I was recently advised that to protect yourself and your business:
- Do not rely completely on your IT support team to ‘mark their own homework’ and ensure you are fully protected so be always vigilant.
- Ensure your sent emails are protected and not just the inbound ones.
- Review and remove dormant accounts in accounting platforms.
- Staff training should focus on robust processes and not just spotting phishing attempts.
- Enforce two-factor authentication on all critical platforms and never use “trust this device” options, which may store dangerous cookies.
- Do annual cyber “MOT” for your business.
They are coming to get you – it’s just a matter of when.