Cybersecurity: Why it's important for your business
What do The NHS, Carphone Warehouse, Equifax, Deloitte and Facebook have in common? Over the past year, they’ve all been hit by some sort of cyber-attack.
Modern businesses rely on IT systems and online services to function. But this reliance also exposes them to the risk of cyber-attack, and the data loss and service outages that can result. Nearly half (43%) of all UK businesses suffered a security breach or online attack in the past year, according to recent government figures1.
So what are the main risks and how can you keep your business, and your customers’ data safe? Here’s a handy guide to get you started.
What is cybersecurity?
Cybersecurity is a catch-all term referring to the technologies and processes designed to protect your IT, digital systems, and customer data from attack. No organisation can say they’re 100% safe. But if you get cybersecurity right, you’ll greatly reduce the risk of a successful attack.
Some of the most common types of cyber-attack include:
DDoS: Distributed Denial of Service attacks are designed to overwhelm your systems with online traffic, rendering key systems such as the website inoperable. These can be launched in order to extort money from victim organisations, or as a distraction, while another attack takes place. They also prevent legitimate customers from connecting to the service offered.
Ransomware: A type of malware that encrypts all your corporate files then demands a ransom be paid so they can be decrypted. Unfortunately, many firms don’t get their files back even if they pay up.
Phishing: A popular way of stealing log-ins or spreading malware. Phishing attacks usually arrive in the form of spoofed emails designed to trick the user into clicking.
Vishing: The fraudulent practice of making phone calls or leaving voice messages pretending to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.
Smishing (SMS phishing): A type of phishing attack where mobile phone users receive text messages containing a Web site hyperlink, which, if clicked would download a virus to the mobile phone.
Pharming: The fraudulent practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.
Why do SMEs need to invest in information security?
Research from 2017 suggested half of UK SMEs planned to spend just £1,000 on cybersecurity over the coming 12 months2. Yet if a serious attack hit home it could cost them much more than that to recover: over £3,000 on average, rising to £16,100 for medium-sized firms, according to the government. If your business is hit by a cyber-attack you’ll need to pay for investigation and clean-up of the attack itself, then fork out for possible regulatory fines and legal costs. On top of this, you may suffer long-term lost business as customers go elsewhere.
SMEs may think they fly under the radar of hackers, but the reality is much different. Cyber-criminals often prefer to target what they see as the “low-hanging fruit” — smaller companies that may not be well protected.
It’s not all about protecting your systems from an attack. It’s about the data that can be breached as well. If you hold important and personal customer information and fail to stop an attack, then you may face a fine, along with a serious dent to your reputation as a company.
How can I improve my corporate cybersecurity?
The good news is that by taking a series of best practice steps, you can enhance cybersecurity for your business.
Regular patching: Ensure you’re always on the latest Operating System (Windows, iOS, macOS, Linux, Android) and any other software you use.
Multi-factor authentication (MFA): This should be switched on/implemented for all your online services and corporate accounts. Adding an extra layer of security means that hackers would find it a lot more difficult to get in.
DDoS Protection: If you use your company web site for e-commerce or other business essential services which you can’t do without for a prolonged period, you should invest in a DDoS protection service.
AV everywhere: Make sure you have anti-virus/anti-malware from a reputable vendor, at the network, endpoint, server and web/email gateway layers.
User training: Ensure your employees know how to spot phishing emails and other security dangers. They can form a great first line of defence.
Back-up: Keep copies of your data off-site, regularly updated, so that if you suffer a cyber-attack with data loss (ransomware), it will have limited impact.
Plan ahead: Develop an incident response plan (also known as a play book) with key members of your company so you know exactly what to do if the worst happens.
Cybersecurity is no longer an option in today’s digital-first world. But by taking the right steps it can be both an enabler of growth and competitive differentiation.
This content was created on 27th July 2018