Cyber Security – is your business a target?
Cyber Security Business Risk – Businesses face the risk of cyber attack every day. The risk is real and should be taken seriously by all firms. It’s headline news when large companies and public institutions are attacked and breached. We could be forgiven in thinking that attacks are largely targeted towards these types of high-profile organisations. However, small-medium sized business are prime targets of cyber attackers as these businesses are often the most vulnerable, ill prepared and easiest to breach.
According to a UK Government report almost half of UK firms have been subject to a cyber attack or breach in the past year. The report found that the most common attacks and breaches were through fraudulent emails which deceived staff into revealing passwords or opening malware ridden attachments. Over in the US, 58% of malware attack victims are categorized as attacks on small businesses (Verizon). Of which, 92% of the attacks were initiated through email. Cyber security business risk – the threat is real.
You might ask ‘why would a cyber attacker be interested in attacking my firm? After all, we make rivets in Northampton’ (apologies to any rivet manufactured in Northampton). Motives for cyber attacks vary but commonly, include:
Financial – ransom. Such attacks are designed to disable a firm’s ability to operation or to damage reputation. The attacker demands payment in return for the breach to be disabled and removed. This type of malware is often called ransomware and it is on the rise. According to Version, ransomware was found in 39% of all the malware-related data breaches.
Financial – data farming. The attacker’s motive is to farm your client, prospect, staff and supplier data and sell it to unscrupulous buyers, often other attackers resulting in a compounding number of attacks.
Financial – they’ve been paid to hurt you. Your firm may have disgruntled ex-employees, suppliers, customers or bad debtors who may have a vendetta against you. You might be surprised to hear just how easy it is to order a cyber attack. You’ve probably heard of something called the dark web. Well, there you can order a cyber attack as easy as you can order a take-away on a Saturday evening. You simply given the name of the company you wish to be attacked, choose the severity of attack you would like, then pay in the untraceable cryptocurrency of your choice. Sit back and leave the rest to the cyber attacker.
Target practice – your firm is randomly chosen for mere target practice by junior attackers and cyber criminals who are just starting out, learning the ropes so to speak.
Ideological – the products you sell or the supply lines you fulfil may be against the ideology of the cyber attacker.
What can be done to protect my business from cyber attack
Back up your data, regularly
Taking regular back ups of your data isn’t so much a preventative measure, it’s more to help you recover from an attack or a breach. These days, back ups can be done automatically without the need for human intervention or disruption to your business. Cloud solutions can provide the idea answer to secure data back up and storage. The cloud also enables your business to be operational from any location, any time.
Train your staff
Your staff are both the first line of defence and your first line of vulnerability. Consider commissioning some IT Consultancy to train them. Ensure they know the risks and the basic steps they can take to prevent a breach. Training on avoiding phishing attacks is the ideal place to start.
Ensure all mobile devices have password protection and fingerprint recognition enabled. Configure them so that if they are lost or stolen they can be wiped remotely. Have a policy in place that prevents transfer of data using 3G or 4G or public wifi. Always use a virtual private network (VPN) when working away from your business location.
Password protect data
All PCs, laptops and other devices should always be password protected. Set password protocols so that users are forced to use unpredictable passwords. Use two-factor authentication which requires a second device, a token generator or smartphone.
Cyber Security Business Risk – FREE cyber security assessment
We offer a FREE no obligation cyber security assessment which can be conducted on your premises or over the telephone. It takes the form of between 30-40 questions and takes around one hour. The assessment seeks to identify your current security risk exposure. Cyber Security Business Risk – find out your true position.