If it’s not already, strategies to protect data against cyber crime should be a top priority. Here’s an overview of why and how you should protect your data.
Businesses of all shapes and sizes need to protect data in the organisation against cyber attacks. Cyber criminals aren’t only interested in hacking large corporates and making off with huge sums of cash, they will also quite happily target the low hanging fruit.
“Each day cyber attacks are becoming a reality for an increasing number of businesses, so many are asking not if, but when a threat to their network security will occur. Many household names such as eBay, AOL, Sony and JPMorgan Chase have suffered cyber attacks, but they are not confined to large companies.,” said Suzanne Rab, barrister specialising in regulatory law at Serle Court Chambers in London and Virgin Media Business cyber expert.
In fact, cyber crime costs small businesses disproportionately more than big businesses. This is according to the Federation of Small Businesses, which estimated small firms are collectively attacked seven million times a year at an annual cost to the UK of £5.26bn.
A government survey found that around 24 per cent of all businesses will have suffered at least one cyber attack of some kind in the last 12 months, and that among those that detected breaches the average cost over this time period was around £3,480. This could seriously put a dent in the bottom line for a small firm.
“Data protection is not on the forefront of mind for small businesses, yet it can be their single cause of downfall,” said Nicole Barrett, director, Vegas Mattresses.
“It should be more prominent to small businesses and how they can easily protect themselves and the people whose data they hold.”
Of course, it can be very difficult to accurately measure the cost of a cyber attack, but there are several things you can consider.
“Cyber attacks range in severity, with the most severe causing service loss or data breaches. Both can erode trust, reduce revenue and potentially expose the victims to legal penalties,” explained Stephen Wind-Mozley, Virgin Media Business’ director of digital.
“These attacks happen with frightening regularity and a well prepared business can do much to protect against the negative effects of them. The most damaging attacks are the ones that are successful in causing data breaches, as these can ruin trading reputations irrevocably and expose the victims and their customers to fraudulent or criminal use of their data.”
It takes smaller firms the longest to get back on track after a breach. Around 24 per cent of micro businesses said it took them up to a week to recover from the most disruptive breach, whereas overall only 14 per cent of businesses of all sizes said the same. This could be due to micro firms relative lack of infrastructure, trained staff or protections, such as up-to-date software to protect data.
It goes without saying that losing a week’s worth of business could be a real disaster and, for some, could spell the end.
It is surprising then that only 51 per cent of businesses have taken recommended actions to identify cyber risk, and only ten per cent have a formal incident management plan.
Operating on a secure network
There are some basic cyber security precautions that any business should be aware of to protect data, such as installing anti-virus software and keeping all software patched and up to date.
One thing that might not spring to mind immediately though is protecting your broadband.
Other people “piggybacking” on your bandwidth is bad. Depending on your plan, it can increase your monthly costs while actually slowing down your internet connection and, worst of all, it puts your data at risk.
To counter this, you should always ensure you set a password on your router. Believe it or not, the default usernames and passwords that come with wireless routers are all made available to the public – it’s possible to get a list of all the default passwords for all manufacturers’ routers with a simple Google search.
Where possible, choose WPA2 in the wireless security settings on your router. This is the most secure setting, but may not be available on older hardware.
In addition, all wireless devices have what is known as a MAC address, and you can set your router to only allow access to the network for authorised addresses. However, this isn’t fool-proof as MAC addresses can be faked.
According to Rab, businesses should implement updated security technology and make investments in encryption technology that is proportionate to the risks the business faces.
“For example, businesses handling sensitive customer data such as payments data will want to spend more money and time on enhanced protection,” she said.
Barrett is always careful to make sure that sensitive information is exclusively shared via encrypted services.
“Payment information, if ever given over the phone, is treated in line with PCI regulation whereby no information is written down but exclusively input directly into the payment portal with no information repeated over the phone back to the person, only acknowledged with ‘Yes’,” she said.
“There are plenty of communication lines that I will not use to share sensitive personal information. Video conferencing, via cloud services or similar, will not be used as I do not consider them as safe enough at this time. I trust that developments continue to drive security forward.”
How to prevent cyber attacks when using WiFi on the go
It’s common practice these days to work on the go – there’s access to WiFi in airports, coffee shops, on trains, why wouldn’t you? While this is great and makes flexible working much more attainable for many businesses, you should always be aware what networks you are working on.
Using WiFi on the go for research purposes is all well and good, but if it’s something sensitive that you wouldn’t want falling into the wrong hands, such as, any banking transactions, try to wait until you have a secure connection you can trust.
Always make sure to use HTTPS rather than HTTP when searching for a website as this means the data passed back and forth is encrypted. Never type in any sensitive information with an HTTP connection.
When employees work on the go, they will often use their own devices, which introduces a whole new set of problems. Have they
ensured they are patched and up to date on their own devices? Have they installed a firewall?
The cyber security risks of bringing your own device are unavoidable for 45 per cent of businesses, which are aware of employees using their own kit for business related activities.
Cyber attacks: It’s a people problem
Malicious attacks for the most part are only successful when an employee does something they shouldn’t have done – whether that’s operating on an unsecure network, disclosing a password, or clicking the wrong link in a dodgy email.
This is why a business approach to cyber security should be organisation-wide, the responsibility to protect data doesn’t begin and end with the IT department.
It is increasingly necessary to ensure your staff are aware of cyber threats, and how cyber criminals seek to invade your business. Once they know the red flags to look out for, your defence will be much stronger.
It is impossible to ever be 100 per cent protected against all cyber attacks, and cyber insurance may be worth considering – depending on your business. Make sure you have an incident plan, and proceed with caution.