FSB service providers LHS, which run the cyber advice line, were invited to take part by delivering a presentation to around 30 businesses that had all been the victim of cybercrime previously.
Attendees also heard from NCSC’s experts who said cyber criminals could be broken down in to four categories:
1. Script kiddies – usually teenagers adept on computers who are either bored or seeking some alternative fun or ways to make small amounts of cash.
2. Hacker groups – computer programmers who design and sell the software to criminal groups to use.
3. State sponsored – no description required.
4. Insider threat – your staff and the biggest threat as they are already on the ‘inside’ however good your defences.
Top takeaways from the session were that businesses must first and foremost educate staff on being cyber aware. Particularly around phishing scams which is the most common type of scam employees will come across.
Resilience over security: that is to say it is more a case of not if, but when you are hacked as a business, and when that happens, how fast you can recover. Backing up data was key.
Password security – still a common problem. However, no longer is the advice change to passwords regularly, but instead to use three random words – such as Mouse Island Grandma – and make sure it’s kept safe and secure.
For businesses that store data, the advice was to use cloud services ahead of internal servers, because big cloud companies can spend infinitely more cash on data security than any small firm could feasibly do.
Beware of free wifi offered in places such as business lounges and cafes. The analogy used was you wouldn’t pick up a bottle of open beer and drink from it if you found it in the street. Mobile phones are also becoming more susceptible, particularly because of the latter.
For businesses seeking more cyber security advice, UK police have produced The Little Book of Cyber Scams, the government has its own Cyber Essentials scheme – which offers basic advice any firm can implement.
The FSB’s cyber advice line can be contacted on 0345 072 7727 for members to access expert advice on all things cyber related.