Cyber Security
- Thread starter Paul Betts
- Start date
Check this link out from the forum.
https://www.ukbusinessforums.co.uk/...eps-are-you-taking.398116/page-3#post-2936839
Fun, fun , fun we have there.
https://www.ukbusinessforums.co.uk/...eps-are-you-taking.398116/page-3#post-2936839
Fun, fun , fun we have there.
Upvote
0
Upvote
0
Simple things you could do
- Make sure your equipment has all of the latest patches
- Antivirus
- Don't trust public (trains, hotels, airports etc..) use a VPN
- Don't use powerline equipment (easily hackable)
- If a home business, firewall and separate home wifi network from your business
- Encrypt all devices (laptops, disk drive, USB etc..)
- Encrypt data; even if stored in the cloud
Upvote
0
One aspect is your business website + email, and choosing a company with best of breed uptime, tons of positive reviews and fully managed services would seem to be a nobrainer.
Unproven, new, web hosts come and go like Autumn fashions, maybe faster. If you're worrying about downtime, slow loading or any of 1,000 other hosting issues, then you've made the wrong choice.
Once you've got a dependable company picked and quality hosting in place, you've got to make sure the basics are implemented, such as unique IP for your web and email, SSL for everything, antivirus, firewall - there's more than just one or two things needing attention.
Unproven, new, web hosts come and go like Autumn fashions, maybe faster. If you're worrying about downtime, slow loading or any of 1,000 other hosting issues, then you've made the wrong choice.
Once you've got a dependable company picked and quality hosting in place, you've got to make sure the basics are implemented, such as unique IP for your web and email, SSL for everything, antivirus, firewall - there's more than just one or two things needing attention.
Upvote
0
Doing what?
Any security advice would depend on what data you plans to process.
For example, will you be gathering financial or personal information? Will customers use IT to interact with your business? Are there going to be databases and passwords?
Upvote
0
I dont know much about cyber security, but I would like to share how my company is training people to be aware of scams. Namely, from time to time a group of employees receives a phishing mail. If you catch up on it, then you need to go to additional trainings organized by IT and HR departments.
Upvote
0
A worthwhile read is available here: https://www.ncsc.gov.uk/collection/small-business-guide
I you want specific advice it depends on the type of business you have. A lot of Cyber Security is about the threat landscape specific to the business.
Also people are your first line of defence so make sure they are knowledgeable about threats that exist.
I you want specific advice it depends on the type of business you have. A lot of Cyber Security is about the threat landscape specific to the business.
Also people are your first line of defence so make sure they are knowledgeable about threats that exist.
Upvote
0
D
Deleted member 324187
In the UK the best source of information is found at:
The UK National Cyber Security Centre sorry system would not let me post actual URL!
There is advice for SMEs, Sole Traders and Individuals. Keep well away from all the technical debates on Operating Systems etc .... and vendors who will try and sell you the latest Anti-Virus product where there are equally effective free products available.
Upvote
0
It really depends on what you are doing, and what systems you have. Desktop security is different from server security which is different from security when using other people's servers (called the cloud),
You should choose systems that meet your security requirements from the start. You also need to ensure that you can recover from a hack because no security gives you a 100% guarantee.
What are you specific requirements?
You should choose systems that meet your security requirements from the start. You also need to ensure that you can recover from a hack because no security gives you a 100% guarantee.
What are you specific requirements?
Upvote
0
D
Deleted member 324187
All security is essentially the same irrespective of the technical hardware/software environments being used: understanding Threats and how they exploit Vulnerabilities, putting basic preventive measures in place yes also including backing up systems and data. Make sure you have adequate firewalls and that all software is kept up to date.
Read the NCSC guides they are the UK government experts and are not selling services and or products.
Read the
Upvote
0
@DCS41 some principles are the same, but practical steps and the effort put in vary. You have to run virus scans on Windows desktop, not on a Linux one. A public server (like a web or mail server) cannot be firewalled off with a simple "deny all incoming" as a desktop can because its purpose is to process incoming requests. It would be overkill to hire specialist penetration testers to test a small business website, but it would necessary for a bank.
That is rather like telling people not to get legal advice because all the information they need is on gov.uk - it is all there somewhere, but that does not mean they do not need advice on how it applies in their situation or what exactly to do. Take a look at the "Application development" or "denial of service" guides for SMEs - micro businesses and small businesses without a fair amount of in-house expertise cannot apply those guidelines.
That is rather like telling people not to get legal advice because all the information they need is on gov.uk - it is all there somewhere, but that does not mean they do not need advice on how it applies in their situation or what exactly to do. Take a look at the "Application development" or "denial of service" guides for SMEs - micro businesses and small businesses without a fair amount of in-house expertise cannot apply those guidelines.
Upvote
0
D
Deleted member 324187
Oh dear yes viruses are rare on Unix based systems but malware (and viruses often use these are carriers so best advice is to scan all systems. Some malware will certainly attack non-Microsoft systems. Direct denial of service attacks are very rare in SMEs. Important to establish a security perimeter using a well configured Router or Firewall.
I spend a lot of time persuading small businesses that they do not need to spend huge sums of money on technical security they do not need. I would agree about some of the more complex technology but most of the NCSC guides are well written and easy to understand = a bit like reading the highway code before you start driving ....
Upvote
0
Could not agree more.
I think your experience is different to mine, so you are seeing different things . I can believe there are a lot of people out there selling expensive solutions to people who do not need them (there always are with scary things like this). Are you talking about something like people selling DDOS protection to SMEs that are unlikely targets, or excessive server hardening ?
Its not something I have come across very often. What I find most often is sloppy security. Not doing basic things like keeping software up to date (e.g. someone sets up a web server and no one touches it for an year) or ignoring good configuration practice (e.g. root ssh login with password, no firewall at all,.....). I think small (say less than 20 employees) rather than medium businesses are more prone to this as is those who have proper internal IT will get some internal lobbying for security.
Very often people are willing to pay for features but not for security. One of the NCSC's recent warnings was about moving off Python 2 (EOL at the end of this year) to Python 3. People have known this was coming for a decade, but a lot of organisations (large and small) have still not done it. I doubt there are going to be a lot of issues in Python itself, but with libraries dropping support for Python 2 sticking with it means old libraries which means you are stuck with all the holes in those. Its usually not a particularly expensive exercise (compared with original development cost, or what people typically spend on other changes to the code) but its low priority.
Upvote
0
D
Deleted member 324187
My experience is from an Operational Risk Management and Cyber Security of both IT and (OT) Real-Time Systems in large corporations. But I have also worked for SMEs. I too see similar situations where organisations fail to invest in ensuring all their software and hardware environments are kept up to date. Many breaches result from not having the latest software updates or not applying the latest patches to firewalls etc.
Legacy software is a huge threat but is incompetence of the highest form just like buying software then not taking out a full maintenance contract! Organisations such as the NHS and UK Police have been negligent in these respects .... driven by central government procurement practices.
I think we come from very different backgrounds but in violent agreement .....
David
Upvote
0
@DCS41 I am a developer rather than a sysadmin or security specialist so when I get to deal with those its in organisations small enough to ask me to do everything - so typical less then 20 employees (down to one man bands).
When I did work for an employer whose customers were larger organisations it was actually in yet another role - client facing stuff like requirements gathering and user acceptance testing. That was the transition from my previous career (posted in the "how did you get into your current business thread" if you are interested).
I can well believe most failures are from incompetence or carelessness. A very high proportion are those that become public are, and so those I know about that are not well publicised.
When I did work for an employer whose customers were larger organisations it was actually in yet another role - client facing stuff like requirements gathering and user acceptance testing. That was the transition from my previous career (posted in the "how did you get into your current business thread" if you are interested).
I can well believe most failures are from incompetence or carelessness. A very high proportion are those that become public are, and so those I know about that are not well publicised.
Upvote
0
Dr, Layla Benmusa works as a top cryptologist, within the UK and overseas.
She made a list of possible recommendations upon a private appointment.
1. She advised me that many firms do not understand encryption and are simply relying on easy solutions because they don't understand cryptography.
2. She advised me that business need to look into encryption as a method for securing data.
3. She also advised me that many her of clients have said they fear the latency but in comparison with the down time of a data breach that proves much higher and could cost more.
4. Layla advised me that most of the breaches are permitter based and that they do get breached. She also advised me many firms store the KEY within software that is often breached.
She made a list of possible recommendations upon a private appointment.
1. She advised me that many firms do not understand encryption and are simply relying on easy solutions because they don't understand cryptography.
2. She advised me that business need to look into encryption as a method for securing data.
3. She also advised me that many her of clients have said they fear the latency but in comparison with the down time of a data breach that proves much higher and could cost more.
4. Layla advised me that most of the breaches are permitter based and that they do get breached. She also advised me many firms store the KEY within software that is often breached.
Upvote
0
Latest Articles
-
The Most Dangerous Moment in Business Is When Everything Is Going WellThey Saw It Coming. They Did Nothing. The Lessons Every Business Owner...- Ozzy
- Updated:
-
AI and Your Business: Useful Tool, Not a Magic WandThere is no shortage of noise around artificial intelligence right now...
- Ozzy
- Updated:
-
Companies House WebFiling security incident: what happened, what to check, and what to do nextCompanies House has confirmed that its WebFiling service suffered a...
- Ozzy
- Updated:
-
Spring Budget 2026: A Quiet Update for UK BusinessesChancellor Rachel Reeves delivered the UK’s Spring Statement on 3 March...
- Ozzy
- Updated:
-
Practical Ways to Make Your Small Business More Resilient (Especially When the Unexpected Happens)Running a business means juggling plenty of things you can plan for and...- UKBF Editor
- Updated:
