How Hackers Exploit Rural Businesses (And How You Can Fix It)

Since the outbreak of the you-know-what virus, we have seen a drastic increase in cyberattacks directed at businesses, big and small, all around the world. This is, without a doubt, attributed to the fact that working from home environments have also increased drastically in such a short period of time. This rapid change in working environments has and is continuing to change the methodologies of cyber criminals as well as the cyber threatscape as we know it, and businesses all around the world may find it hard to keep up with all of these rapid advancements in modern technology. Everyone knows that you should try your best to not be an easy target, but for some, maybe even most organisations, it can be a little unclear on what makes you an easy target in the first place. What can you do to make sure you’re not one of them, and more importantly, how can you go about remediating that? In this article, I will go over some common methods of attack for hackers so you can get a feel for how they might go about exploiting some weak points in your business. In doing so, you can apply this knowledge to better the security of your organisation. Enjoy!

Common Hacking Technique: Social Engineering

 

“Social.. engineering?” I hear you say, confused. “What does that mean?” Although you may not have heard the technical term before, this is an extremely common technique that hackers use with most of, if not every single attack they carry out. It is a broad term that encompasses many attacks, but they all accomplish the same goal: getting information out of people.

 

One example of a social engineering attack is called a phishing scam, an example of which being the “CONGRATULATIONS YOU JUST WON SOMETHING, JUST ENTER YOUR PERSONAL INFO HERE”, or the classic Nigerian prince scammer.

Just keep in mind that this is one of many examples of a social engineering attack, this is by no means an exhaustive list. There are other forms of this such as vishing, SMSing and spearphishing.

“Oh, I know about those emails, they’re so easy to pick out. That’s how people get hacked?” I hear you ask.

 

Well, yes, but it’s a little more complicated than that. See, there’s the difference between a planned-out cyberattack and some guy who’s trying to get your data: sophistication. You can think of the “Congratulations, you just won..” scam as nothing more than a petty thief trying to make some quick cash. These thieves don’t understand how people work, they resort to drastic measures extremely quickly and as a result, they stick out like a sore thumb. Cybercriminals, however, are more sophisticated in how they launch their attacks. They’re still the same petty criminals in a way, but they understand that most people look past those generic scams, so they do some research into the services your business uses. This might be anything from your electricity provider to the tools you used to build your website, and send you an email based on that information.

 

Let’s say you used WordPress to make your website, just as an example. A hacker might see this and craft a fake email that tells you to update your account, or get access to a brand-new exclusive WordPress feature. All you need to do is type in your account details. Sounds like a pretty good deal! In other words, the best scams are the ones that go completely over your head. Pretty smart, hey?

 

Common Hacking Technique 2: Remote Working Software

 

Going back to the point written at the beginning of this article, technology is rapidly expanding to the point where we are finding it extremely difficult to keep up. With this comes the undeniable fact that vulnerable softwares have been, and are going to continue to be exploited. The problem is, most people don’t even realise that the things they use on a daily basis are vulnerable to cyberattacks. Take the recent “Zoom-bombing” phenomenon for example, a vulnerability where people can easily log onto any Zoom meeting they want. Furthermore, Zoom does not follow the best security practices in general (such as end-to-encryption) and for this exact reason, it is highly recommended that you replace Zoom with another meeting software such as Microsoft Teams or FaceTime as they are much more secure and less susceptible to cyberattacks.

 

What Can You Do?

 

All of that stuff is great (and maybe a little scary), but what can YOU actually do to improve your security as a business?

 

  1. Checking and maintaining your security posture

 

I wrote an article about this topic a while ago, and every point on here still applies. Security posture is absolutely essential in keeping your organisation as secure as possible, so please do not overlook it.

 

  1. Making cybersecurity a top priority in your organisation

 

Many businesses don’t have cybersecurity as a priority and get surprised when they get hacked. If you don’t want to get hacked, it is highly recommended that you put more budget into your cybersecurity and run through training programs (e.g. phishing simulations) with your employees. To say it will help you out greatly is an understatement.

 

  1. Do your homework!

 

By “doing your homework”, I mean looking into the software that you use for anything business-related, and making an educated decision on if you should really be using it or not. Truthfuly, everything is vulnerable in one way or another, but making sure that your business cannot be exploited by cybercriminals EASILY is the key. By making it just that little bit harder for hackers to obtain your sensitive information, you have made your organisation even more secure!

 

  1. Communication with your employees!

 

I cannot stress the importance of this enough. In any situation, communication is ALWAYS key! Make sure that you as well as your employees know what they are doing as much as you can, make sure they know what to look out for. If they don’t, then do your best to clear up any confusions, both for you and your employees. It will help out everyone involved if everyone knows what their place is and what they’re doing, and that includes you too.

Certification Body Awarded

Today we received confirmation that we were registered as a certification body for the NCSC Cyber Essentials scheme and the IASME Governance. We are the first, and only, certification body within the Islands. Meaning that we are able to assess to Cyber Essentials and shortly Cyber Essentials Plus for any business located in the UK. However, we have a unique insight into rural and remote business workings that can benefit any business in the Highlands and Islands requiring this certification.

 

The NCSC provide some overview of the Cyber Essentials and Cyber Essentials Plus certifications:

Working From Home Security Tips

When you work from home, the line between your personal self and professional self may blur.

The risk of identity mix-ups and misplaced data is constant. One email sent to the wrong address or one ill-advised selfie posted to your social media profile could be disastrous.

To reduce the potential for such disasters and for better work-life integration, separate your work and personal life in the digital world:

1. Have Distinct Online Identities
Start with your work email. Don’t use this address to sign up for services that aren’t related to your work. Use your personal email address instead.

You might also want to have separate social media accounts for work and personal use. After all, professional networking on social media has certain dos and don’ts that may not apply to the personal sphere.

2. Use Separate Devices
If you limit your work-related tasks and personal ones to distinct devices, you don’t have to worry about any mix-ups of data or identity.

3. Storage
Don’t use company supplied storage to keep all your personal files. Data retention policies may apply to storage areas which means that data could be removed.
Don’t use non-approved corporate cloud solutions, to store work data. It puts that data outside the control of your employer for which it may have legal and/or contractual requirements to keep safe.

What Is Security Posture?

What is Good Security Posture and how do you achieve it?

Security posture is a term that comes up a lot in the vast world of cybersecurity. But what does it actually mean? And more importantly, why should you have good security posture in YOUR organisation? How do you achieve this? In this blog post, I will answer all of these questions.

What is security posture?

Put simply, security posture refers to any organisation’s ability to defend against cyberattacks. This could be anything from an email with a malicious link to a breach of sensitive information within your organisation, both of which should and will be taken just as seriously as the other. Having good security posture is essential for ANY company or organisation because a breach of inside information can happen to anyone, not just cybersecurity or tech companies. You might be thinking “why does it matter if my company’s inside information is compromised? Why should I care?”
 
Why is having good security posture so important?
Before I answer this question, I need you to consider this analogy.
Your business infrastructure is like a brick wall, sturdy, well thought out and hard to break into. Right? And this brick wall contains all of the names of your employees, all of the phone numbers, email addresses etc. and it is the infrastructure’s job to associate these phone numbers and other information with the employees they belong to. You can think of cyberattackers as the people that want to break this brick wall in any way that they can. After snooping around for a while and finding out how the material of the bricks are composed, they can find a weakness in it. Some will simply use a hammer and try to break in through sheer brute force (no pun intended), but real attackers know not to do this in practice, as it will put too much attention on them. They are smarter than that and they make sure to be as sneaky as possible, so as to not set off any red flags.
Cyber-attacks and the methods that these attackers use are constantly evolving. With enough snooping around your company’s infrastructure, they WILL find a weakness, and there is no exception to that rule.
An experiment conducted by Rapid7 that took place in 2019 showed that 45 out of their 60 CEO test subjects fell victim to a whale phishing attack (an email that gets sent out to a CEO pretending to be someone of high executive level, getting them to click a malicious link)! That’s three quarters of everyone there!
This is how breaches of sensitive information happen within organisations, all they need is one single vulnerability and an exploit to use it with, and boom! They got your data (credit card details of employees, phone numbers AND on top of that, names and possibly faces associated with those details)!
They’re ready to sell it off to a third-party for money or Bitcoin, where those third-parties can snoop around with that information and find even MORE vulnerabilities. That’s not good, and that is why you should always keep your business’ infrastructure up to date with the latest software (there are less vulnerabilities that way, AND the data that was sent to the third party won’t match up anymore because you updated your infrastructure!)
 
 
What can you do to improve your security posture?
Before improving your security posture as a company, you need to keep in mind that everyone makes mistakes! Everyone is going to slip up and click on a link one day, that is inevitable. It is also highly likely that your company WILL get breached in the future, so the best way to do this is to recognise everyone in your company as a valid person so you can collectively prevent this from happening in the best way possible, and that is, as a team! When a breach occurs, don’t fight about who you thought messed up, instead it would be beneficial for everyone to all come together as a team and think about what you can improve on next time!
Now, onto the main point. How can YOU improve on your security posture?
 
How to improve on your security posture
There are multiple ways of doing this, and this may come as a surprise, but security posture is NOT limited to the digital realm! Meaning that your people have a play in this too, which is why it is essential to treat your employees as real human beings, all the while training and reminding them to remain sceptical of possible threats!
 
The main ways you can achieve and maintain good security posture in your company is as follows:
1. Take regular cybersecurity risk assessments (understand how threats impact on your organisation)!
2. Use 2-Factor Authentication (in simple terms, verification from a secondary source before trust)
3. Understand that cyber threats aren’t limited to the digital world (people are also a vulnerability and attackers can find a way into your infrastructure through them!)
4. Be sceptical of people. Don’t trust the first thing that everyone says!
5. Don’t get complacent! Good security posture is a philosophy that needs to be practiced daily!
6. Take cybersecurity seriously!
7. ALWAYS update your software.
 
And most importantly…
Train your employees in all of the above things! Work as a team and communicate with each other.
 
 
In conclusion, good security posture is essential for ANY organisation to keep their inside information safe and secure. This is important to protect because this information can consist of your employees’ phone numbers, names and credit card details, maybe even yours! You can practice good security posture by following the above steps and also by taking cybersecurity as a domain and as a practice seriously!
By implementing these steps into your organisation as a daily practice, attackers will find it immensely harder to break into your business infrastructure. Furthermore, implementing this philosophy into your organisation will make it much harder for cyberattackers to get their hands on your inside information, keeping your infrastructure secure and intact.
Written by:
Wil Streete
https://www.linkedin.com/in/wil-s-0066881b2/

What Is Cybersecurity?

What is Encryption?

If you run a business and have done some research on how to keep your data secure, you have probably come across the word “encryption” numerous times before. But what does this “encryption” mean? What exactly does it do, how does it work, how is it implemented and why does it matter?
Put simply, encryption is an umbrella term for any mathematical algorithm that makes your company’s data look like complete gibberish to anyone who is not authorised to look at or access it. This is why it is so important because without encryption, sensitive information of your employees as well as your company’s infrastructure would be freely available to cybercriminals! They wouldn’t even need to use a password!
Encryption is achieved through an encryption standard, which consists of these two things:
1. Mathematical algorithms (this is what encrypts the data)
2. Cryptographic keys (a secret password used to encrypt and decrypt information)
There are lots of different encryption standards in the world, but the basics of it remain the same.
Let’s say you want to send a message to a friend that says “Bob, stop trying to make fetch happen”. However, instead of sending it off in plain English, you want to make sure that only the recipient can tell what it means. This concept is at the very core of encryption.
How does it work?
Encryption works by taking “plaintext”, which is text in plain English and converting it into “ciphertext”. This is a process that uses a spicy combination of mathematical algorithms and cryptographic keys.
There are two methods of encryption: symmetric and asymmetric encryption. Asymmetric encryption uses a “public key” as well as a “private key”. All information is encrypted through both keys, however only the private key can be used to decrypt it (hence the name, it should be exchanged privately).
In contrast, symmetric encryption uses the same key to encrypt and decrypt information. It also runs faster than asymmetric cryptography as the key length is shorter, making it more convenient, however it is not as secure as its asymmetric counterpart.
At the start of this blog is a visual aid of how asymmetric encryption (also known as public-key encryption or public-key cryptography) works. Notice how both keys are mathematically linked, this is to make sure that your average everyday person can’t just come up with a random private key and decrypt the message.
How is it implemented?
“Okay, all of this is great”, I hear you say. “But how is it actually used and how often is it used?”
Good question! Encryption is actually used in our everyday lives and it can be found all over the place! Emails? Yep, Google uses an encryption protocol known as TLS! Websites? You betcha. Even databases! This whole process gets implemented into code, which makes it a lot easier for us because the public and private keys are all verified by computer programs that this code runs on, meaning that we don’t have to worry about doing all that hard work!
Pretty much everything that you interact with online has some form of encryption standard implemented in the code! (Facebook being an exception to this rule..)
Beware of which standard you use…
As previously mentioned, there are many different encryption algorithms that can be used to protect your company’s data. Some of these standards are very robust, however some of them can be outdated, so make sure to do your research first!
Some modern and robust encryption standards include but are not limited to:
• Advanced Encryption Standard (AES)
• RSA (with a minimum of 2048-bit keys)
• Twofish and Blowfish (symmetric-key encryption, a lot of e-commerce platforms use this)
• International Data Encryption Algorithm (IDEA)
There are some encryption standards such as DES that are no longer considered secure so if you want your company secured in the best way possible, please make sure that the standard you are using is secure and up to date!
Important Note!!
Another thing worth pointing out is the following, exemplified in a quote by a hacker known as Kevin Mitnick:
“Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain- the people who administer, operate, and account for computer systems that contain protected information.”
What Kevin is saying here is, no matter how secure your encryption standards are, you need to make sure that your employees know how to safely handle this information and who they should share it with! One slip-up can potentially cost you MILLIONS of dollars, so make sure to communicate clearly and make sure that everyone knows what they are doing.
Using strong encryption keys is also very important. Like I said before, it’s like a password, so the stronger it is, the harder it is for hackers to crack!
What we’ve learnt and what you can do
So, in conclusion, we’ve learnt that encryption is an umbrella term used for a mathematical algorithm that makes your company’s data look like nonsense to prying eyes. This is achieved by converting plaintext into ciphertext, which can be encrypted and decrypted through a set of keys (or just one key if you’re using symmetric encryption). Symmetric-key encryption is less secure than asymmetric-key encryption, however it is faster and more convenient.
The encryption standard you use always makes a MASSIVE difference because it can mean the difference between getting your data stolen (which also implies a large cost in disaster recovery) or keeping it safe and secure.
You can know for certain that your company is using encryption in the safest and best way possible by implementing the following rules:
• Training your employees to ONLY share information with trusted sources
• Use STRONG encryption keys
• Use up-to-date encryption standards
• Clear communication and clarification (make sure everyone knows what they’re doing and work as a team!)
Thank you for reading this blog post and I hope I have helped you out in keeping your company’s data secure, locked away and safe from cyber-criminals.
References:
https://privacyaustralia.net/complete-guide-encryption/

What Is Encryption

What is Encryption?

If you run a business and have done some research on how to keep your data secure, you have probably come across the word “encryption” numerous times before. But what does this “encryption” mean? What exactly does it do, how does it work, how is it implemented and why does it matter?
Put simply, encryption is an umbrella term for any mathematical algorithm that makes your company’s data look like complete gibberish to anyone who is not authorised to look at or access it. This is why it is so important because without encryption, sensitive information of your employees as well as your company’s infrastructure would be freely available to cybercriminals! They wouldn’t even need to use a password!
Encryption is achieved through an encryption standard, which consists of these two things:
1. Mathematical algorithms (this is what encrypts the data)
2. Cryptographic keys (a secret password used to encrypt and decrypt information)
There are lots of different encryption standards in the world, but the basics of it remain the same.
Let’s say you want to send a message to a friend that says “Bob, stop trying to make fetch happen”. However, instead of sending it off in plain English, you want to make sure that only the recipient can tell what it means. This concept is at the very core of encryption.
How does it work?
Encryption works by taking “plaintext”, which is text in plain English and converting it into “ciphertext”. This is a process that uses a spicy combination of mathematical algorithms and cryptographic keys.
There are two methods of encryption: symmetric and asymmetric encryption. Asymmetric encryption uses a “public key” as well as a “private key”. All information is encrypted through both keys, however only the private key can be used to decrypt it (hence the name, it should be exchanged privately).
In contrast, symmetric encryption uses the same key to encrypt and decrypt information. It also runs faster than asymmetric cryptography as the key length is shorter, making it more convenient, however it is not as secure as its asymmetric counterpart.
At the start of this blog is a visual aid of how asymmetric encryption (also known as public-key encryption or public-key cryptography) works. Notice how both keys are mathematically linked, this is to make sure that your average everyday person can’t just come up with a random private key and decrypt the message.
How is it implemented?
“Okay, all of this is great”, I hear you say. “But how is it actually used and how often is it used?”
Good question! Encryption is actually used in our everyday lives and it can be found all over the place! Emails? Yep, Google uses an encryption protocol known as TLS! Websites? You betcha. Even databases! This whole process gets implemented into code, which makes it a lot easier for us because the public and private keys are all verified by computer programs that this code runs on, meaning that we don’t have to worry about doing all that hard work!
Pretty much everything that you interact with online has some form of encryption standard implemented in the code! (Facebook being an exception to this rule..)
Beware of which standard you use…
As previously mentioned, there are many different encryption algorithms that can be used to protect your company’s data. Some of these standards are very robust, however some of them can be outdated, so make sure to do your research first!
Some modern and robust encryption standards include but are not limited to:
• Advanced Encryption Standard (AES)
• RSA (with a minimum of 2048-bit keys)
• Twofish and Blowfish (symmetric-key encryption, a lot of e-commerce platforms use this)
• International Data Encryption Algorithm (IDEA)
There are some encryption standards such as DES that are no longer considered secure so if you want your company secured in the best way possible, please make sure that the standard you are using is secure and up to date!
Important Note!!
Another thing worth pointing out is the following, exemplified in a quote by a hacker known as Kevin Mitnick:
“Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain- the people who administer, operate, and account for computer systems that contain protected information.”
What Kevin is saying here is, no matter how secure your encryption standards are, you need to make sure that your employees know how to safely handle this information and who they should share it with! One slip-up can potentially cost you MILLIONS of dollars, so make sure to communicate clearly and make sure that everyone knows what they are doing.
Using strong encryption keys is also very important. Like I said before, it’s like a password, so the stronger it is, the harder it is for hackers to crack!
What we’ve learnt and what you can do
So, in conclusion, we’ve learnt that encryption is an umbrella term used for a mathematical algorithm that makes your company’s data look like nonsense to prying eyes. This is achieved by converting plaintext into ciphertext, which can be encrypted and decrypted through a set of keys (or just one key if you’re using symmetric encryption). Symmetric-key encryption is less secure than asymmetric-key encryption, however it is faster and more convenient.
The encryption standard you use always makes a MASSIVE difference because it can mean the difference between getting your data stolen (which also implies a large cost in disaster recovery) or keeping it safe and secure.
You can know for certain that your company is using encryption in the safest and best way possible by implementing the following rules:
• Training your employees to ONLY share information with trusted sources
• Use STRONG encryption keys
• Use up-to-date encryption standards
• Clear communication and clarification (make sure everyone knows what they’re doing and work as a team!)
Thank you for reading this blog post and I hope I have helped you out in keeping your company’s data secure, locked away and safe from cyber-criminals.
References:
https://privacyaustralia.net/complete-guide-encryption/

Hebrides Office

The Outer Hebrides of Scotland has long been a location we’ve dreamed to have an office and we’ve finally made it happen. From our office just outside Stornoway, we’ll pioneer Cyber Security on the Islands.

As the first Cyber Security company to operate in the outer Hebrides our initial goal is to become the only business in the area to become approved assessors for the governments Cyber Essentials certification. This will allow us to carry out assessments to NCSC standards and provide local businesses with a point of contact for all Cyber Security questions.
Cyber Security is one of the unique fields where the vast majority of the work can be carried out remotely, allowing us to take our skills anywhere in the world, right from these picturesque islands.
We successfully piloted our apprenticeship scheme in Edinburgh and will continue this scheme in the Hebrides in the near future. We’ll bring highly skilled jobs to The Isle Of Lewis and be part of the solution of continuing employment in the islands. If you are interested in working with us, please email a CV to info@cdsec.co.uk or check the vacancies section of our website for more details. https://cdsec.co.uk/vacancies
If you are a local business and are interested in getting in touch to discuss your Cyber Security requirements, please fill out our contact form or email us to arrange a meeting.

Rural And Small Business Security

A Rural And Small Business’s Guide to Ransomware

Oh no! You arrive at work this morning after the daily commute, luckily there’s not too much traffic out here. You make the final turn towards the office, sighing contently as you park your car and make your way inside. “Today’s going to be a good day”, you think to yourself as you assertively readjust your tie. Once inside, you notice that there is something noticeably different about your computer. You try to open your documents, but they have a weird extension on the end and when you open them, they want you to pay to access the contents! Everyone else in the office is having the same issue as you, and the file is saying that it can only be accessed if a certain amount of money is sent to a Bitcoin address! What should you do?!
A lot of not only rural companies, but people, can fall victim to one of these cyberattacks. This attack in particular is called a “ransomware” attack. These are the most common types of attacks that small companies receive and they can be devastating. However, they can be stopped! In this blog post, I will tell you
1. What ransomware is
2. How it affects REAL businesses
3. WHY you should care
4. What you can do to prevent these attacks!
Enjoy!
What is ransomware?
Put simply, ransomware is the name of a type of cyber-attack that prevents you from accessing ANY of your company data that the attacker was able to access. It does this by using a technique known as “encryption”, which basically means it makes the contents of the files look like complete gibberish when opened. This is achieved with a key (like a password), which can be used to scramble and de-scramble your company data. The attackers are the only people who know what this key is and they will only give it to you if you pay a sum of money for it (hence the name ransomware)!
Ok, I know what you’re thinking. “I’m a small business owner with a small number of employees. Why would hackers be interested in my business? There are so many OTHER corporations out there with much more employee information and data for them to sell off to third parties. So, my company is safe. Right?” Well.. not exactly.
See, hackers are smart. They’re not your average criminal that walks into a bank wearing a ski mask with a gun, asking for money. They know how people work and they will do ANYTHING in their power to, first off, find loopholes in any system (whether that be a human system, computer system etc.), and secondly, NOT GET CAUGHT. Hackers can even get past antiviruses and they know that small businesses are less likely to have solid security posture and are more likely to pay the ransom, which puts these types of businesses in a vulnerable position! Think about your own business, how long could you function without access to your companies’ data?
It is best to take cybersecurity seriously and proactively implement solid security posture, no matter how big or small your company is! You can read up on the basics of how to do that here: https://cdsec.co.uk/security-posture
Why you should care (Case Studies)
“Ok, that makes sense, but you still haven’t explained why I should care yet. My company doesn’t have much IT infrastructure and if it gets hit with a ransomware attack, what actually happens?”
You can see a real-life example of this happening at the University of the Highlands and Islands this year:
In the article, it says that “the cyber-attack had affected the university’s key systems and services at all campuses.” Most of the Universities systems have been offline since the start of the attack and the majority of classes are not running. Our local chain of universities is currently being held to ransom by attackers. This is some really serious stuff and it puts YOUR personal data as well as your employees’ data at risk! The damages caused by cyber-attacks can also cost you a LOT of money. According to IBM Security, the global average total cost of a data breach in 2020 is $3.86 Million US Dollars! That’s £2.7 Million Pounds! Thankfully, the University has access to the resources to resolve the attack without having to pay the ransom. They will have backups in place that can be restored and replace the encrypted files with the originals. But it’s not as simple as doing that, they first need to eliminate the threat and ensure the systems are clean before restoring the data, Otherwise the ransomware will continue to encrypt the restored data.
Another very recent example of a Public Body that fell victim to of cyber-attacks is this article published by SEPA: https://www.sepa.org.uk/about-us/cyber-attack
A very similar example to UHI, where a ransomware attack took hold and disabled the computer systems for a prolonged period of time. SEPA is another organization that has access to vast resources and direct help from the National Cyber Security Centre and yet it still took weeks to fully restore and recover from the attack.
We can see from both of these examples, that even with the money and manpower available to these organizations, it is a long process to recover from a ransomware attack. Most small businesses don’t have access to the resources to respond in the way UHI & SEPA have done and yet still don’t make any moves to protect themselves. We’ve seen one too many small and rural businesses have to recreate their entire company data from scratch because they didn’t have the basics in place. Years of work is wiped out in seconds and irrecoverable.
How to protect & recover from a Ransomware attack
Before all of this, the MOST important thing to do is NOT pay the ransom! These hackers want money, but there are other ways of getting around it If you don’t know what to do, then ask someone, whether that be ourselves, another external organization or even an employee. But, do NOT pay the ransom!
With that being said, if your company gets attacked, then it is highly recommended that you follow SEPA’s approach in how they recover from this.
1. Make a plan
2. Consult Cyber Security & IT Professionals
3. Be public and COMMUNICATE about it! Especially to your employees! If this is not addressed and acknowledged to everyone in the company and possibly other authorities if needed, it could result in more internal issues such as trust and more damage to the infrastructure of your company! There’s no shame in seeking help when you need it 🙂
4. Keeping everyone updated. Not only is communication one of the most important things to do in this situation, but CONSISTENT communication is even more important. Make sure everyone works as a team, encourage one another and ALWAYS keep communicating to make sure that everyone knows what they are doing!
By implementing these three basic things, you can be sure that your company as well as your company’s infrastructure and personal files will be recovered from that nasty cyber-attack in no time. Of course, it’s much better to prevent, than respond. There are a number of different things you can do now to prevent this from happening to your business.
1. Consult a Cyber Security Expert to examine your business and its systems
2. Engage with the Governments Cyber Essentials Scheme
3. Review the NCSC guidance on preventing Ransomware
4. Keep regular offsite backups of all vital company information
5. Run antivirus, antimalware and antispam systems
What have we learnt?
So, in conclusion.. we have learnt that:
1. Cyberattackers are not a threat to be reckoned with. They are smart. But if you know what to do, you can keep the integrity of your company and your company’s infrastructure safe.
2. Do NOT pay the ransom! Use online decryption tools or ask someone that you know who knows about how to deal with cyber-attacks!
3. Consistent Communication and working as a team is KEY for disaster recovery. This will allow your company to work at maximum capacity, sharing and distributing the workload instead of you having to do all the work. I bet that takes the stress off!
4. Overall, implement a good security posture and take cybersecurity seriously!
Once you start implementing these strategies into your company, you will not only have piece of mind when an attack does occur, but you will have saved a lot of money because you know exactly what to do!
We can help you along the journey to becoming secure with everything mentioned in this blog. Please do reach out to us for an expert understanding of rural and small businesses and how to implement these safeguards on a small business budget.

The Importance Of Teamwork

We are delighted to announce our successful certification to Cyber Essentials and IASME Governance. Gaining Cyber Essentials and IASME Governance, a Government backed scheme, is a simple yet effective way for organisations to demonstrate their commitment to cyber security.
With cyber threats increasing in both volume and sophistication, Cyber Essentials and IASME Governance demonstrates that a business has introduced proven cyber security and information assurance controls that help protect against a range of the most common internet based cyber threats.
Implementing proven cyber security controls, is important to our business. Gaining Cyber Essentials was important to demonstrate to our current and future clients that we take security seriously. We’re delighted our investment has paid off.
The protection of our own data, and that of our clients, is key to our business. These certifications demonstrate we are doing the
fundamentals correctly. We’re delighted our investment has paid off.
These days, cyber threats can target vulnerabilities just as much as they target specific organisations. In that regard, no business is immune from this modern-day threat.
The certification has been awarded through the National Cyber Security Centre’s Cyber Essentials Partner, the IASME Consortium. Dr Emma Philpott, CEO of the IASME Consortium said, “We’re delighted for Closed Door Security and I congratulate them for recognising the key role cyber security plays in any organisation. These certifications are also a true demonstration to their clients that Closed Door Security has considered the importance of their customers’ security as much as their own.”
Cyber Essentials and IASME Governance is the latest addition to the wider portfolio of certifications. The UK Government recognise the challenge from the current cyber threat and have the ambition to tackle it head on. Cyber Essentials is very much part of the National Cyber Security Strategy and through gaining the certification, certified company name is making an
important and valuable contribution towards the Government’s aim of making the UK the safest place to do business online.
Being awarded these certifications is the first step in becoming the only certification body for these schemes in the Western Isles and soon after, to become the only certification body to offer Cyber Essentials Plus within the whole of the Highlands And Islands.

Cyber Essentials

We are delighted to announce our successful certification to Cyber Essentials and IASME Governance. Gaining Cyber Essentials and IASME Governance, a Government backed scheme, is a simple yet effective way for organisations to demonstrate their commitment to cyber security.
With cyber threats increasing in both volume and sophistication, Cyber Essentials and IASME Governance demonstrates that a business has introduced proven cyber security and information assurance controls that help protect against a range of the most common internet based cyber threats.
Implementing proven cyber security controls, is important to our business. Gaining Cyber Essentials was important to demonstrate to our current and future clients that we take security seriously. We’re delighted our investment has paid off.
The protection of our own data, and that of our clients, is key to our business. These certifications demonstrate we are doing the
fundamentals correctly. We’re delighted our investment has paid off.
These days, cyber threats can target vulnerabilities just as much as they target specific organisations. In that regard, no business is immune from this modern-day threat.
The certification has been awarded through the National Cyber Security Centre’s Cyber Essentials Partner, the IASME Consortium. Dr Emma Philpott, CEO of the IASME Consortium said, “We’re delighted for Closed Door Security and I congratulate them for recognising the key role cyber security plays in any organisation. These certifications are also a true demonstration to their clients that Closed Door Security has considered the importance of their customers’ security as much as their own.”
Cyber Essentials and IASME Governance is the latest addition to the wider portfolio of certifications. The UK Government recognise the challenge from the current cyber threat and have the ambition to tackle it head on. Cyber Essentials is very much part of the National Cyber Security Strategy and through gaining the certification, certified company name is making an
important and valuable contribution towards the Government’s aim of making the UK the safest place to do business online.
Being awarded these certifications is the first step in becoming the only certification body for these schemes in the Western Isles and soon after, to become the only certification body to offer Cyber Essentials Plus within the whole of the Highlands And Islands.