Your employees are your number one cyber-security threat. A sad fact, but true. They’re often the main gateway through which hackers try to worm their way into your business. After all, it only takes one click on one wrong link in an email, for cyber-criminals to get in. But your staff can also be your best protection against threats.

With so many potential vulnerabilities in every business IT system, there is no “silver bullet” - no single safety measure that will let you sit back and relax, knowing your IT is safe and data is secure. Most of the risks are ongoing and constantly changing. They need an active approach to stop your business falling victim to a data breach or malicious cyber-attack.

Using weak passwords is risky. So is using the same password across different services. If you do this, it means that once somebody has your email address and password, they’ll find it incredibly easy to access your other accounts.

There’s been plenty of security events since the start of this year, far too many for us to feature all of them separately. This month we’re highlighting a few of these that have had big impacts, and outline some of the measures you can put in place to combat cyber risks.

We hear a lot of talk about cyber threats and attacks. This month we take a look at what these terms mean. A cyber attack is an assault launched by cybercriminals using one or more computers against a single, or multiple computers, or networks. Cyber attacks come in a variety of different forms. We take a brief look at these below.

Google has flagged 2.02 million phishing sites since the beginning of the year, averaging forty-six thousand sites per week, according to researchers at Atlas VPN. The researchers note that the number of phishing sites peaked at the start of the year, which correlates with the start of the pandemic. “Data also reveals that in the first half of 2020, there were two huge spikes in malicious websites, reaching over 58 thousand detections per week at the peaks,” the researchers write. “The second half of the year seems more stable, which is not a positive thing, as there are around 45 thousand new copy-cat websites registered every seven days.” Atlas VPN says the number of new phishing sites has been steadily increasing each year since 2015, but it’s now higher than it’s ever been. Google and other companies do a good job of tracking down malicious sites, but attackers can easily scale their operations and set up new sites to stay ahead of efforts to shut them down. New-school security awareness training enables your employees to spot these sites on their own.

If you’ve already taken the great step of setting up Multi-Factor Authentication (MFA) for your Microsoft 365 account you may be able to make the authorisation process easier for yourself. While the traditional setup worked by having a code sent to your phone which you then typed in, there are now options for “push” notifications where you can simply choose “approve” on your phone which then confirms the login for you.

What is the cloud and how do we protect it? Security note about protecting your cloud data – not just a backup solution You may have come across people talking about ‘cloud’ storage and software that runs in ‘the cloud’. But what exactly is ‘the cloud’, and why should you care about it?

We often talk about ransomware, but what is it? How does it spread? In this article we cover off some basic facts about Ransomware and go over some recent well-known widespread attacks.