Protecting your business from cyber-attack: an essential guide to cyber security
With the Covid-19 pandemic bringing yet more closures of brick-and-mortar businesses, there’s been a well-documented growth in eCommerce and general online interactions within the business community. And it’s been encouraging to see how many organisations have successfully pivoted to embrace digital in the last 12 months.
However, with digital growth comes some significant challenges, including an increased risk of cyber-attack. According to the Cyber Security Breaches Survey 2020, cyber-attacks have increased year-on-year, with businesses that identified breaches or attacks in the last 12 months experiencing them at least once a week. Contrary to popular belief, small to medium sized businesses (SMBs) are also more frequently targeted, with 46% of micro and small businesses suffering breaches or attacks during the past year.
Don’t make yourself an easy target, read our top tips to safeguard your company and customer data from within.
Know your enemy
With the rise of online transactions, it appears that hackers and fraudsters are capitalising, too, and the nature of cyber-attacks is evolving at an alarming rate. Being aware of the latest techniques used by cyber criminals is therefore a vital part of any good cyber security policy.
Email is by far the largest attack vector for cyber-attacks, and with an increasing number of employees working from home, workforces are more vulnerable than ever. The Cyber Security Breaches Survey 2020 revealed that 86% of cyber security breaches were phishing attacks (a figure that has risen from 71% in 2017).
Impersonated attacks are also a rising trend amongst cyber criminals with 24% of cyber-attacks being identified as CEO fraud or similar. CEO fraud involves the impersonation of a Chief Executive Officer, Managing Director or other senior manager. The fraudster will then target a company’s finance team via email or phone in an attempt to divert payments for goods or services to a fraudulent bank account.
Malware (including ransomware) was another technique used by cyber criminals, used in 18% of cyber-attacks.
Making cyber security a priority, not an afterthought
Cyber security is always a hot topic yet it isn’t always prioritised, especially by SMBs that think they’re too small or not profitable enough to become a target.
We’re happy to report, however, that this is (slowly) changing. Research found that 79% of businesses considered cyber security a high priority at board level – up from 69% in 2016. Small businesses are also following suit with most (54% of those surveyed) seeking information about improving cyber security policies during the last 12 months.
Formally assessing cyber risks should be a part of all businesses’ ongoing operations. Yet only 50% of businesses surveyed chose to commission internal or external audits in the last year. And just 35% undertook a cyber risk assessment.
The cyber risks presented by suppliers were seen as even less of a concern for businesses, too. Just 15% of businesses reviewed the cyber security risks posed by their suppliers and only 9% did this for their wider supply chain. Regular cyber risk assessments in every area of your business and supply chain are the key to a robust IT policy.
Always opt for layered security
Once you’ve identified the cyber security risks, now it’s time to minimise or even eliminate them. Closing the loopholes that could be exploited by cyber criminals is easy with a layered security approach, and it’ll protect your company, customers and workforce in the process.
Here at itcent.re we implement several controls to ensure layered security, these include:
- Least-privilege administrative model – this restricts the permissions of certain users to prevent potential malware threats
- Regular reviews of practice – to ensure staff interacting with company data do so in a safe and secure manner to minimise the risk of breaches
- Endpoint security – this technique uses anti-virus and ransomware protection to safeguard endpoints on user devices
- Endpoint detection – we actively monitor user devices and the wider network for suspicious activity, then use insights to prevent additional and future breaches
- Advanced email security – to protect against the biggest cyber security threat for companies
- Network security – this prevents and protects against malware, ransomware, spam, viruses, CEO fraud and phishing
- User education and phishing testing – we teach users how to protect themselves and the company against the threats of phishing, including how to identify and avoid phishing attacks
- Regular vulnerability scanning, plus periodic operating system & software updates
- Firmware and security patches for network and all computer equipment
- Information asset registration – to identify the company, its location and all known dependencies
- Critical company data backups and testing.
Cyber-attacks cost companies time and money, as well as causing significant reputational damage. In fact, the average annual cost after a breach is a hefty £3,110 for micro and small businesses, with 20% of staff being forced to set valuable time aside to deal with a breach.