Do I have to take all of the services?
You can choose whichever services you feel are right for you and your business. Of course if you want to have the best protection, you will choose to take all of them. We have seen customers who have benefitted from all of the services in saving themselves from a breach.
I’m not an accredited industry so I don’t need so much, do I?
You may not be accredited, but the cybercriminals don’t care about that: you’re still easy pickings for them.
The auditing products are included in the package and help you to meet your GDPR requirements too, something we all have to do.
I use Multi-Factor Authentication, so I’m safe aren’t I?
Multi-factor authentication or MFA as it’s also commonly known is an authentication method where access to systems is granted only after presenting two or more pieces of evidence that you are who you say you are.
The problem with this is that it can give a false sense of security, as outlined below:
- Sometimes this authentication goes to an email and obviously if someone has breached your system, this won’t be very effective.
Even if you receive your code through a text message to your mobile phone, there are still ways that hackers are getting around this. Cybercriminals are socially engineering the mobile phone companies into allowing them to clone a victim’s SIM card. So, they then receive a copy of any messages sent to it, which means your MFA code. - Some hackers are even contacting mobile phone customers directly and claiming
that they need an MFA code in order to verify the customer’s identity. Once the hacker receives the code, they then change the recovery information on all your accounts. If someone is going to give away their code, there is nothing to stop them except training and monitoring systems, just in case. - Even if you use an authenticator app to accept your code, there is still a window of
opportunity for hackers to steal this. True it is only a 30 – 60 second slot, but do you
know if you or your employees have logged in from a coffee shop’s wi-fi, for example?
Were they actually on a trusted wi-fi? It is really easy to set up a rogue one and hackers do this specifically to steal trusted information/codes. - We all know we are bombarded with messages every day of our lives. If one of your employees received an MFA request whilst they were in your system, might they just accept it thinking it was because they were accessing the system? Can you be sure? People are always the weakest link.
- Furthermore, cybercriminals are incredibly intelligent and they run a robust business operation – it’s no longer just the teenage kid in his bedroom. They have their fingers in all the pies. It’s only a matter of time before they will find some way to break through MFA. You need to make sure you are monitoring at all times if you want to be safe and in control.
Will I be guaranteed to not suffer any cybercrime with this Plan?
Whilst we would love to say ‘yes’, we simply cannot make that claim. Cybercriminals are working every minute of every day to find new ways to wreak havoc. What we can promise is that your systems will be much more closely monitored for any suspicious activity and notified straight away if anything is detected. It’s like having a fancy CCTV system over your business systems to catch anything untoward before any damage can be done.
What other benefits does the Security Plan give me?
Not only is loss of data and a breach disastrous enough, but it’s reputational damage too. If you suffered an incident when you had all of these processes in place, you would have shown ‘due care’ which is what ICO is looking for. Can you honestly say that your current systems demonstrate this?
What happens if I don’t take the Security Plan?
This is your choice of course, but basically you are playing a game of Russian Roulette with your business: which part of my security holes will let me down first? If you’re happy to take this risk, then that’s fine. If you prefer to sleep easier, then the answer is to take the Security Plan.