The recent cyber breach is a wake up call for businesses to strengthen security measures
The recent cyber incident affecting M&S serves as a stark reminder that even the most well-resourced, large-scale organisations are not immune to cybercriminals. This breach underscores the disconnect between our perception of cyber resilience and the harsh realities organisations face. It's a humbling wake-up call that cybersecurity is an ongoing challenge for everyone.
For smaller businesses, the concept of cybersecurity can feel overwhelming. With limited resources and technical expertise, it’s easy to feel deterred from acting. But don’t let that stop you from protecting your business.
Here are some simple yet effective actions to help secure your business and protect your people:
Ensure all devices, including laptops, phones, and tablets, are protected with strong passwords, encryption, and up-to-date security software.
Use multi-factor authentication (MFA) for all email accounts and be vigilant about phishing attempts.
Keep all operating systems and applications up to date. Ensure patches and security updates are applied to fix vulnerabilities.
Create complex and unique passwords for all accounts and consider using a password manager to keep track of them securely.
Regularly educate your team about cybersecurity best practices, such as recognising phishing emails, avoiding suspicious links, and creating strong passwords.
Ensure regular backups of critical business data, both on-site and off-site, to safeguard against ransomware and data loss.
Regularly monitor your systems for unusual activity and conduct periodic security audits to identify potential weaknesses.
Have a clear, well-documented incident response plan in place. Being prepared is essential to respond quickly and effectively in case of a breach.
Regularly test your disaster recovery plan.
The key is to start small, take proactive steps, and gradually build a robust cybersecurity framework. It’s never too early to begin. If you need help and advice, then please get in touch with the team at Conformedia.
Tel: 0113 2341548
Expected to be introduced in 2025, this bill aims to enhance the UK's cyber defences by updating existing regulations and expanding their scope across various sectors. The goal is to bolster the nation's resilience against cyberattacks and safeguard essential services.
Failure to Prevent Fraud Offence
Effective from 1 September 2025, organisations could face criminal liability if they fail to prevent fraud committed by associated persons for their benefit. To avoid penalties, companies must implement "reasonable" fraud prevention procedures. The UK government has published guidance to assist organisations in preparing for this change.
The regulations cover five sectors (transport, energy, drinking water, health and digital infrastructure) and some digital services (including online marketplaces, online search engines, and cloud computing services).
Key Actions for Businesses:
·      Assess and Enhance Security Measures: Review and strengthen your cybersecurity infrastructure to comply with upcoming regulations.
·      Implement Fraud Prevention Procedures: Establish and document reasonable measures to prevent fraud within your organisation.
·      Stay Informed: Keep abreast of legislative developments to ensure compliance and protect your business from potential liabilities.
Â
Proactive adaptation to these changes is essential for maintaining robust cybersecurity and fraud prevention frameworks.
The Home Office has published guidance that will provide organisations with important advice on the new corporate criminal offence of ‘failure to prevent fraud’, helping make sure they are taking action to prevent fraud.Â
Â
Marketing Agency Secures Client Data with Advanced Password Management Solution
Challenge
A marketing agency managing multiple client websites, digital platforms, and multiple API keys were facing challenges with their secure management and storage. Previously, they used on-premise, free software solutions to store both internal and client passwords. The agency encountered several issues:
Lack of visibility: They couldn’t track which team members had access to passwords, when they were accessed, or which passwords were being used.
ISO 27001 Certification: ISO 27001 compliance; demands strict security and auditing, the current system was inadequate.
Security risks: If passwords were compromised owing to a cyber-attack or rogue employee, the impact on the agency could be catastrophic.
The agency was also preparing to migrate from an on-premise Windows server to Google Cloud, which involved a potentially labour-intensive process for updating all passwords. They approached Conformedia with a wish list for a more efficient and secure password management system; they also hoped the solution could streamline the migration to Google Cloud.
Solution
Conformedia introduced Keeper, a dynamic password management system, to meet the agency's requirements. Keeper is not merely a password store but a sophisticated tool that provides secure management of passwords across teams and clients.
Key actions taken:
Created Managed Keeper instance, integrated with Google Workspace for SSO.
Setup managed user groups.
Migrated all passwords from legacy on premise solution to Keeper cloud solution, incorporating granular permissions and access control.Â
Enabled advanced auditing features tailored for the agency’s ISO 27001 certification requirements.
Advantages of Keeper Password Manager:
Comprehensive Reporting: The system can generate audit-ready reports to satisfy ISO 27001 compliance.
Security Features:
Enforced Two-Factor Authentication (2FA): Provides an extra layer of security.
Integration with cloud SAML identity providers, such as EntraID and Google Workspace.
Breakwatch: Performs regular scans to check for weak or compromised passwords, ensuring ongoing security.
Access Management:
Different access levels can be assigned to different users or teams, restricting access to only the relevant information.
Password access can be revoked immediately if necessary, such as when an employee leaves the company.
Secure Password Sharing: Allows the secure sharing of passwords with external parties, with the option to create one time links, with expiration dates for temporary access.
Cloud and Cross-Platform Compatibility: The system is accessible via a web browser or standalone app on Windows, macOS, and mobile devices.
Results
The implementation of Keeper provided the agency with several key benefits:
Improved security through 2FA and proactive monitoring of password strength.
ISO 27001 Compliance was met through thorough reporting and audit capabilities.
Cloud Accessibility: The team gained the flexibility to access the system via the cloud on multiple platforms (Windows, Mac, mobile, etc.).
Seamless password sharing with external parties in a secure and compliant manner.
Passwords were securely and effortlessly migrated to Google Cloud from the Windows server saving the team time.
Outcome
By adopting Keeper, the agency enhanced its security posture, ensured compliance with ISO standards, and eliminated the risks associated with their previous password management system.
For more information and advice, speak to Richard Twigger, Tel: 0113 234 1548
