Contact: 01858 289189 |

Keeping your business Cyber Secure

Posted by Charlotte Morley in The Business Hut | 0 comments

This month we had the pleasure of attending Accountex 2017. We met with lots of forward thinking businesses and it was great to see what the future holds for accountancy and finance. Whilst we were there we attended an interesting seminar delivered by Graeme Brand from Barclays, discussing Cyber Security.

Every industry is now affected by the move to cloud software and opening ourselves up to the threat of cyber crime. Businesses across the UK lost over £1bn to online crime in 2015-2016 (Source: Get Safe Online).

Every organisation relies on the internet to some degree or another for communications, transactions, payments and data access. Unfortunately, however, the internet has also become a channel of choice for criminals to commit financial and other crimes. Your business must take precautions to protect itself. Following on from the seminar yesterday, we’re discussing some of today’s threats and what you can do to combat them.

Cyber Threats

Social Engineering
What’s the threat?
Social engineering is a non-technical strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices. The success of social engineering techniques depends on attackers’ ability to manipulate victims into performing certain actions or providing confidential information. Personal social media accounts are relied heavily on and content and information can easily be accessed in the public domain. Today, social engineering is recognized as one of the greatest security threats facing businesses.

What can you do?
Education is the first step in preventing your business from falling victim to savvy attackers employing increasingly sophisticated social engineering methods to gain access to sensitive data. Ensure that your privacy settings are set to the highest level and be aware of sensitive data that you are sharing online.

Spear phishing
What’s the threat?
Phishing occurs when an attacker makes fraudulent communications with a victim that are disguised as legitimate, often claiming or seeming to be from a trusted source. Spear phishing is a highly targeted type of phishing attack that focuses on a specific individual or business. Often this information is taken from victims’ social media accounts or other online activity. By personalizing their phishing tactics, spear phishers have higher success rates for tricking victims into granting access or divulging sensitive information such as financial data or trade secrets. This could be a personalised email to take you to a fraudulent website and require the victim to enter usernames, passwords and even bank details.

What can you do?
– Ensure that any emails you receive are double checked for authenticity
– Check the email address of the sender, as often the address can look as though it it legitimate with a “covering name” rather than showing the full address of the sender
– If you are not sure who the sender is; open a new browser, type the trusted web address you know, log in to your account in the normal way
– Never enter your bank details from a link sent in an email

What’s the threat?
Impersonation is one of several social engineering tools used to gain access to a system or network in order to commit fraud, industrial espionage or identity theft. The social engineer “impersonates” or plays the role of someone you are likely to trust or obey convincingly enough to fool you into allowing access to your office, to information, or convince you to make a payment.

What can you do?
– Always check that the person you are communicating with it legitimate
– Check the email address of the sender
– If you are unsure, always call the sender on a telephone number you trust, or preferably face-to-face
– Have procedures in place for approving and making payments
– Remain vigilant and be alert for suspicious activity
– Provide on-going staff training on cyber, overall business security

Security & Xero 

As a Xero Partner, we are serious about protecting our clients and sensitive data. With Xero we know both our clients and our own business is in safe hands.
Find out more about the security advice from Xero here

  • Your backups are kept up to date – Online backups are updated throughout the day, every day, and stored in multiple secure locations.
  • Encrypted data is stored securely – Data is encrypted using industry-standard data encryption, multiple layers of firewalls are in place, all access to our data centres and servers is controlled and monitored 24/7, and we perform regular security audits.
  • Your data is there when you need it – We replicate your data between data centres in different locations so that Xero is up and running most of the time.
  • Tightly controlled information access – No one has access to your organisation’s data unless you invite them. You control who and what users can see and do in Xero.
  • Extra security at log in – Xero provides two-step authentication to better protect your account. Access to your account requires your password plus a unique code generated by an app on your smartphone.
  • Personal information stays private – Subject to our privacy policy, we don’t share your personal or financial information unless you give us permission. You can, for example, choose to let Xero Support view your data when you want help.

Find out more about Xero Security here

Thanks for stopping by! To keep in touch follow us on Twitter, Facebook & Instagram.
The Business Hut provides free consultations for your business, to get in touch with one of our friendly team call us on 01858 289 189 or email us at

Stay safe online!


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>