versions of this type of cyber attack, from brute force attacks to gaining access to password databases. We’ve all read about these in the news, particularly when banks are successfully attacked.

Cross-Site Scripting

The attacker will send a scam email injected with code to their victim. The victim visits the genuine website which activates the code, sending private data like login details to the attacker. The attacker can then access the genuine user account- often a bank or online shop where personal information or bank details can be stolen.

Rootkits

These are found inside legitimate software, usually through email attachments or downloaded from insecure websites. Once installed, the software is activated by action or by the attacker, and personal information, keys, and passwords can then be stolen.

Internet of Things(IoT) Attacks

There are billions of devices connected to the internet, from computers and servers to central heating controls, phones, and even light bulbs. All of these devices are vulnerable, and most are not prioritised in the same way from a security standpoint as critical infrastructure or computer systems.

Cybersecurity, risk assessment and GDPR

3 Steps to Better Cybersecurity

In the face of so many potential cyber threats, it might seem like there isn’t much chance of avoiding attack, but there are steps that you can take to mitigate, if not remove the risk to your business. There may be a cost to some elements, but consider the impact on your balance sheet if your information security is compromised,or worse, breached and you suffer a significant data theft. Even the smallest business keeps information that falls under data protection laws. That might be for a member of staff, a client database, bank details in your accounting system. Payments software that might collect direct debits, or a larger customer database if your business is consumer-facing.

Step 1: Cybersecurity Risk Assessment

First of all, it’s important to understand the risk to your business. Conducting a risk assessment will help you to understand your systems and their weaknesses and the threats to them. You will understand the level of personal data that you are managing, and whether you need to appoint a controller and processor according to GDPR. And with risk assessments completed you will have the information that you need to make informed choices about the level of risk to your business, and the changes that you will need to make.

Step 2: Putting Systems and Security in Place to counter cybersecurity risks

Securing your business from attack isn’t simply about spending money on expensive software, It’s about systems and processes as well. Many of the types of attacks that we’ve mentioned rely on people doping things like opening malicious emails or messages. These attacks simply go round antivirus and security software, and by the time anyone realises, the damage is done. So considering your working practices is just as important. For example, do staff use their own devices (even if they shouldn’t), do you have a work from home policy, and how have you secured it? Can company devices like laptops access insecure networks, or are they prevented from doing so? How do you manage software and hardware updates? Of course, there is an element of cost in terms of keeping software up to date and replacing hardware regularly so that it is not vulnerable simply because of its age.

Step 3: Training, Accountability, and Review

Regular training and updates on cybersecurity with your team will embed what is required of them to keep your business safe and help them to understand how important it is to follow the processes in your organisation. It also allows for accountability, so that everyone is motivated to stick to good practice. You’re then in a strong position to manage expectations so that your hardware is used for its intended purpose, reducing risk, and identifying training needs going forward. Periodic review keeps you up to date and allows you to take into account new staff, updates to software and systems, and changes to your business operations. So your cybersecurity becomes a proactive part of your operations. To take a look at your cybersecurity and to arrange a review drop us a line, or take a look here for more info about GDPR

Open Day 1st October 2021

You are invited to our technology event

Friday 1st October 10:00-18:00

North Weald Airfield - Essex - CM16 6HR

We would like to invite you to come and visit our office in North Weald. Come learn about how we provide our clients day to day support, Monitor the internet and talks from our speakers. Enjoy networking with different clients over some light bites. We also will have demonstrations of some of our products from our IT support services and telephone hardware. All with our technical team on hand to answer questions you may have about how 39D supports businesses day in and day out.

  • Product Demonstrations
  • Surprise Airfield Events
  • Tea and Coffee
  • Lite Bites to eat

To RSVP

By Phone: 01279 800 035
By Email: [email protected]

Or enter your details in the form below

Tech Tuesday Week 25

Tech Tuesday Week 25

This week on tech Tuesday Matthew is back and demonstrates in the video how to delay or defer emails to keep on top of the emails you need to send each week. Matthew goes through step by steps on how to input this process into your Outlook.

If you have any questions or need any help please don’t hesitate to get in touch!

Call us on 01279 800 039

Email us at [email protected]

Visit our website www.39d.co.uk

Get in Touch With Our Team

Runway House
North Weald Airfield
North Weald
Essex
CM16 6HR

01279 800 039

SP Consulting

SP Consulting

SP Consulting was founded by Sarah Padilha. For over 30 years Sarah has had various roles in many financial institutions. Sarah is a hands-on management consultant who is here to help you refine your cash flow and grow your venture to a point that it will support your lifestyle. SP Consulting as a company provide tailored business management consulting services to businesses worldwide. They can add value to your business by guiding you through challenges and find solutions to your problems.
 
Sarah has been a valuable part of our growth and consultation plans. We have been working with Sarah over the last two years. Sarah’s knowledge in tender writing, grant applications and her background as a business bank manager has helped us to put processes in place to improve our finances as well as secure funding for our future plans.
 
If you’re looking for a finance director to attend your monthly board meetings get in touch with Sarah for a consultation.

Do get in touch via their website below:

SP Consulting

Get in Touch With Our Team

    Runway House
    North Weald Airfield
    North Weald
    Essex
    CM16 6HR

    01279 800 039

    Alexandra Stanley

    'Alexandra Stanley Social Media'

    “Your independent specialist for social media marketing, coaching, training and website design.”

    ‘Alexandra Stanley Social Media’ is a local social media and web design company offering many different services. The main services advertised on her page are Social Media Management, Website Design, Training and Coaching.

    Team 39 Degrees have attended one of her online seminars about growing your business with social media. Her checklist and explanation on how to improve our posts and get further engagement has expanded our following and our reach. If you would like to book a consultation with alexander please click the link below and arrange your meeting.

    Do get in touch via their website below:

    Alexandra Stanley

    Find Alexandra on her social media pages where she posts lots of motivating content and advice for her followers…

    Get in Touch With Our Team

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      Tech Tuesday Week 24

      Tech Tuesday Week 24

      This week on Tech Tuesday, Team 39D visit a client in Dunton and let you spend the day with them. The team were starting their preparation work for interconnect to be put in between two units. Team 39D were pulling in a 200m fibre link between two of their units to help improve connectivity.

      Visit our website www.39d.co.uk

      Call us on 01279 800 039 

      Get in Touch With Our Team

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      The Trusted Business Community Association

      The Trusted Business Community Association

      This week Team 39D would like to introduce to you The Trusted Business Community Association, where Members Reputations Meet The Expectation of Their Clients. The founder of The Trusted Business Community Association is Called Sean Hewitt, Sean founded the Association 8 ½ years ago. 

      Sean started the Association as he recognised that although businesses were offering a quality service, there was little on offer to express this through being accredited. Giving the accreditation brings consumer confidence to those in membership by The Associations endorsement of their brands, placing themselves ahead of the competition due to our interviewing of each would-be member that includes a vetting and verification process before they can join. Sean helps connect businesses with one another all around the UK, to help businesses gain new clients and contacts. To make sure Sean only recommends the best of the best, part of his process is vetting everyone’s businesses. At The Trusted Business Community Association, they recognise the need for standards and safety for everyone within the association. Sean has even completed courses to understand domestic abuse in and around the workplace to know that all his businesses and staff are acting correctly in the environment. 

      The Trusted Business Community Association is all about building trust and community to help promote good business practices and services. Being part of the Association brings together the best in the business to collaborate with each other, whilst the Association works on the reach and exposure to the wider audiences across social media on their behalf.  To find out more information on how the Association for SME’s can assist your business growth, do get in touch via their website below:

      The Trusted Business Community

      Get in Touch With Our Team

      [contact-form-7 404 "Not Found"]

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      Tech Tuesday Week 23

      Tech Tuesday Week 23

      In this weeks Tech Tuesday, Mitchell talks about how we print our ID cards in house using an inkjet printer. He also talks about the technology used with in the passes!

      For any advice get in touch with Team 39D today!

      Call us on 01279 800 039

      Email us at [email protected]

      Visit our website www.39d.co.uk

      Follow our other social media platforms:
      https://lnkd.in/dr–aBr
      https://lnkd.in/dUM6mhf
      https://lnkd.in/dRhMb_r
      https://lnkd.in/gNW3J_X

      Get in Touch With Our Team

      [contact-form-7 404 "Not Found"]

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      Tech Tuesday Week 22

      Tech Tuesday Week 22

      In this weeks Tech Tuesday Mitchell our network Manager demonstrates how we test defective network cables and diagnose faults within a network, using a network tester. If you are facing network problems get in touch with 39D now!
      Call us on 01279 800 039
      Email us at [email protected]
      Visit our website www.39d.co.uk 

      Follow our other social media platforms:
      https://lnkd.in/dr–aBr
      https://lnkd.in/dUM6mhf
      https://lnkd.in/dRhMb_r
      https://lnkd.in/gNW3J_X

      Get in Touch With Our Team

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      Scroll to top