Is Your Technology Supplier Fully Protecting You From Potential Cyber Attacks?
Blog by Duwayne Lake, Operations Director of Veco™
New research* from The Cyber Security Breaches Survey* reveals that Cyber attacks on UK organisations is on the increase, with almost a third (32%) of businesses and 24% of charities overall recalling breaches or attacks from the last 12 months. (*Source: A study for UK Cyber Resilience, April 2023).
Cyber attacks are much higher on medium businesses (59%), large businesses (69%) and high-income charities with £500,000 or more in annual income (56%).
It is estimated that UK businesses have experienced around 2.39 million cyber-crimes of all types and 70,000 non-phishing cyber-crimes in the last 12 months. The mean cost of businesses experiencing any cyber-crime other than phishing was £20,900 over the last 12 months.
With the ever-increasing risk of cyber threats and with the majority of products, services and applications in the cloud, estate agency suppliers may have full control of their data. Therefore, it is essential that agents are confident in the supplier’s cyber security credentials.
It is important to ensure all suppliers are ISO certified in the relevant areas, or at least are working towards, and are in alignment, with ISO requirements.
However, if your suppliers aren’t ISO certified, don’t be afraid to ask for evidence of their relevant processes and procedures, such as a copy of their information security policy and other relevant documentation.
Hackers are also widening their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These make for a rich source of sensitive data given that most organisations’ employees continue to work remotely.
Agents need to be extra vigilant and ensure they have educated their staff on the risks and have implemented the measures that will boost their protection.
Below are some ways in which agents can increase their protection from cybercrime:
Text Messages
Cyber criminals are increasingly turning to text messaging for scam and phishing attempts to gain access to your bank and other accounts, so staff should be wary and vigilant when receiving and actioning text messages.
Phishing Emails
Educate staff to be aware of and alert to ‘phishing’ emails. They often come from a known contact where their email account has been breached and accessed by hackers and scammers, who will send an online link to a document asking you to enter your email address and password to ‘login’, but is in reality just sending these details onto the hackers.
Passwords & Updates
Always use strong passwords for everything, including PC access & email accounts and always use two factor authentication (2FA/MFA) where possible. Any mobiles that contain work related data should have passcodes/pattern locks or biometric locks enabled. Keep all software and operating systems, firmware, and firewalls up to date.
System Access
If giving suppliers access to your servers, ensure the connections are secure. As a minimum, don’t leave any access wide open to the public internet and use methods such as restricting access by IP address, but preferably using more secure connection methods such as VPN’s. The same applies for remote workers.
Public Email Addresses
Try and avoid making company email addresses publicly available, particularly individual and senior staff email addresses. Hackers will find these on your website, or other publicly available site and then spoof the email addresses.
If you have any concerns about your IT security and would like a no obligation consultancy session with one of our cyber security experts, please email info@evolutionit.uk or call 01372 389 250.