Cybersecurity Protection Against Growing Threat


Cybersecurity, if you have not considered it before, should be at the top of your actions in the next day or so following the Russian invasion of Ukraine.  Regardless of the ground war, Russia, along with other hostile nation-states, have been carrying out cyberattacks on national infrastructures, organisations and high profile individuals for quite some time, potentially many years.

As tensions rise between Russia and other countries, their hacking teams will be working overtime and small to medium-sized businesses could well find their way in the line of fire.

So, what to do?

First, check that you have an efficient anti-virus program running on all PCs. Most modern AV packages include anti-malware, anti-phishing and strong firewalls, so protection can be gained in one hit.  Windows’ built-in security has come on in leaps and bounds in recent years, but I still prefer to buy in an independent, third-party package like Kaspersky, but there are others as highly recommended.

Second, A robust virtual private network (VPN) is essential, particularly if you have staff logging into public WiFi systems at airports, hotels etc.

Do not ever rely on a free VPN, unless it is the limited version offered by ProtonVPN. Even using paid-for packages now runs a risk. Highly rated VPNs ExpressVPN, Cyberghost and Private Internet Access have been bought by KapeTechnologies, a company with a history of planting malware.

I was with NordVPN for many years and have some time left on subscription but have changed to Surfshark. This is not only a robust and very fast VPN that offers a wide range of protocols but also has an inbuilt anti-virus module. Mobile decisions have real-time protection, storage scan and a scheduler built-in. Surfshark is dragging its heels on the real-time protection for Windows but should be coming soon.

A more detailed review of Surfshark can be found here.

Every business has confidential data stored on its systems and limiting access to authorised personnel, especially those on the road, working from home etc. Give serious consideration to protecting your website access backend data by installing two-factor authentication (2FA).

As well as username and password, this provides another level of protection by generating a third path into the site. Some sites offer a passcode of six to eight letters being sent via SMS or email to a user’s emails. This is no longer secure enough.

My recommendation would be to use a secure app that is run off mobile devices and cannot be intercepted by fraudulent text or email access.  A fuller explanation of 2FA and recommended apps can be found here.

Password managers are becoming increasingly crucial in maintaining cybersecurity. I was with 1Password for many years but the browser extension had become increasingly flakey so I changed to Bitwarden.   This is available as a robust free version but I quickly subscribed to premium to assist development.

Despite these physical protections, it is worth reminding companies that often the weakest link in their cybersecurity strategy is their employees.  Hackers use phishing to send legitimate-looking links in emails and you should build it into your working practices that employees must never, ever click on links within emails sent by unfamiliar companies or individuals.