fbpx

39 Degrees Updates

Cybersecurity, risk assessments and GDPR

Cybersecurity, risk assessments and GDPRYou might think that cybersecurity is something that large enterprises and nation-states need to worry themselves about, but the small and medium-sized business sector is just as at risk from cyber attacks as any other business, NGO, or governmental organisation.As an SME you’ll be aware of GDPR and the responsibilities that come along with it. Part of the requirements for GDPR compliance includes a risk assessment and for every business to take the necessary steps to keep personal information safe and secure.The language that you use as an SME owner is different from how the director of a large enterprise might speak. Your computer system might be referred to as critical infrastructure or systems networks. Whatever the differences, the security risk to all businesses from cyber attacks is rising, and unlikely to ease anytime soon.If you receive suspicious messages, you can report them to the National Cyber Security Centre 

Cybersecurity Risks the SME sector must consider

Malware

This encompasses many of the more common attacks, including viruses, trojans, worms, ransomware, and spyware. All of them seek to enter a computer system to usually do one or more of three things: deny access to parts of the network, steal information from hard drives, and disrupt a system so that it cannot be operated.

Phishing

These are extremely common, and most people will have seen them. This is where fraudulent emails or messages are sent from a supposedly reliable source. Amongst the more common are fake emails from banks asking for login details, or messages from Royal Mail or couriers asking for money to make a missed delivery.

Man in the Middle

This is where an attacker takes advantage of vulnerabilities in a network- like a public network- to position themselves between a visitor and the network and intercept traffic. It’s very difficult to detect, and the user thinks that they are sending sensitive information to their intended source.

Denial of Service(DoS) Attacks

These work by overwhelming a system by flooding it with traffic that overloads resources and bandwidth. This means that the systems are unable to respond to requests for service. These attacks can be launched externally, or from infected machines within the network. This is known as a Distributed Denial of Service Attack (DDoS)

SQL Injections

An attacker will insert malicious code into a server using Server Query Language(SQL), which forces the server to deliver protected information. Website comment or search boxes are particularly sensitive to this kind of attack.

Zero-Day Exploit

Zero-Day Exploit attacks are often reported in the news. This is where a new or recently announced update to a system has been announced, and before a patch or upgrade can plug the gap. Attackers will constantly monitor systems for such vulnerabilities, so this is very much a proactive approach to cyber threats.

Password Attack

There are very many versions of this type of cyber attack, from brute force attacks to gaining access to password databases. We’ve all read about these in the news, particularly when banks are successfully attacked.

Cross-Site Scripting

The attacker will send a scam email injected with code to their victim. The victim visits the genuine website which activates the code, sending private data like login details to the attacker. The attacker can then access the genuine user account- often a bank or online shop where personal information or bank details can be stolen.

Rootkits

These are found inside legitimate software, usually through email attachments or downloaded from insecure websites. Once installed, the software is activated by action or by the attacker, and personal information, keys, and passwords can then be stolen.

Internet of Things(IoT) Attacks

There are billions of devices connected to the internet, from computers and servers to central heating controls, phones, and even light bulbs. All of these devices are vulnerable, and most are not prioritised in the same way from a security standpoint as critical infrastructure or computer systems.

Cybersecurity, risk assessment and GDPR

3 Steps to Better Cybersecurity

In the face of so many potential cyber threats, it might seem like there isn’t much chance of avoiding attack, but there are steps that you can take to mitigate, if not remove the risk to your business.There may be a cost to some elements, but consider the impact on your balance sheet if your information security is compromised,or worse, breached and you suffer a significant data theft.Even the smallest business keeps information that falls under data protection laws. That might be for a member of staff, a client database, bank details in your accounting system. Payments software that might collect direct debits, or a larger customer database if your business is consumer-facing.

Step 1: Cybersecurity Risk Assessment

First of all, it’s important to understand the risk to your business. Conducting a risk assessment will help you to understand your systems and their weaknesses and the threats to them. You will understand the level of personal data that you are managing, and whether you need to appoint a controller and processor according to GDPR.And with risk assessments completed you will have the information that you need to make informed choices about the level of risk to your business, and the changes that you will need to make.

Step 2: Putting Systems and Security in Place to counter cybersecurity risks

Securing your business from attack isn’t simply about spending money on expensive software, It’s about systems and processes as well. Many of the types of attacks that we’ve mentioned rely on people doping things like opening malicious emails or messages. These attacks simply go round antivirus and security software, and by the time anyone realises, the damage is done. So considering your working practices is just as important.For example, do staff use their own devices (even if they shouldn’t), do you have a work from home policy, and how have you secured it? Can company devices like laptops access insecure networks, or are they prevented from doing so? How do you manage software and hardware updates? Of course, there is an element of cost in terms of keeping software up to date and replacing hardware regularly so that it is not vulnerable simply because of its age.

Step 3: Training, Accountability, and Review

Regular training and updates on cybersecurity with your team will embed what is required of them to keep your business safe and help them to understand how important it is to follow the processes in your organisation. It also allows for accountability, so that everyone is motivated to stick to good practice. You’re then in a strong position to manage expectations so that your hardware is used for its intended purpose, reducing risk, and identifying training needs going forward.Periodic review keeps you up to date and allows you to take into account new staff, updates to software and systems, and changes to your business operations. So your cybersecurity becomes a proactive part of your operations.To take a look at your cybersecurity and to arrange a review drop us a line, or take a look here for more info about GDPR

SP Consulting

SP Consulting

SP Consulting was founded by Sarah Padilha. For over 30 years Sarah has had various roles in many financial institutions. Sarah is a hands-on management consultant who is here to help you refine your cash flow and grow your venture to a point that it will support your lifestyle. SP Consulting as a company provide tailored business management consulting services to businesses worldwide. They can add value to your business by guiding you through challenges and find solutions to your problems.
 
Sarah has been a valuable part of our growth and consultation plans. We have been working with Sarah over the last two years. Sarah’s knowledge in tender writing, grant applications and her background as a business bank manager has helped us to put processes in place to improve our finances as well as secure funding for our future plans.
 
If you’re looking for a finance director to attend your monthly board meetings get in touch with Sarah for a consultation.

Do get in touch via their website below:

SP Consulting

Get in Touch With Our Team

    Runway House
    North Weald Airfield
    North Weald
    Essex
    CM16 6HR

    01279 800 039

    Alexandra Stanley

    'Alexandra Stanley Social Media'

    “Your independent specialist for social media marketing, coaching, training and website design.”

    ‘Alexandra Stanley Social Media’ is a local social media and web design company offering many different services. The main services advertised on her page are Social Media Management, Website Design, Training and Coaching.

    Team 39 Degrees have attended one of her online seminars about growing your business with social media. Her checklist and explanation on how to improve our posts and get further engagement has expanded our following and our reach. If you would like to book a consultation with alexander please click the link below and arrange your meeting.

    Do get in touch via their website below:

    Alexandra Stanley

    Find Alexandra on her social media pages where she posts lots of motivating content and advice for her followers…

    Get in Touch With Our Team

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      The Trusted Business Community Association

      The Trusted Business Community Association

      This week Team 39D would like to introduce to you The Trusted Business Community Association, where Members Reputations Meet The Expectation of Their Clients. The founder of The Trusted Business Community Association is Called Sean Hewitt, Sean founded the Association 8 ½ years ago. 

      Sean started the Association as he recognised that although businesses were offering a quality service, there was little on offer to express this through being accredited. Giving the accreditation brings consumer confidence to those in membership by The Associations endorsement of their brands, placing themselves ahead of the competition due to our interviewing of each would-be member that includes a vetting and verification process before they can join. Sean helps connect businesses with one another all around the UK, to help businesses gain new clients and contacts. To make sure Sean only recommends the best of the best, part of his process is vetting everyone’s businesses. At The Trusted Business Community Association, they recognise the need for standards and safety for everyone within the association. Sean has even completed courses to understand domestic abuse in and around the workplace to know that all his businesses and staff are acting correctly in the environment. 

      The Trusted Business Community Association is all about building trust and community to help promote good business practices and services. Being part of the Association brings together the best in the business to collaborate with each other, whilst the Association works on the reach and exposure to the wider audiences across social media on their behalf.  To find out more information on how the Association for SME’s can assist your business growth, do get in touch via their website below:

      The Trusted Business Community

      Get in Touch With Our Team

      [contact-form-7 404 "Not Found"]

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      Working From Home

      Working From Home

      In your Working From Home Office, do you have a full set up? A computer, desk/dect VoIP phone, screen, mouse and keyboard? 39D can supply all of this for you and also install it! Do you want to Work From Home at ease? Let us help you today!
      For more information on how we can help your business get in touch today.
      Call us on 01279 800 039
      Email us at [email protected]
      Visit our website www.39d.co.uk
      Direct message 39D through the button below 🙂

      Get in Touch With Our Team

      [contact-form-7 404 "Not Found"]

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      Web Hosting Update

      Lets talk about Web Hosting

      Is your website being hosted? Do you know what Web Hosting is? We can assure you that your website needs to be hosted, 39D can host it for you on our high powered Linux servers.
      Get in touch today to learn more about why your website needs to be hosted and how 39D can provide this for you and your business!
      Call us on 01279 800 039 or email us at [email protected]

      Get in Touch With Our Team

      [contact-form-7 404 "Not Found"]

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      BATS Ilford Website

      BATS Ilford Website

      Over the past month our Digital and Marketing Team have been building a Website for a local Property Development company named BATS Ilford. We are very pleased with how the website has turned out as it matches the clients brief exactly!
      BATS Ilford Ltd is a privately run company specialising in privately rented accommodation in and around the East London & Essex area. Our portfolio of property, has great transport links direct into the City Of London. With years of experience in the property sector, all of our tenants rent through us with complete confidence and security.

      Check out their website now

      HERE

      Get in Touch With Our Team today

      [contact-form-7 404 "Not Found"]

      Runway House
      North Weald Airfield
      North Weald
      Essex
      CM16 6HR

      01279 800 039

      Scroll to top