Cyber Security Edinburgh

We help you identify risks, implement security best practice, train your team and protect your business

Cyber Security Edinburgh2023-09-15T17:25:16+01:00

How cyber secure are you?

I believe that cyber security is the biggest threat to business today. That’s why we include cyber security in our managed IT support services as standard.

Graeme Davis | Managing Director | IT Foundations

Graeme Davis | Managing Director

Even if you don’t have our IT services, don’t worry.

We want every business to be secure and on these pages, we will help you understand, develop and implement your own cyber security best practice.

Or, if you want to discuss your requirments book a free 10 minute video call with me.

Cyber Security Statistics 2021

of all businesses reported cyber security breaches or attacks
of all charities reported cyber security breaches or attacks
is the average annual cost of lost data or assets
have not done a cyber risk assessment

Official statistics for 2020 from the UK Government’s 6th annual Cyber Security Survey (published 24th March 2021)

What can you do to reduce the threats?

We recommend that every business ensure the following which is why they are included as standard in our Business IT Support services:

  • Regular backups and a business continuity plan

  • Antivirus, Antimalware and Antiransomware
  • Always up to date hardware and software

  • Firewall to protect your networks and devices

  • Security Awareness training for all employees

  • Strong unique passwords and a password manager

How can IT Foundations help your business?

IT Foundations offer start to finish security support for all systems within an organisation. Specialists work with your hardware and software. Beginning with an initial cyber security risk assessment of current practices through to implementing new measures and tracking success.  

The team at IT Foundations will take the time to understand your business fully, and identify the unique security needs. Allowing us to choose the best products and software systems to apply in each case. 

Our most common Cyber Security questions and answers

The following are the top questions that prospective customers ask us about Cyber Security. If you have a question that has not been answered here or if you want more information contact us and we will be happy help.

Rising cases of hacking and cyber crime mean it has become a sizeable challenge for small and medium sized businesses (SMBs) to protect themselves from online attackers. Cyber security protects your business against this growing threat and stops you from becoming a victim of attacks such as phishing, malware, hacking, and viruses.

When a cyber-attack takes place, the main risk to organisations is the leakage of personal and sensitive information to unauthorised parties. Resulting in the core functioning of devices and services threatened.

Cyber Security matters because the probability of your business being affected at some point is extremely high. In 2020, 39% of UK businesses were affected by hackers or a cyber attack of some sort. That’s 2 in 5 businesses and the problem is just going to get worse unless all businesses take cyber security seriously.

To understand the problem consider the following which is a typical phishing attack where company A represents one of your suppliers and Company B is your company.

  1. A person at Company A who works in the accounts department receives a phishing email advising that their account is about to go on hold unless they revalidate their password. The email looks legitimate and the person does not notice the tell-tale misspelling in the sender’s email address. They have not had any cyber security training and assume that the email is legitimate.
  2. After clicking the email link the person at Company A provides their cloud account user name and password and in doing so unwittingly allows an unknown 3rd party to have access to their mailbox. The person is unaware of this and assumes that the problem has been resolved.
  3. The 3rd party, also know as a bad actor changes some forwarding rules on the person at company A’s mailbox so that all emails containing the word ‘payment’ or ‘invoice’ in the subject are also forwarded to the 3rd party.
  4. Over time the 3rd party learns the patterns of communications and looks for a target to extort. They know exactly how the person at Company A signs emails, what a legitimate invoice looks like and what standard payment methods are.
  5. Now things are about to get interesting. Company B take Cyber Security seriously having installed the latest endpoint security software and provided all employees with cyber security policies. The person at Company B that purchases equipment from Company A has just emailed to say that they need to place an urgent order.
  6. The unknown third party spots the urgent email as the perfect target and puts their well-rehearsed plan into action. They now have all emails from company B forwarded to them and they update the rules on the mailbox to automatically delete the emails from Company B so that the person at Company A does not know about them.
  7. Now the 3rd party responds to Company B and tells them that their account is on hold and they need to make a manual payment if they want to get their order on time.
  8. Company B sees the email that appears from the person at company A and it looks normal. They reply back to say that they don’t think there is a credit issue and the 3rd party apologies and says that the finance system is having issues and they can credit back if it turns out that it’s a mistake. The whole communication seems normal with no delays between answers.
  9. The person at company B is satisfied and needs the order processed. They forward it to their manager who knows how urgent the order is and asks the accounts person to make the payment as per the invoice which looks exactly like the normal company invoice except for the new bank account details.
  10. Company B sends the money (to the 3rd party) who confirms the order will be processed. Two days later the order still has not arrived and the person at Company A is not responding to emails (they are still being deleted and forwarded).
  11. Eventually, Company A realises they have a problem and call in Cyber Security experts to investigate. Company B is out of Pocket and never get their money back. They never use Company A again.

The details of this type of attack vary a lot. But the most important point is that Cyber Security protects your business, your employees and your customers. Understanding Cyber Security risks and the impact they can have on your finances and reputation are critically important.

Cyber criminals look to attack any company with weaknesses. They don’t just target the big guys, targeting small businesses can be just as lucrative and they are often easier targets. Sadly hiding in the long grass doesn’t make small firms any less vulnerable.

Small businesses are easy targets for phishing scams and social engineering attacks as their staff are often less well trained than in larger companies because everyone is so busy. Without expert knowledge IT systems can often be accidentally exposing open doors to cyber criminals who will exploit any vulnerability that they find, and there are plenty of tools out there that spend their time crawling the internet looking for open doors.

In the simplest form, a backup means making a copy of the files stored on your devices, and any backup is better than none. However, not all methods can guarantee the same level of data protection. The experts at IT Foundations recommend using the ‘3-2-1 Rule’.

Malware is a type of software or content from the web that can threaten an organisation in many ways – the most well-known type of malware are viruses – which infect and copy software on devices.

Anti-virus software detects, prevent and eliminate any viruses picked up from the web.

Endpoint protection is a step above and includes antivirus/antimalware protection, but also offers other features such as advanced threat detection, investigation, response, device management, and data leak prevention.

It may be tempting to keep clicking the “install later” “remind me tonight” options when a software update is prompted to us on screens but delaying it too long can hinder the safety of your devices. New versions of malware are created every day around the world, which require new versions of anti-virus and software updates to fight-off.

Not updating regularly puts the device at higher risk of contraction and at some stage the updates will no longer be available, and a new software or device will be required to regain security for an organisation.

When updates are no longer available, it is known as ‘end of supported life’ and it is not uncommon. Take the recent example of Microsoft and the end of life decision for Windows 7.

A firewall acts as a filter that monitors incoming and outgoing network traffic, blocking any traffic that breaches security rules. The security measure can be in the form of hardware, software or both, and is commonly included with popular operating systems today. One of the easier methods to implement.

Talk to our IT experts today about Cyber Security to find out how we can help your business

Book a call now

Related cyber security blogs and articles

Go to Top