Cyber-attacks on businesses are increasing every day. 40% of all UK crime is cyber based. We are getting an increasing number of customers reporting viruses, malware and ransomware on their systems. This can result in a huge amount of downtime while we sort out the problem.
Only 10% of UK businesses have specific insurance policies in place to cover cyber-attacks, and many traditional insurance policies have exclusions for cyber-attacks which limit their losses. Please check with your insurers to clarify what cover you have. You can normally add cyber cover to your existing policy, but without a ‘Cyber Essentials Accreditation’ the premiums are likely to be very high. However there is no need to panic, as we have a solution!
Firstly, let’s explore the threat to your business.
Who might be attacking you?
- Cyber criminals, interested in making money through fraud, ransomware, or from the sale of valuable information.
- Industrial competitors and foreign intelligence services, interested in gaining an economic advantage for their companies or countries.
- Hackers, who find interfering with computer systems an enjoyable challenge.
- Hacktivists, who wish to attack companies for political or ideological motives.
- Employees, or those who have legitimate access, either by accidental or deliberate misuse.
You have no control over their capabilities and motivations, but you can make it harder for attackers by reducing your vulnerabilities.
Threats Requiring Mitigation
Organisations need to mitigate against the following common types of cyber-attack:
- Phishing: malware infection through users clicking on malicious e-mail attachments or website links.
- Hacking: exploitation of known vulnerabilities in Internet connected servers and devices using widely available tools and techniques.
There is no such thing as 100% security, but you can reduce the chances of attack (and reduce your insurance premiums) by getting Cyber Essentials Certification. AMA can help you do this.
The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
To mitigate the threats identified above, Cyber Essentials requires implementation of the following controls:
Boundary firewalls and internet gateways
|Information, applications and computers within the organisation’s internal networks should be protected against unauthorised access and disclosure from the internet, using boundary firewalls, internet gateways or equivalent network devices.|
|Computers and network devices should be configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role.|
User access control
|User accounts, particularly those with special access privileges (e.g. administrative accounts) should be assigned only to authorised individuals, managed effectively and provide the minimum level of access to applications, computers and networks.|
|Computers that are exposed to the internet should be protected against malware infection through the use of malware protection software. This software must be kept up to date.|
|Software and operating systems running on computers and network devices should be kept up-to-date and have the latest security patches installed.|
AMA Managed Services can highlight and fix vulnerabilities in your network security, for a reasonable monthly (or annual) cost.
|AVG Server Management||Patch Management, monitoring of: backups, anti-virus updates, errors, disk space, resources, security breaches etc.|
|AVG Workstation Management||Patch Management, monitoring of: backups, anti-virus updates, errors, disk space, resources, security breaches etc.|
|AVG Anti-Spam||Block spam & malicious emails before they enter the building|
|AVG Anti-Virus||Protect against viruses & other malware|
|AVG Content Filtering||Prevent employee access to dubious, dangerous or time-wasting web sites.|
|Datto Backup||If all of the above has failed and you need to restore, this is the ultimate infrastructure backup system. Recover from a disaster in minutes, either locally or in the cloud. Unlike standard backups, Datto backups are protected from infection from ransomware & viruses.|
Once the above controls are in place, we can supply your business with Cyber Essentials Accreditation though our accreditation partner, PGI Cyber. PGI can also supply higher level accreditation ‘Cyber Essentials Plus’ or ‘ISO 27001’, if required.
You can register for Cyber Essentials accreditation here (£395+VAT) –https://cyberservicesportal.pgicyber.com/?ref=FWB07391
You can see a demo pf the accreditation portal here – https://vimeo.com/152268371
For more information on the ways the government is advising you stay cyber streetwise click here.