Take IT seriously or risk a serious breach

Reading Time: 2 minutes1st March 2015 | Modified: 13th January 2023

Categories: CNC News

Most South East businesses know that they should set alarms at their premises and lock all the doors at night but many fail to take IT security just as seriously.

This is at a time when IT systems all over the world are under increasing attack from criminals.

Figures from security specialists, Sophos, suggest that 30,000 websites a day are being compromised by hackers and the majority of victims are smaller businesses.

A survey by PWC into the worst data breaches amongst small firms indicates that such attacks cost them between £65,000 and £115,000.

Expert computer consultants across the UK generally agree that having anti-virus software and security firewalls is not enough to guard against attacks.

Three extra security steps businesses should consider are: firewalls with deep packet inspection; penetration testing of your system on a regular basis; and two factor authentication for logging on.

Two factor authentication

Alarmingly, only a few businesses use two factor authentication. Most still rely on username and passwords which are easy for hackers to guess. One of the advantages of two factor authentication is that every employee is issued with a key fob device that provides constantly-changing logon numbers.

CNC’s Gary Jowett said: “We advise all our customers to use two factor authentication and firewalls with deep packet inspection. We also offer customers penetration testing —usually every six months or once a year. This examines all the nooks and crannies of their system to check it’s as it should be and is essential for growing businesses with increasingly complex systems.

“Penetration testing also complies with the ISO 27001 quality standard now adhered to by most large organisations. So you will need to carry out such regular testing if you want to do business with a large organisation.”

Heavy fines for security lapses

The UK Data Protection Act is another reason why companies must maintain a high standard of IT security. Failure to do so can result in severe brand damage and heavy fines.

One recent example was the UK Information Commissioner’s Office (ICO) imposing a £175,000 fine on a holiday insurance company whose data was not properly protected. Hackers accessed customer records and 5,000 people had their credit cards used by fraudsters.

Another was an ICO fine of £150,000 on an online travel services company which had not subjected one of its web servers to appropriate penetration tests or internal vulnerability scans and checks. As a result, a malicious hacker gained access to more than 1,160,000 cardholders’ details.

An experienced IT consultant would have helped these companies avoid such damage to their reputations.

The frightening fact is that many companies in Sussex and the South East are just as vulnerable to such penalties as illustrated above and should tighten up their IT security before suffering a similar fate.

By Gary

Gary has always focused on making sure the most appropriate solution is provided to help customers, not just what's new and shiny. With over 30 years in the IT industry Gary has the experience to tell the difference between something that's game-changing or is just a passing fad!

View all of Gary's posts.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_20840989_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.