The global cybersecurity landscape has been increasingly threatened in recent years. Last year, the National Cyber Security Centre (NCSC) – part of GCHQ – dealt with 63 nationally significant cyberattacks[1]. We’ve all seen and heard about large scale cyberattacks on the news – Royal Mail, JD Sports, the Guardian and WHSmith – all causing significant damage to these victim organisations. And these are only the newsworthy ones – there will be so many that we don’t hear about and even more that aren’t reported to the NCSC.

Previously, cyberattacks were only considered a real threat to big enterprises. Unfortunately, cybercriminals used the UK’s move to working from home to take advantage of the sparse or misaligned security measures in SMEs. Since then, the number of cyberattacks on SMEs has increased substantially with 54% of SMEs in the UK experiencing some form of cyberattack in 2022[2], meaning cybersecurity and having measures in place to prevent cyberattacks have become integral.

Minimising Weaknesses

Cybercrime is a business and cybercriminals want to make money with minimal effort. The majority of cybercriminals’ first encounters with organisations are opportunistic and are not targeted against a particular business or sector. Once cybercriminals have identified a weakness, they then get to work exploiting it using methods such as spearphishing where the attacker researches their target to tailor their content and approach.

Having preventative measures in place significantly reduces your chances of an attack by minimising those weak points that attract cyber criminals in the first place. And if it does go further and you are targeted, you have everything in place to prevent the cyber attack taking hold.

Key takeaways to prevent cyberattacks

• Use strong passwords. Have separate passwords for all your accounts and avoid patterns (ie. password1, password2, password3).
• Enable Multi Factor Authentication (MFA). Everything that can have MFA, should, and ideally it should be using an authenticator app such as the Microsoft Authenticator.
• Use Conditional Access instead of security defaults. This is a Microsoft 365 feature that provides security alerts and requires extra authentication if “out of the ordinary” access requests are made.
• Block legacy authentication in Microsoft 365. The legacy authentication protocols (such as POP, SMTP etc.) that are often used for printers, scanners, and hardware monitoring like switches, don’t support MFA making them easy points of access for attackers. It’s important that when enabling MFA, you also block these legacy authentication methods.
• Keep your devices and networks up to date. Use the most up to date versions, apply security updates as soon as prompted, and use antivirus to scan for known malware threats.
• Disable external mail-forwarding. Following a successful cyberattack, cybercriminals have been observed to set up mail-forwarding rules to maintain visibility of their target’s emails. Disabling mail-forwarding will prevent this from happening.
• Separate admin roles. If you’re performing an admin activity such as installing software or managing some infrastructure, you should use a separate admin only account for that, rather than apply admin permissions to the user account you use to check your email and create files.
• Educate your users and remain vigilant. The single most effective measure to prevent cyberattacks is user education. Spearphishing emails are cleverly tailored to avoid suspicion. You might recognise the sender’s name but is their email address correct? Would you expect this type of contact from this person ie. have they sent an email from their personal mailbox rather than their corporate or vice versa? Can you verify the legitimacy of the email by another means before clicking any links? It’s always better to be safe than sorry, so if in doubt, don’t click, and contact your IT administrator.

Be aware that although anybody can be a victim of a cyberattack, people with a larger ‘splash zone’ are more likely to be targeted. A ‘splash zone’ is the amount of organisation-wide access an individual has – as an example, a global admin has a large splash zone – thereby leading a cyberattack to gain a much larger scope of access and information, and a bigger impact on the victim organisation.

Stay vigilant, if you need any further advice or information, please get in touch as we’re happy to help.