Cyber security: prevention is better than cure

329 Views

At best, cyber-attacks are an inconvenience. At worst, they could prove catastrophic. It’s not just the disruption and cost implications that impact a business, but it’s also about the risk such attacks can pose on employee and customer data.

Supporting cyber awareness

Cyber-attacks have been around as long as the internet. But in recent years, their frequency and the creative ways used to infiltrate businesses has increased. And no one is exempt from being targeted. Often, cyberattacks are made possible by a lack of knowledge on the user’s part. The new cybersecurity briefing published in June 2023 by UK Parliament revealed that an estimated 95 per cent of cyberattacks succeed due to human error as a result of opening attachments in malicious emails and using weak passwords. For example, Capita, the UK’s largest business process outsourcing firm, will reportedly lose £20 million after responding to a ransomware attack in March 2023.

The briefing also discusses how the overarching policy on cybersecurity is contained in the National Cyber Strategy (NCS) 2022. The strategy sets several objectives intended to achieve the Government’s vision that “the UK will continue to be a leading responsible and democratic cyber power, able to protect and promote our interests in and through cyberspace in support of national goals.”

The NCS 2022 takes a ‘whole-of-society’ approach to cybersecurity, arguing that to improve the UK’s resilience to cyber-attacks, the government must collaborate with private sector organisations and cybersecurity professionals. However, businesses cannot rely on others to see change. With IT systems vital to the functioning of society and the economy, businesses must ensure the systems used are as secure as possible.

Cyber credentials

While phishing is the most commonly reported cyber-attack — with 83 per cent of UK businesses reporting a phishing attack in 2022 — vishing, or voice phishing, is also on the rise. This method involves calling the target directly or leaving voicemails impersonating a reputable company in order to get access to confidential information, usually for monetary gain.

Which? reported in June 2023 that O2 customers were being targeted by vishing scammers who were promising a 50 per cent discount on their phone bill. Those that accepted received a text message containing a passcode, which the scammers used to try and get into the customer’s O2 account to take out further contracts.

While victims of such scams were later contacted by the real company with advice on what to look out for in future, businesses must ensure they don’t fall victim to similar scams. And that begins with a secure business phone system.

Compared to traditional phone lines, Voice over Internet Protocol (VoIP) can be more secure. For instance, VoIP uses Session Initiation Protocol (SIP), which enables voice communication to be compressed and transmitted as media streams over the internet instead of traditional phone lines.

Furthermore, VoIP systems require login credentials that must be provided by users to establish a connection and multi-factor authentication can enhance security as it makes it challenging for unauthorized users to gain network access. Of course, VoIP doesn’t come without cyber risks. Businesses may face cyber threats due to the use of a Voice over Misconfigured Internet Telephones (VoMIT) tool, which allows cybercriminals to extract voice snippets and confidential information from the calls.

However, a secure VoIP software provider, such as Ringover, employs added security benefits through end-to-end call encryption, which ensures that the content remains unreadable even if hackers gain access. Additionally, Ringover complies with GDPR regulations as customer information resides in secure EU-based data centres at all times, and is also a member of RIPE Network Coordination Centre, to ensure calls are securely passed through the safest and some of the most reputable international telephone operators.

No business is immune from cyber-attacks and robust procedures and checks must be in place to prevent avoidable disasters. Particularly for businesses looking to unlock the benefits of VoIP, it’s imperative they are well-informed about the security features of their chosen phone system, which play a vital role in ensuring the safety of their data, customers and employees.