Cybersecurity: Why it's important for your business 

What do The NHS, Carphone Warehouse, Equifax, Deloitte and Facebook have in common? In recent years, they’ve all been hit by some sort of cyber-attack.

Modern businesses rely on IT systems and online services to function. But this reliance also exposes them to the risk of cyber-attack, and the data loss and service outages that can result. 32% of businesses identified cyber security breaches or attacks in the last 12 months, according to recent government figures¹.

So what are the main risks and how can you keep your business, and your customers’ data safe? Here’s a handy guide to get you started.

What is cybersecurity?

Cybersecurity is a catch-all term referring to the technologies and processes designed to protect your IT, digital systems, and customer data from attack. No organisation can say they’re 100% safe. But if you get cybersecurity right, you’ll greatly reduce the risk of a successful attack. 

Some of the most common types of cyber-attack include:

DDoS: Distributed Denial of Service attacks are designed to overwhelm your systems with online traffic, rendering key systems such as the website inoperable. These can be launched in order to extort money from victim organisations, or as a distraction, while another attack takes place. They also prevent legitimate customers from connecting to the service offered.

Ransomware: A type of malware that encrypts all your corporate files then demands a ransom be paid so they can be decrypted. Unfortunately, many firms don’t get their files back even if they pay up.

Phishing: A popular way of stealing log-ins or spreading malware. Phishing attacks usually arrive in the form of spoofed emails designed to trick the user into clicking.

Vishing: The fraudulent practice of making phone calls or leaving voice messages pretending to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

Smishing (SMS phishing): A type of phishing attack where mobile phone users receive text messages containing a website hyperlink, which, if clicked would download a virus to the mobile phone.

Pharming: The fraudulent practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.

Password Attacks: When an attacker tries to access your network by cracking your password, usually with a piece of software specifically designed to obtain people’s passwords. Login details should be changed regularly and not shared across multiple platforms – it pays to avoid using common phrases as these can be easier to guess!

Why do SMEs need to invest in information security?

Research from 2019 suggested that small businesses spent an average of £3,490 on cyber security in the last financial year¹. If a business is affected by a cyber security breach, it can cost them on average £4,180, and if they’re a large business the average cost can be much higher with an average of £22,700¹. If your business is hit by a cyberattack you’ll need to pay for investigation and clean-up of the attack itself, then fork out for possible regulatory fines and legal costs. On top of this, you may suffer long-term lost business as customers go elsewhere.

SMEs may think they fly under the radar of hackers, but the reality is much different. Cyber-criminals often prefer to target what they see as the “low-hanging fruit” — smaller companies that may not be well protected.

It’s not all about protecting your systems from an attack. It’s about the data that can be breached as well. If you hold important and personal customer information and fail to stop an attack, then you may face a fine, along with a serious dent to your reputation as a company.

How can I improve my corporate cybersecurity?

The good news is that by taking a series of best practice steps, you can enhance cybersecurity for your business.

These include:

Regular patching: Ensure you’re always on the latest Operating System (Windows, iOS, macOS, Linux, Android) and any other software you use. If you’re on Windows 7, you should make sure to update.

Multi-factor authentication (MFA): This should be switched on/implemented for all your online services and corporate accounts. Adding an extra layer of security means that hackers would find it a lot more difficult to get in. At Cashplus, our online login process includes two-step authentication using the Cashplus app or a physical Code Key.

DDoS Protection: If you use your company web site for e-commerce or other business essential services which you can’t do without for a prolonged period, you should invest in a DDoS protection service.

AV everywhere: Make sure you have anti-virus/anti-malware from a reputable vendor, at the network, endpoint, server and web/email gateway layers.

User training: Ensure your employees know how to spot phishing emails and other security dangers. They can form a great first line of defence. See our tips for spotting a scam email here.

Back-up: Keep copies of your data off-site, regularly updated, so that if you suffer a cyber-attack with data loss (ransomware), it will have limited impact.

Plan ahead: Develop an incident response plan (also known as a play book) with key members of your company so you know exactly what to do if the worst happens.

Password policy: Create a process for regular password checks. As we mentioned earlier, passwords should be changed frequently and be complex enough so that no one will be able to second-guess them (of course make sure that they’re memorable as well).

The government’s Cyber Essentials scheme is a good place to start and can show customers and suppliers you take cybersecurity seriously. The NCSC has also released some useful advice here.

Cybersecurity is no longer an option in today’s digital-first world. But by taking the right steps it can be both an enabler of growth and competitive differentiation.

Sources:

1: Cyber security breaches survey

This content was created on 13th February 2020