asb law teamed up with Falanx Cyber to host our cyber security seminar at the asb offices in Crawley, West Sussex.
The event saw 30 attendees join to learn more about how to protect their business (and themselves) against the growing threat of cyber-attacks.
Rob Shapland, Head of Awareness / Ethical Hacker at Falanx Cyber gave his first-hand experience about the methods used and lengths that hackers go to infiltrate, steal and use information against companies.
Some of the most popular methods used include:
- Social engineering: aims to bypass the security of a company by relying on human error using methods such as telephone calls, emails or even social media. The criminal can impersonate any character they need to in order to trick employees; such as an external IT engineer who needs to carry out important system updates or following employees through a door and waiting for them to hold it open for them. Once inside the building, it’s very easy to blend in and do what needs to be done.
- Spear Phishing: is a method that is highly targeted to specific individuals using information commonly taken from social media which involves sending a fake email which tricks the user into clicking a link or attachment. This then allows the criminal to steal information such as passwords from that computer.
- Ransomware: encrypts all files, including shared drives, and demands a ransom payment to unlock them. Latest versions actively seek backups and destroys them first.
- Whaling: is a technique that targets finance staff whereby a fake email is received from a senior staff member often requesting financial payments to be made urgently. Unsuspecting staff affected by the seniority and urgency will often comply without asking questions.
Rob Green, Head of Commercial at asb law followed with the legal consequences of a cyber security breach. Data loss is the most obvious issue for companies which, beyond the loss of customer data, can also result in company IP and trade secrets being stolen.
Aside from the reputational damage and disruption to services that data loss can cause, businesses will also find themselves at risk of substantial fines. Recent cases have resulted in high profile companies have been fined as high as £183m by the ICO for data breaches resulting from cyber attacks
Criminals are constantly evolving their methods of obtaining information, the latest software does well to protect against these methods. However, the most effective way a company can protect itself is by making human adjustments:
- Encourage employees to maintain privacy on social media accounts
- Employ effective password management and use two-step authentication
- Use caution when receiving and opening email correspondence
- Check email addresses for accuracy
- Check for spelling errors
- Carry out authentication steps for all payment requests
- Create practices and policies in the workplace, test them, review them regularly and have a plan in place for when things do go wrong.
Both Rob Shapland and Rob Green agreed that the cyber initiative at any business is the responsibility of the board and filtered down, giving the day to day employee ownership of those policies.
To start a conversation about how we can help you to get the outcome you want
Call us on +44 (0)345 521 4545 or send an email.