Very aptly in Cybersecurity Month, the DCS IT Security Workshop was held yesterday at Boston Lodge, where together with a group of DCS customers and some colleagues, we were brought up to date with the latest cyber threats that we are being bombarded with daily.
To prove a point, earlier that day, Sky News had posted an article from the National Cyber Security Centre warning of a life-threatening cyber-attack almost inevitably striking the UK.
DC Dean Russell, who is the Cyber Crime Protect Co-ordinator from the Yorkshire and Humberside Regional Crime Unit, opened the workshop with a presentation highlighting the cyber threats faced by organisations daily, including ransomware attacks, social engineering, phishing and spear-phishing emails. He stressed the importance of educating your staff to be able to spot the ‘tells’ of a phishing email as this is one of the most effective deterrents you can have in place. He also pointed the attendees towards some of the sources that are available to help limit the risk of them affecting your company, including putting policies and procedures into place to ensure that in the case of an attack you can get your organisation running again as soon as possible.
DC Russell was followed by Mackenzie Dallas, from insurance brokers, T L Dallas, who provided an informative session on what businesses need, want and expect from Cyber Insurance and what it can cover. He gave some examples of some claims, including West Yorkshire wholesaler who lost more than £1 million following a system failure because of an attack. Data breaches, which are all over the news, are even more important now that GDPR, which came into being in May 2018, has meant much higher fines can be levied on companies.
It appears that there is a dearth of one size fits all for cyber insurance and it is a case of checking with your broker what is and perhaps more importantly, is not covered by your current insurance policy. Does your policy cover you for ‘incident response’ when an attack occurs? Do you have business interruption cover as well as data and systems recovery? Every business with large databases; if your business trading is dependent on IT; if you are a brand or have a reputation conscious in the public eye or offer online interactive services you need to check your cover now.
After a quick coffee break, Rob Fearnley from ESET kicked off the second half of the workshop with some exciting new products that have joined the ESET family. ‘Safetica’ is their latest addition and works on the principle of protecting from the inside out; it can notify you when documents or data have been forwarded to an external email address or dropped on to a USB. It can provide full reporting of web activity from your employees and has the potential to block the websites they don’t need access to within work hours, as well as many other great features. He also made a great point in reminding us that it’s all well and good protecting/encrypting our company PC’s and laptops, but with the majority of us now walking around with our own “personal computers” in our pockets, usually linked to our work emails it is vital that mobile security for work and personal phones should also be addressed.
Then Chris Lord, technical director of DCS, emphasised the importance of the adage “Backup, Backup, Backup”. DCS now offer Amber Vault – our Cloud, on-premise or hybrid backup, with a version suitable for any size of organisation and the reassurance that the data is held in our secure Yorkshire based data centre. Chris also covered other DCS hosted services including server monitoring, website hosting, Office 365 and our own Time, Attendance and Project Expenses software (TAPE) developed by our programming team. A recent addition to the DCS portfolio of cloud products is the Advanced Business Cloud Essentials, a cloud ERP/accounts solution.
It was certainly a thought-provoking session with many attendees commenting that they were going back to their offices to check what measures they had in place and wanting a DCS IT security health check audit of their current systems.
From feedback the main take away points from the sessions were:
I am the first line of defence and need to be vigilant when going onto websites or opening emails.
DCS offers a Security Awareness Training and Testing (SATT) which starts with a baseline vulnerability check of all users, followed by online video training covering everything that is relevant to modern cybercrime attacks and then on-going monthly bespoke targeted phishing emails.
To check what current insurance policies cover
Talk to your Broker, it may be worth considering using the same insurer for all policies so there is no overlap with other policies.
What policies and procedures are in place to protect against an attack – how do you ensure that you have access to your company’s data should the worst happen. What measure do you need to put in place?
DCS offers a range of support contracts, including a Ransomware Contract and offers a free IT Security health check.
No one can afford to be glib in the face of ever-increasing cyber threats – being informed and aware can make all the difference.