It seems almost farcical that two of the world’s biggest technology companies could fall prey to cyber-attacks. Yet, in March last year, Bloomberg reported that Apple and Meta, the parent company of Facebook, provided customer addresses, phone numbers and IP addresses to hackers pretending to be law enforcement officials. A month earlier, a data leak at global investment and financial services giant Credit Suisse had exposed customer data relating to more than 18,000 accounts.
In May, the Pension Regulator urged hundreds of UK pension funds to check if client data may have been compromised as a result of a suspected ransomware attack on Capita. Around 90 organisations have reported breaches of personal data held by Capita, which conducts IT and financial services for numerous UK organisations, including the NHS.
While data breaches and other types of cyber-attacks are one of the biggest threats to all types of businesses, financial sector organisations obviously have to be especially vigilant. Companies in the Alternative Investment sector, which make up over 80% of our clients, have specific cyber security challenges related to the specialised nature of their business.
Are you investing in the right cyber security?
In some ways, cyber security is similar to business insurance.
You hope that you will never need to use it – but will be forever grateful that you have the right measures in place when your organisation is targeted.
And while value for money has never been more important, spending money on the right support for your specific business needs is equally important.
If you get it wrong, it’s a bit like investing in all the latest and most sophisticated home security technology and then leaving your windows wide open.
So, how do you ensure your cyber security is fit for purpose?
1). Carry out a Cyber Security Assessment with your MSP or IT Partner
A comprehensive assessment will improve visibility over your network, give you better understanding of your technology assets, and enable you to prioritise budget towards protecting your most commercially sensitive information. Work with your MSP or IT partner to put a robust Cyber Incident Response Plan in place and ensure that it is regularly reviewed and tested.
2. Prioritise staff training
90% of successful cyber-attacks are due to the actions of an end-user within the business, so there’s little point in investing thousands in expensive software if staff members haven’t been trained to recognise risks. At Tribeca, we offer first-class cyber security staff training which covers topics such as phishing, malware, general email security and data leak prevention.
3. Be Alert to New Threats
Cyber threats are on the rise and are constantly evolving. Your MSP or IT partner should be pro-active about communicating new threats and be on hand to advise how to protect your systems accordingly.
For example, hackers are increasingly using QR codes for phishing or scam attacks. A scammer will create a fake QR code that looks legitimate and then put it in a location such as a shop or restaurant.
When a user scans the code, it leads to a fake website designed to harvest personal information. Alternatively, a user may receive a text message or email containing a QR code, which, if scanned, leads to a false website or malware downloads. The trend highlights the importance of verifying whether a communication has come from a known and trusted source.
We are also alerting our clients to the risk from bot malware, which may allow cyber criminals to bypass security measures like Multi-Factor Authentication (MFA) in order to steal whole user profiles.
Tribeca provides companies in the Alternative Investment sector with a 24/7 IT support service, based on a predictable monthly fee which includes all remote support, no usage caps and no hidden costs. Find out about our pricing.
If you have questions about cyber security for your business, contact us.
Sources:
https://www.independent.co.uk/news/world/americas/apple-meta-hackers-customer-data-b2047670.html
https://tech.co/news/data-breaches-updated-list
