The cyber risks hidden in plain sight in your organisation
By Phil Bailey, Managed Services Director, PMC.
Cyber Security attacks are making headline news on a regular basis. You don’t have to look far to see big and well-known brands are being held to ransom over their personal data.
The sad truth is that most cyber security breaches occur through internal weaknesses in your system, typically coming from employee negligence. And they could take your company down.
In my experience, many retailers overlook some of the basic, yet highly effective steps you can take, to tackle some of the security threats hidden in plain sight. And when done correctly they’ll significantly improve your security.
The threat among us
Current headlines concerning the Clop group cyber threat highlight the hacker strategy of attacking multiple companies via a single business software. But the largest threat to retailers these days – and 33% of break-ins from ransomware – are triggered by internal, staff-related activities.
Many employees are simply uneducated or unaware of the risks. Phishing emails can be very convincing and look like they’re coming from an internal team member. Or they might promise rewards. Many of the emails making the rounds at the moment play on the cost-of-living crisis, offering £100 Tesco vouchers or 70% off a pair of new car tyres.
One of the most valuable things you can do to counter the internal threat is educate your employees. It’s inexpensive but needs to be done properly.
You also need to refresh your training regularly and test employee knowledge with real-life tests – such as sending around your own fake phishing emails to see how many clicks you get!
Be proactive and reactive
The second thing we see a lot of is retailers, particularly smaller ones, investing in out-of-the-box antivirus (AV), rolling it out across all their devices, then assuming it’s ‘job done’.
It’s a common myth in retail that you can simply plug in antivirus software and you’re protected. The reality is, it’s simply step 1, and won’t adequately protect your organisation against today’s cyber attackers.
Step 2 is ensuring the solution is configured effectively to protect your business. You have to configure it for your environment and tell it what you want it to look for, and what policies or automatic actions you want it to take.
Step 3 is ensuring that you’re monitoring your AV across your estate and being both proactive and reactive. Proactive – to work out what you can automate, such as patching. Reactive – to check what the dashboards are flagging up and what you need to act upon.
Hackers will constantly probe your defences. If it takes you six weeks to respond to a weak point, or roll out a new patch, you can be in serious trouble.
Data encryption and disaster recovery
We advise our clients to enable built-in data encryption, like BitLocker, to strengthen their security. It protects you from a GDPR perspective, making data unusable to a hacker without the right key, if an employee device gets stolen.
BitlLocker comes free with Windows 7, 8, 10 and 11, and, by the way, it’s a complete myth that it slows devices down. So, switch it on.
Finally, it’s worth investing time and effort in a disaster recovery (DR) plan – and testing it, as it’s likely you will need to use it someday and when you do, similar to a lifeboat or parachute, you want to know that it will work! It may seem simple, but it’s an area we see a lot of retailers overlooking.
A good DR plan needs to be comprehensive enough to be picked up by someone not familiar with it. It should help them rebuild your systems and servers from scratch if required. And it needs to be stored offline, so you can access it easily if you do get hacked.
4 key takeaways that will help you stay ahead
In summary, the greatest investments you can make to protect your organisation are:
- A best of breed AV with lateral protection (the option to isolate infected devices) – that’s the single biggest tool at your disposal
- Employee education combined with regular training top-ups and refresher courses
- Putting time and effort into creating a DR plan and testing it
- Bringing in external expertise when you need it – to configure your AV software correctly, and help you understand what you need to be looking for, and how to react fast and recover when you get attacked.
How we can help
PMC are running a retail-centric event with Sophos, the leaders in this field, on Thursday 6th July. We’ll be covering the topic of cyber resilience, and how retailers can address the modern threat landscape with endpoint security. For further details visit our website here.