Having a basic understanding about cybersecurity and best practices is crucial for keeping your business safe online. Simply defined, cybersecurity involves the methods used by businesses and individuals to protect the integrity, confidentiality, and availability of data against online threats.
Why is cybersecurity or IT security important?
As the world becomes increasingly digital, companies are experiencing an unprecedented level of online risk. According to a 2017 government report, 46% of all UK businesses reported at least one cybersecurity breach or attack over a 12-month period.
Medium and large businesses face even higher levels of risk, with 66% of medium and 68% of large business experiencing at least one cybersecurity breach or attack in the past year. With such widespread cybersecurity issues, it’s not surprising that almost three quarters of business leaders and managers recognise cybersecurity as a top concern.
Myth: small businesses aren’t vulnerable to cybersecurity threats
As a small business owner, it could be easy to mistakenly think that hackers and cybercriminals aren’t interested in your company’s data. After all, media coverage typically only features the cyber-attacks of larger companies such as TalkTalk, Uber and Yahoo. As such, small businesses often don’t have cybersecurity plans in place.
The same UK government report previously mentioned also revealed that 64% of micro businesses and 34% of small businesses have no cybersecurity plans. Most small business also don’t invest in cybersecurity and spend a very small amount of their budget on online security.
As such, small businesses are an easy target for cyber criminals. Stats show 24% of companies that don’t have cybersecurity plans have experienced a cyber-attack and 13% of these attacks had a significant impact, such as complaints from customers, damage to the company’s reputation, or being unable to provide goods or services.
What are the biggest cybersecurity threats for UK businesses?
In 2017, UK businesses faced a wide range of cybersecurity threats. The biggest IT security issue faced by UK businesses arose as a result of employees receiving fraudulent emails or phishing scams, which accounted for 72% of the cyber-attacks. However, businesses also encountered cybersecurity issues due to viruses, spyware, malware, and ransomware.
UK businesses should be aware of the following cyber threats:
When cyber criminals attempt to obtain sensitive data such as passwords and usernames, customer details, or credit card information by pretending to be a trustworthy, known source in online communication (email, instant message, etc.).
An attempt to obtain information about an individual or company without their knowledge. This information might then be sent to another organisation without consent or the cybercriminal may take over the device.
As a malicious software, malware infects the users’ computer with a virus, worms, trojan horse, or spyware. Often this damages the device and renders it, at least temporarily, unusable.
A malicious software that holds the company’s computer or data hostage and threatens to release the data or restrict access to the device unless a ransom is paid. The largest ransomware attack, which targeted the NHS, occurred in 2017 and demanded payments from 300,000 computer servers across the world.
Most of these threats can be prevented with proper security measures, educating staff members and promoting corporate vigilance.
How does a cyber-attack impact your business?
Cyber-attacks can greatly impact businesses. In fact, one in five companies report material losses as a result of a cyber-attack. Meanwhile, 23% of companies experience a temporary loss of files or networks, while 20% report damaged or corrupted computer software or systems.
In addition to material losses, cyber-attacks can impact company’s resources as staff will need to focus on handling the issue and implementing a new security system. Employees may not be able to complete their daily work due to the incident. Cyber-attacks can also damage the brand’s reputation, lead to a loss of clients and customers, and impact the company’s quality of service.
If the cyber-attack results in a data breach, due to new GDPR regulations, companies could face heavy fines. Depending on the circumstances, companies could be penalised between €10m and €20m or 2% to 4% of global turnover (whatever’s higher). Therefore, it’s become extremely crucial for companies to comply with GDPR regulations and properly ensure the protection of sensitive information.
How to protect your business against cyber-attacks
It’s important to have measures in place to protect against cyber-attacks. Practical steps can go a long way towards ensuring you and your customer’s data is safe for cyber criminals.
Protect your data from a cyber-attack
Under the new GDPR regulations, any company that collects or processes data on EU citizens must legally use suitable measures to protect customer’s data. Data protection must be either privacy by design or by default. While these regulations apply explicitly to customer data, these methods can also be used to protect other forms of sensitive information.
Most cyber threats can be identified sooner and avoided by training employees on cybersecurity. As phishing scams are one of the biggest threats to companies, it’s important that staff can recognise trustworthy links and emails.
Staff should also know who to inform if they suspect a data breach or cyber-attack. Providing cybersecurity training to staff is a relatively inexpensive and effective way to protect your company and customer.
Protect your devices and apps from cyber-attacks
The default settings for most devices and software don’t provide a high-level of security. It’s recommended that businesses check the settings on new devices and software and change security settings for improved protection.
Both devices and accounts should also be password protected. Passwords, when implemented correctly, are a savvy and cost-effective way to improve security. In addition to standard passwords, you can also protect devices with PINs or touch-ID.
More important accounts, such as financial or IT accounts, should be protected by two-factor authentication (also known as 2FA). For more information about passwords check out our article on Cybersecurity Basics.
Cyber essentials scheme
Cyber Essentials is a government-backed scheme that aims to help business master cybersecurity best practices and prevent against cyber-attacks. Depending on your level of commitment, you can read their digital articles or complete an entry-level or more advanced certifications in cybersecurity. Cyber Essentials is a great resource for companies looking to gain a greater cybersecurity awareness.
While October may be cybersecurity awareness month, it’s important to promote awareness year round. Employees are one of the best defences against cyber criminals and attacks and as such should be properly trained to identify cyber threats and scams. Without their support, even the most advanced IT security software is useless.