Experts now say that it’s a case of when, not if, a business is targeted by online criminals – so are you satisfied your firm’s cyber security would stand up to the test?
It is believed that the vast majority of successful cyber attacks are enabled as a result of human error.
It’s estimated at 90 per cent of all such attacks can be prevented by taking some simple security steps – and staff training is key.
It is evident that businesses need to do more to ensure all staff have appropriate online fraud awareness training and everyone knows and understands their role in keeping the business secure.
A substantial amount of online fraud targeted at businesses is successful due to lack of knowledge or complacency on the part of employees.
It is also important to take into account that if you or your staff fall for scams such as a phishing email or a mandate fraud, your bank may not refund the money lost, as they could claim you have not done enough to protect yourself.
Cyber security should be the golden thread running through your business. It should be an agenda item at every team briefing and every meeting. This is the only way to make it clear just how important it is.
Another important thing to bear in mind is the cost of a breach may not only be the money lost to the attackers.
The Information Commissioner’s Office can also issue fines to companies when customer data is compromised as a result of cyber attacks, if it finds not enough has been done to prevent that data being stolen – and the sums are not insignificant.”
To help reduce the risk to your business, you need to ensure you have the following measures in place at the very least:
n Set up structured employee education and awareness training, make sure it is conducted regularly and kept up-to-date.
n Install internet security solutions on all systems – including mobile devices – and keep all operating software, application software, mobile apps and web browsers up to date.
n Set up and enforce a strict password policy for all employees and contractors.
n Consider restricting access to inappropriate websites to lessen the risk of being exposed to malware, and create a policy governing when and how security updates should be installed.
n Introduce rules on safe mobile working, including use of unsecured Wi-Fi hotspots, shoulder surfing and protecting devices from theft or loss.
n Increase protection of your networks, including wireless networks, against external attacks through the use of firewalls, proxies, access lists and other measures.
n Maintain an inventory of all IT equipment and software – including redundant systems – and identify a secure standard formation for all existing and future IT and comms equipment used by your business.
n Restrict staff and third-party access to IT equipment, systems and information to the minimum required. Plus, keep items physically secure to prevent unauthorised access.
n For home and mobile working, ensure sensitive data is encrypted when stored or transmitted online so data can only be accessed by authorised users.
n Restrict the use of removable media such as USB drives, CDs, DVDs and secure digital cards, and protect any data stored on these to help stop data being lost and to prevent malware from being installed. Have a proper BYoD (Bring Your Own Device) policy in place.
Many SME directors fear that as they do not have the ability to employ online security experts, they may not be able to sufficiently protect their assets.
However, there is a wealth of free information available that can help you to put the basics in place.
The Cyber Essentials scheme provides an easy way of showing your business can be trusted when it comes to cyber security – and a quick way of spotting which firms also make the grade.
It identifies the security controls you must have in place within your firm’s IT systems in order to qualify for the accreditation, and although relevant to firms of all sizes, it also recognises that some small and medium sized enterprises may need more help, guidance and support than larger firms with IT experts on staff.