What can cyber criminals discover about my business online?

Imagine this, you have worked hard for many years to build a successful business that could be taken away in seconds by a cyber criminal.

For one business, this is exactly what happened after it was subjected to a cyber attack. Through either sensitive information being posted online or a data breach, the cyber criminals had gained unpermitted access to the business’s systems.

The hacker was impersonating the business and its owner, having a devasting effect on the day-to-day trading and operations and consequently and often forgotten about, the mental health of the business owner.

In this blog, we highlight our Individual Internet Investigation service and explain how it can help protect you from cyber attacks.



How do cyber criminals gain access to a business’s system?

There are a few common ways that Cyber criminals use to gain access to systems, we have detailed these below and how you can prevent them from happening to you.


Access through poor security settings:

If your systems are not set up correctly from the outset, attackers may find the weaknesses and just gain access remotely.

As time goes by, systems will age and if updates or patches are not applied, attackers can then exploit those weaknesses that pop up overnight and gain access to your business’s systems.

If cloud storage is not set up correctly, data can be seen by the wrong people and exploited as a result.

Access via a Brute Force attack:

Cyber criminals will often use what is called a Brute Force attack, this is where the attacker will repeatedly enter passwords into your system until the correct one is found.


Short or easily guessed passwords are usually exploited successfully because they are linked to you as a person, either birthplace, pet name, maiden name OR details often found from your social media accounts or through family tree websites for some quick research to fill gaps.

Access via a Data Breach

Cyber criminals monitor data breaches as a way of gaining data that can lead to them obtaining passwords that are linked to email accounts.

Once the attacker knows the password to an email account they can log in and then use that email account to reset all the passwords on other accounts by using the forgotten my password option which usually sends a password reset by email. The very same account the attacker now controls. The attacker can even set up email rules to forward all emails to them without you knowing.

This type of unauthorised access can be prevented with the use of 2-factor authentication. Where it's available, always turn it on and use it.

If you then get an authentication message sent to you unexpectedly, that’s your notification someone else knows your password and a prompt to change it.

Access via a Phishing attack

Cyber criminals often gain access to businesses systems via Phishing emails. These emails appear to look authentic as if they were sent from a truthful, trusted source, however, there are many things to look out for before opening any links or documents within emails you are unsure of.

By opening a phishing email and unknowingly downloading malicious software, you are allowing an attacker remote access so they can see all your data, even everything you type.

Once inside a system, an attacker can move around pretty much with the same access you would have and undertake most things. They sometimes can prevent you from having access to any of your data, but lately, they are also publishing all your data online so everyone can see it.

Having activated and up to date malware protection should prevent the installation of most malicious software.

The malware protection’s job is to look for anything untoward on your system, eliminate it and notify you.

How can The Cyber Resilience Centre for the West Midlands help my business?


The WMCRC has formed partnerships with local universities to identify the best and brightest ‘ethical hacking’ talent from across the region who are able to deliver Cyber Services.

These services are designed to provide guidance to SMEs who are new to cyber security and need help getting started. These hand-picked students are deployed to work alongside the centre’s experienced team to provide small business with a range of affordable service to help improve your cyber resilience.


There are a number of services available which include investigating what information is out there that might be used to attack your business and you personally like personal details, breached passwords, and data available on the dark web.

They can check on the security of your website and systems, come in and scrutinise your current policies and procedures, or even deliver a staff training session. These student services are designed overall to make your staff and business a safer place.


Find out more or request a quote for this service here.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.