Scary stat: 87% of businesses hit by this in the last year

One might assume that cyber attacks are a problem solely for large corporations. Sadly, this isn’t true.

A recent study reveals that nearly two-thirds of small to medium-sized businesses (SMBs) have experienced at least one cyber attack in the last year. This shocking statistic should serve as a crucial wake-up call to businesses of all sizes.

But there’s more.

An increasing number of businesses are reporting repeat attacks, with 87% noting at least two successful breaches within the past year. On average, a company experiences nearly five successful cyber incidents. Quite frankly, it’s terrifying.

So why are these attacks occurring, and what steps can be taken to prevent them?

The most frequent types of cyber attack that businesses encounter are malware and ransomware.

Malware is malicious software that invades your system, causing a variety of issues ranging from disrupting operations to data theft.

Ransomware, on the other hand, is even more menacing as it encrypts your data, making it inaccessible unless a ransom is paid. This can be catastrophic for any business, leading to substantial losses and significant downtime.

What’s behind the rise in successful attacks?

One factor is the increasing trend of BYOD (Bring Your Own Device), where employees use their personal devices for work purposes, posing security risks.

The rapid proliferation of productivity apps also contributes, as they can create security vulnerabilities if not adequately protected.

Finally, the sheer number of devices in use today provides more entry points for cybercriminals to exploit.

Fortunately, there are measures you can take to safeguard your business. Here are five robust security steps to consider:

Use robust passwords
Passwords are your first line of defence. Ensure they’re robust and unique. Even better, use a password manager that can generate and remember random passwords for you.

Keep your software updated
Updates often include security fixes. Always run the latest versions of both your operating system and applications.

Train your team
Make sure your employees can spot phishing emails and other scams. Regular security awareness training sessions can help keep everyone informed.

Backup your data
This allows you to restore your systems quickly and with minimal disruption in the event of a cyber attack.
Use antivirus software: It can help safeguard your systems from malware and other threats. Ensure you’re running a reliable and current solution.

Remember, prevention is indeed better than cure. Take action today to stay protected.

And if all this seems like a tall order, we’re here to assist. Don’t hesitate to get in touch.

Training Employees on Cybersecurity

After completing your annual phishing training, which teaches employees how to spot phishing emails, you feel confident. However, your confidence is shattered when your company falls victim to a costly ransomware infection due to a click on a phishing link. Despite undergoing the same training every year, you continue to experience security incidents, which begs the question of how often you should train your employees.

How often do you need to train employees on cybersecurity awareness?

It’s not enough to train your employees just once a year. Without reinforcement, people are unlikely to change their behaviors or may forget what they’ve learned after a few months. According to research, the “sweet spot” for training frequency is every four months, as this results in more consistent improvements in IT security.

A recent study presented at the USENIX SOUPS security conference looked at the relationship between training frequency and users’ ability to detect phishing emails. The study tested employees’ phishing identification skills at various time increments, including four months, six months, eight months, ten months, and twelve months. The results suggest that training every four months is optimal for improving your team’s cybersecurity awareness.

Employees took phishing identification tests at several different time increments:

  • 4-months
  • 6-months
  • 8-months
  • 10-months
  • 12-months

The study revealed that four months after their initial training, employees had good scores in accurately identifying and avoiding phishing emails. However, their scores started to decline after six months and continued to worsen as more time passed since their training.

To ensure employees remain well-prepared, it is crucial to provide ongoing training and refreshers on security awareness. This will empower them to actively contribute to your cybersecurity strategy.

Tips for Training Employees and Cultivating a Cybersecure Culture

The ultimate goal of security awareness training is to foster a cybersecure culture. In this culture, everyone recognizes the importance of safeguarding sensitive data, avoiding phishing scams, and maintaining secure passwords.

Unfortunately, according to the 2021 Sophos Threat Report, most organizations do not exhibit this culture, and a lack of sound security practices poses a significant threat to network security.

According to the report, the root cause of numerous severe attacks we’ve investigated is a lack of attention to basic security hygiene. Having well-trained employees plays a crucial role in mitigating a company’s risk and reducing the likelihood of falling victim to various online attacks. Effective training doesn’t necessarily require lengthy cybersecurity sessions; it’s more effective to diversify the delivery methods.

Here are some examples of effective cybersecurity training methods that you can include in your training plan:

  1. Monthly self-service videos: Provide employees with self-service videos via email on a monthly basis to enhance their cybersecurity knowledge and awareness.

  2. Team-based roundtable discussions: Organize interactive roundtable discussions within teams to encourage knowledge sharing and collaborative learning about cybersecurity practices.

  3. “Tip of the Week” in company communications: Include a regular “Tip of the Week” in company newsletters or messaging channels to deliver bite-sized cybersecurity tips and best practices.

  4. IT professional-led training sessions: Arrange training sessions led by IT professionals who can provide in-depth insights and guidance on various cybersecurity topics.

  5. Simulated phishing tests: Conduct simulated phishing tests to assess employees’ susceptibility to phishing attacks and provide targeted training based on the results.

  6. Cybersecurity posters: Display informative and visually appealing cybersecurity posters in common areas to reinforce key security concepts and promote awareness.

  7. Celebrate Cybersecurity Awareness Month: Dedicate the month of October to celebrate Cybersecurity Awareness Month by organizing special events, workshops, or training sessions to emphasize the importance of cybersecurity within your organization.

By incorporating these diverse training methods, you can ensure a comprehensive and engaging approach to cybersecurity training for your employees.

When conducting awareness training, it’s essential to cover not only phishing but also other crucial topics. Here are some important areas that should be included in your training mix:

Phishing by Email, Text & Social Media

While email phishing remains the most common form, it’s crucial to address the growing threats of SMS phishing (“smishing”) and phishing through social media. Employees need to be able to recognise these deceptive tactics and avoid falling victim to these scams.

Credential & Password Security

With the widespread adoption of cloud-based platforms, credential theft has become a significant concern. It has become the leading cause of data breaches globally, particularly as it provides an easy pathway to breach SaaS cloud tools. It’s critical to discuss with your team the importance of maintaining secure passwords and using strong authentication methods. Additionally, provide guidance on tools such as business password managers to assist them in safeguarding their credentials.

Mobile Device Security

Mobile devices have become an integral part of daily work, enabling employees to access emails and perform tasks from anywhere. Considering this, it’s essential to review the security requirements for employee devices that access business data and applications. Emphasize the importance of securing mobile devices with passcodes, keeping them regularly updated with the latest security patches, and following best practices for mobile device security.

By addressing these topics in your awareness training, you can better equip your employees to recognize and mitigate the risks associated with phishing, credential theft, and mobile device security.

Data Security

As data privacy regulations continue to increase, it is crucial for companies to comply with multiple data privacy regulations. To mitigate the risk of data leaks or breaches that could result in costly compliance penalties, it is important to provide training to employees on proper data handling and security procedures. By ensuring employees are well-versed in data security, you can minimise the potential risks associated with mishandling sensitive information.

Need Assistance in Maintaining Your Team’s Cybersecurity Training?

Take the burden off your shoulders and entrust the training of your team to cybersecurity professionals. We offer an engaging training program designed to help your team develop better cybersecurity practices and enhance their cyber hygiene. With our expertise, we can provide the necessary guidance and knowledge to facilitate behavioral changes and improve your overall security posture.

Recent articles

Dark Web Monitoring: what is it & does my business need it?

The global pandemic transformed the way we conduct business, and it’s unlikely that things will ever be the same again. With the increasing reliance on online platforms for both personal and professional transactions, geographical distances and time zones have become irrelevant. However, conducting business online also comes with inherent dangers and threats that we must be aware of.

One significant threat is data breaches, where cyber criminals manage to hack into legitimate commercial website databases. Well-known companies like Facebook and T-Mobile have fallen victim to such breaches, resulting in the theft of over 550 million records. In fact, the Identity Theft Resource Center reported a staggering 68% increase in stolen data in 2021 compared to the previous year.

When your email and password used to log into a website are stolen, they end up in the hands of highly skilled and destructive cyber criminals. These criminals may also obtain other personal information, such as addresses, mobile numbers, and credit/debit card details, that you have saved on the website.

So, what happens to your stolen data?

Your stolen credentials typically end up in a hidden part of the internet known as the Dark Web, where a significant portion of cyber-criminal activity takes place. Over time, your stolen data may be used and distilled by a sequence of criminals in their efforts to create financial gain at your expense. The exact methods they use to steal from end users using stolen credentials can vary, but it’s a sophisticated and malicious process that can span months or even years.

Understanding the risks and implications of data breaches and the Dark Web is crucial for protecting your personal and business information. It’s important to take proactive measures, such as implementing strong security measures and monitoring services, to safeguard against these threats in the ever-evolving landscape of online business transactions.

As we have emphasised, cybersecurity is not limited to a single tool or service, but rather a comprehensive security suite that protects various aspects of your online presence, including email, computers, devices, and overall online activity.

Now, we can answer the initial question of why dark web security is necessary. Dark web scanning acts as a proactive measure before cyber criminals can fully exploit your breached data. By providing timely alerts about breach details, it allows you to take relevant actions to secure your account and render the stolen or breached data useless.

You can easily purchase dark web security from Geniosity at a reasonable monthly cost. A large substantial loss can be avoided with dark web security in place.

If you would like to delve deeper into this topic, please feel free to get in touch with us. We are happy to provide useful information for your business and assist you with dark web security.

For more information about dark web scanning, please visit our Dark Web Monitoring page or drop us a line.

ChatGPT & the Future of AI for Business

Blog

An online Artificial Intelligence chatbot has recently been making waves as a simple example of just how much AI is set to revolutionise business. You can read more about its simplicity and ease of use on our post –AI for Small to Medium Business with ChatGPT.

So, what can an AI Chatbot tell you about itself? Well, we asked it, via the simple text prompt and you can read the completely AI generated response below.

The Prompt: 

Can you please write an article about Chat GPT and the future of AI for business?

ChatGPT’s Reponse:

Artificial Intelligence (AI) has been a topic of interest for many years, but in recent years, its potential to transform the business world has become increasingly clear. One of the most exciting developments in this area is the rise of language models, such as Chat GPT. In this article, we will examine what Chat GPT is, how it works, and what its potential implications are for businesses in the future.

What is Chat GPT?

Chat GPT (Generative Pre-trained Transformer) is a language model developed by OpenAI. It is trained on vast amounts of text data, and its goal is to generate human-like text in response to input. Chat GPT can be used for a wide range of applications, including text generation, chatbots, language translation, and question answering.

How Does Chat GPT Work?

Chat GPT works by using a deep learning algorithm known as a Transformer. The Transformer uses a large neural network to analyze input text and generate an appropriate response. The neural network is trained on a massive dataset, allowing it to learn patterns in language and respond in a way that is coherent and relevant to the input.

The Potential Implications of Chat GPT for Business

The potential implications of Chat GPT for business are significant. Here are just a few of the ways in which AI and language models like Chat GPT are likely to impact the business world:

  1. Customer Service – Chat GPT can be used to create intelligent chatbots that can provide customers with quick, accurate, and personalized answers to their questions. This can lead to improved customer satisfaction and increased sales.
  2. Marketing and Sales – Chat GPT can also be used to create marketing and sales copy that is personalized and tailored to the needs of individual customers. This can lead to improved engagement and increased conversions.
  3. Knowledge Management – Chat GPT can be used to create knowledge management systems that allow employees to access information and resources quickly and easily. This can lead to improved efficiency and increased productivity.
  4. Content Generation – Chat GPT can be used to generate high-quality content, such as articles, reports, and even books, reducing the time and effort required to produce such content.

Conclusion

In conclusion, Chat GPT and the rise of AI language models is likely to have a profound impact on the business world. From customer service and marketing to knowledge management and content generation, the potential applications of this technology are vast and exciting. As businesses embrace these technologies, they will find themselves better equipped to compete in the fast-paced digital landscape of the future.

-ChatGPT (2022)

As a simple example the above text, which we have not edited or changed, demonstrates the current potential uses of AI for your business now. As AI growth is exponential, we can only expect more impressive advancements, more quickly.

Implement AI and machine learning into your business with Geniosity. 

It is an interesting time to be involved in technology- let us assist you in navigating the tech landscape and grow your business by getting in touch today!

Read More:

Artificial Intelligence (AI) for Small to Medium Business with ChatGPT

ChatGPT image

The implementation of Artificial Intelligence and machine learning for small to medium businesses is becoming more accessible all of the time. Still, for many people, the concept of AI has remained something of an abstract idea. 

For most people engagement with AI usually forms part of a larger system- AI as part of an overall device or as part of a larger service. For example voice assistants within our phones or home smart speakers; and much of the cloud-based software that we use daily is implementing AI in some way. 

Recently, controversy has pushed AI Art to the forefront with the ability for people to generate complex and detailed artworks using just text prompts using platforms such as Midjourney and Stable Diffusion.  

ChatGPT image

One recent breakout service- ChatGPT, has garnered a lot of attention for its accessibility and ease of use. You simply log-in (free of charge) and start interacting with the AI with simple text. For example:

Write a blog article about ‘5 top tips to save with our accounting service’ 

Or

Write an article about skincare for an audience in Newcastle NSW

Or

Write a program outline for a 2 hour mindfulness workshop

If you are wondering how AI can save your business time and money then try it out- the results will amaze you! While implementation into your current systems and software is possible through APIs, the web interface has no tricky coding language or prompts to learn. It is a great way to test out the use of artificial intelligence for your businesses content creation.

Does this remove the need for experts and content creators? We don’t think so, but it does give your team the capacity to create more content without adding extra business resources. 

The results from ChatGPT and others can be a little hit and miss and most content will require some tweaks and adjustments but it can provide an excellent starting point for busy teams.

At the time of writing, Google has just announced its own ChatGPT rival Bard which is also worth a look.

It is an interesting time to be involved in technology- let us assist you in navigating the tech landscape and grow your business by getting in touch today!

We asked ChatCPT to tell us about itself, This is what it had to say:

Microsoft Teams for Business

By Daniel Smith

Collaboration software is getting better all of the time and Microsoft Teams is steadfast becoming the tool of choice. We are spoiled for choice in a market saturated with chat and collaboration tools (not a bad problem to have).

One of its obvious strengths is the integration into the overall Microsoft ecosystem. By 2019, 91 of the Fortune 100 companies was already using Microsoft Teams*.

The unified platform allows smooth integration with employees, content and tools – all in the same place where you are already working. When implemented successfully, the boost in efficiency will be felt throughout you workplace; as companies move to be more mobile, global, and social.

With the average employee spending 80 percent of their work time collaborating with others, the importance of a seamlessly integrated communication tool should not be underestimated.

By now, in 2022, most people have experienced at least one meeting in Microsoft Teams. This communication tool has become synonymous with remote work collaboration.

For some organisations though, their use of Microsoft Teams stops there – with that excellent video communication component. This only scratches the surface in terms of what Microsoft Teams can do. A whole host of plugins, spaces automations and workflows can be implemented to make your work easier and more streamlined.   

If your business is not using Microsoft Teams, then it should be; and if you are using it, are you using it to its full potential?

Fortunately, the days of emailing around different versions of the same spreadsheet are fading away as more and more companies embrace true, collaborative teamwork. 

Streamline Microsoft Office 365

The top automations and actions that will save you time in O365.

There are stacks of options for automation within the Microsoft 365 eco-system. Automation allows you to set up a process that runs automatically to reduce manual processing and repetition.

Microsoft Power Automate is an excellent cloud program in the Microsoft 365 ecosystem. Previously called Microsoft Flow, Power Automate allows you to create actions that will save you time.

There are also other great automation options around, outside of the Microsoft eco-system such as Zapier, Tray.io, and Integromat. These can still be integrated with Microsoft 365.

We have put together a quick list of 5 quick and easy automations to get you started.

1. Save email attachments in Outlook to OneDrive

This is fairly simple time saver which automatically saves all of the attachments sent to your Office 365 Email address to a folder in OneDrive for Business. A few tweaks, would allow you to change the folder locations to even sort into folder by date or by sender.

Automate it!

2. Save email attachments from Outlook.com to Dropbox

Similar to the above automation, this one takes attachments received at your Outlook.com email address and saves them to Dropbox. Follow up additions could see you add an email or notification to another email address such as Gmail.

Automate it!

3. Create a task in Planner when a new email arrives in a shared mailbox

This is a handy automation that triggers when an email arrives into a shared mailbox. Let’s say that your company has a customer service or support email address and when an email is received, a task is created in Microsoft Planner with a due date after a specified time. This could be used to create a support ticket for follow up by staff. Assign a due date of how long you would like, say 48 hours to have the issue actioned or resolved. 

Automate it!

4. Email me with a list of upcoming Calendar events

This automation is rather clever, you can schedule it to run whenever is best. It analyses the following week in your calendar, looking for events, flights, hotels, weather information and locations, and sends you a handy summary via email.

Automate It!

5. Email yourself new Tweets about a certain keyword

Easily track tweets containing specific keywords on Twitter, according to your interests. You will get an email every time that your keyword is included in a tweet. This could be a good way to track your brand specific keywords or just keep up on the latest #CatVideos 😺

Automate it!

So, there are a few automations to get you started, but as you can imagine, the options are basically endless. Take a look at some more templates on Microsoft’s Power Automate site.

Get more tips through our mailing list!

Working from Home Securely

Keeping Your Company Data Secure for Remote Work

The last couple of years has seen some big changes in the way that we work and communicate. Both technical advancements and the need for people to work from home has made for quick uptake of group work, online communication and collaboration software. Of course, it was always heading that way but COVID became something of an accelerator. It is being widely reported that the ways that we communicate in our personal and business lives, are forever changed.

With the added advantage of remote communication and shared files comes an added risk for the security of data and information. Managed correctly though, you can have your communication cake and eat it securely too (apologies for the bad pun 😉). We take a look at a few ways to ensure that your staff and data are safe for remote work.

General Security Principals

Hopefully by now, you have had the time to settle in to some processes and procedures that allow for your team to work uninterrupted from any location. General security is a must whether people are working remotely or on-site. Setting up those baseline configurations, processes and procedures around security are always critical to the running of an effective business.

Some businesses that have not correctly setup their IT infrastructure can be at risk of security breaches. When a single security issue can be enough to expose all of your client data, leak intellectual property or leave your system open to attacks and damage, it is of the utmost importance that you are protected.

It can be easy to assume that your system is secure as you have not experienced any problems (that you are aware of). Any business owner or manager is all too familiar with issues that occur with handover of tasks and changes in employees. Business moves quickly and as you company adapts, it is a given that some things will be missed or corners may have been cut. Businesses with a small number of staff who started with ad-hoc IT setups or which have experienced rapid growth may have holes in their security and not even know it.

One basic foundation is to ensure that all of your software is updated promptly to the latest version, especially updates with security patches. The latest software versions on all devices will ensure you are safe against current known threats. Having an automated system in place for security upgrades to automatically run at the correct time is important. People often begrudge having to update their passwords but scheduling changes of passwords regularly can save you some issues down the track. Just be sure to avoid bad passwords like password, computer and qwerty.

Cloud Solutions

The move to cloud computing brings a whole new world of collaboration and the ability for an improved workflow. Many companies have moved their on-site servers into the cloud by migrating their data, files and email into a service like Microsoft 365. By moving to the cloud, data is easily accessible and working from anywhere becomes a simpler concept once setup properly.

You need to ensure that you have a good Endpoint Detection & Response (EDR) software, for protection against online threats such as viruses, which offers protection on all of your devices and compliments the protection offered by your cloud provider. For companies that still have the requirement for some on site files such as backup you can look to an integrated approach. Different regions also have data and privacy protection laws around where you are allowed to physically store client information. Microsoft allows for you to set specific server locations to meet this requirement.

With a cloud solution like Microsoft Office 365 your staff are able to work directly in a browser with options for desktop versions of software available too. You can set up a bespoke solution that ensures data security and protection.

Extra Protection

As a part of a complete data security approach there are plenty of solutions that will increase your protection. With people working from home or on portable devices it is wise to implement some rules around where files are stored and how they are accessed. If you have a workforce using some of their own devices, you want to ensure that you retain access to all of the work files. Extra processes such as 2 Factor Authentication (2FA) require staff to verify their details upon login through an extra app.

Rolling out a password manager across your company for sharing logins that are used by multiple staff will ensure passwords are up to date and secure. Platforms like LastPass, 1Password and Dashlane all offer an excellent product but there are also bespoke solutions available. Some even offer a browser plugin that allows for staff to login without revealing the actual password to them.

There are a range of extra steps that you can take to increase security, for more information take a look at our 3 part series on computer threats in the digital age, Viruses, Ransomware & Phishing, Oh My! or drop us a line.

If you would like to learn more about how protected your business is, get in touch with us for a free introductory security audit.

The Silicon Shortage

What does the chip shortage mean for your business

You probably already know but the world is going through somewhat of a silicon chip shortage. It has been affecting auto-makers, appliances, LED lighting and of course electronics such as TVs, smart devices, desktops, printers, laptops and some accessories. Shortages are expected to last until 2023 and perhaps beyond.

What has Caused the Shortage?

The shortage has been caused by the perfect-storm of factors including COVID delays and adverse weather at different places around the world. Supply became greater than demand and manufacturers have found it hard to keep up.

So what does that mean for your business?

If you have not already been affected then you need to start planning for your business. As the range of affected products is quite broad across consumer electronics and technology, if you are considering purchasing or upgrading equipment in the next few years, it is best to plan early. Get in quickly to secure the equipment you need to grow your business.

We are currently seeing most major supplier’s stock levels being impacted in some way. Some popular products have a wait time of up to 3-6 months. You need to be building that delay into your planning.

Luckily there are key products that we sell in all of the main categories that are in stock now. Get in touch today to find out what products we currently have in our warehouse or take a look at the Geniosity Online Store to see stock levels on computers, printers, scanners, networking or displays.

Stock levels are subject to change quite quickly, so get in touch to secure something today!

Further Reading

What the global shortage of computer chips means for you – ABC News

Chip shortage is starting to have major real-world consequences

Why the chip shortage drags on and on… and on | Ars Technica

Global semiconductor shortage explained | CarsGuide

From Ford trucks to Xbox, the chip shortage is still causing problems – Vox

4 Critical Industries Affected by the Chip Shortage

Viruses, Ransomware & Phishing, Oh My! Part 3

This is part 3 of a 3 part series on keeping up with computer threats in the digital age, you can read about Viruses, Spyware & Trojans in Part 1 and take a look at Part 2 for information around Ransomware.

Phishing​

Phishing attacks attempt to trick you into providing hackers or scammers with your information. This might be your passwords, bank details or personal information. A phishing attack often arrives in the form of an email with a clickable link. The email may look like a legitimate email from a friend or trusted company or it could look like a simple link to a shared file. Hackers can target someone directly and build a profile of information on them. By using information from a data leak and some personal information they can launch a phishing attack to get more information or directly access your accounts. Some phishing systems are multi-layered and advanced, gathering a hierarchy of logins that take advantage of services such as resetting your password through email to access more and more of your data.  

Many browsers will alert you to websites that are not secure and may be fraudulent and attempting to steal your information. By not opening unknown or suspicious looking emails and not clicking on unknown links or files you will be protecting yourself a great deal. Generally banks and financial institutes will not request your login or account details via an email. Also be sure to check if the website you are on is correct by checking the address bar. Some antivirus software will also check links and websites visited and can stop malicious software from opening.  

There is an ever-increasing range of threats and the financial motivations and online anonymity make them a desirable tool for criminals across the world. Do your best to stay safe online and for further reading check out our Staying Safe Online Checklist. You can also check out our anti-virus software or for more information on how we can help you to protect your personal or businesses devices get in touch.  

Get in touch with us for more information on how we can help you and your business.

SHARE

Facebook
Twitter
LinkedIn
Email