Published: February 14, 2022, 1:34 p.m.Fredrik Nyberg is an IT consultant at Telia. Do you think that cyber attacks mostly affect large, multinational companies? It is a myth. – Seven out of ten IT attacks are aimed at smaller companies. It’s not about when you are attacked, says Fredrik Nyberg, IT consultant at Telia. Here are his five concrete pieces of advice to increase security.Make it easier and safer to be a small business owner – read more here about Telia’s offers Security issues are becoming increasingly important even for smaller companies. When Telia asked about 850 small business owners around Sweden what services they want at Telia, IT security and ID protection ended up at the very top of the list. – Hackers and organized crime have merged for a few years and are targeting companies of all sizes , even the smallest. Seven out of ten attacks are aimed at companies that have five to 150 employees, says Fredrik Nyberg, IT consultant and security expert at Telia.
Here are the most common attacks
What type of attacks are most frequent right now? – So-called spoofing is very common. It can be a spoofed email that appears to come from the company’s CEO and urges the finance manager to make a quick payment. Another method is phishing where email boxes are hijacked and you get a fake link that looks like it goes to a reputable company. There you may be asked to log in and provide your information. What “all” companies fear is ransomware – also called cryptovirus, hostage program or extortion virus – because it can paralyze an entire organization and do great damage. Recently, a municipality in northern Sweden was affected. Their IT system was locked by hackers who demanded a ransom to unlock it. The home care service and home health care did not have access to medical records and medication lists and had to work with paper and pen. Wage payments were also affected. – Every eleven seconds, a company around the world is exposed to a ransomeware attack. This means that the criminals encrypt important data for the company. They often require millions to release the encryption.
Important advice to protect the company
There are several relatively simple measures that prevent up to 99 percent of all attacks, says Fredrik Nyberg. Here is his checklist: • Make sure you can withstand an attack
No one can build 100% protection, but everyone can have a disaster plan if the worst happens. Make such a plan in peace and quiet. What do you do if server X is encrypted? How do you recover your lost data with minimal damage to the business? Prioritize good backup
A backup solution is not expensive, but just as important for the company as a home insurance for you if your home should burn down or be hit by a burglary. Perhaps the most common mistake when it comes to IT security is that companies think they do not need backup because they “save everything in the cloud”. But if you work in Office 365, Microsoft takes no responsibility for your data if it is encrypted (coded so that it can not be read). Then you need a safe back up. • Train and test the staff
In companies, employees are the biggest security risk because we can all happen to click on a malicious link or file. Inform staff regularly about viruses, ransomware and other threats. A good tip is to let your IT partner do tests in a controlled manner where the staff is exposed to fictitious attempts at intrusion. Then you get an idea of how well you are doing and can at the same time train the employees who need to learn more. Obtain monitoring and monitoring
Today, there are tools that make it possible to monitor your IT environment and stop a ransomeware attack in real time if an employee clicks on malicious code. This standard is likely to increase in the future, but I recommend all companies to obtain such a service now. Secure the IT environment with a mix of protection
Do not rely on protection. You need several layers – such as antivirus software, firewall, password policy. An important measure is to secure login with authentication, which proves the identity with an extra verification method when you log in to the company computers. As many threats come via e-mail, you should have a spam protection and filter that protects employees from various attempts to attack. It is also important to systematically handle updates of the entire IT environment.
“It should be easy with security”
Fredrik Nyberg emphasizes that for many small businesses, it is difficult to have the time and skills to build a secure IT environment with full protection. And if you hire several different suppliers, it can be both time-consuming and expensive. – Getting help with IT security should be easy. I would recommend Telia’s Personal Technician service, which is aimed at companies from one employee upwards. The service means that you get a technician from Telia who you can turn to regardless of need, question or problem. Together, you can tailor a security solution that is optimal for your particular company, while you can get help with all other technology issues. It will be a personal contact, which many small business owners appreciate.How to get a personal technician at Telia, read more here Footnote: Every eleven seconds, a ransomeware attack is detected at a company around the world, according to the research company Cybersecurity Ventures. This corresponds to approximately 8,000 intrusions in one day.