Cyber security: how to protect your business
The COVID-19 pandemic has had a significant effect on cyber security and cyber crime. In the first half of 2020, the United Nations reported that there was a global increase of 600% in malicious emails being sent around. Cyber criminals ramped up their efforts during this vulnerable time to target individuals and businesses by manipulating them into providing access to their devices and networks and to share sensitive or financial information.
Additionally, with most employees having to adapt to working remotely and using their home network set-up to work from what is usually far less secure than their usual office network system, it left businesses vulnerable to a cyber attack or breach.
Nearly two years and several lockdowns later, the risks unfortunately remain the same. According to the Department of Culture, Media and Sport’s Cyber Security Breaches Survey of 2021, 38% of all SMEs have experienced cyber attacks in the last 12 months and around 27% were attacked at least once a week.
The main method used against SMEs was phishing attacks, making up 82% of the total cyber attacks experienced. Another worrying figure is that only 14% of businesses train staff on cyber security and just 20% of them have conducted simulated phishing exercises on their staff. These figures clearly show that businesses need to step up their game and significantly improve their cyber security posture to reduce their risk of falling victim to a cyber attack or a breach. Therefore, it’s important to look at these cyber threats we’ve experienced in 2020/21 and use them to prepare ourselves for 2022.
So, what are the risks that you need to look out for in 2022 and how can you protect your business from it?
There are two main areas individuals and businesses need to focus on: Phishing and Cloud-Based Security.
Phishing
If the last few years has taught us anything, it is that ‘old’ methods of cyber attacks, such as phishing, are still as effective as ever. Phishing is a method used by hackers to trick users into clicking a link or a document, to infect the device/network with a malware. It is usually executed via email, but it’s also been used via text messaging and social media. The goal is to access systems and steal sensitive information from an individual or organisation. The reality is that human error is still one of the main reasons why cyber attacks are successful and for that exact reason, why phishing emails are always used as the go-to method by cyber criminals.
The findings of the Cyber Security Breaches Survey clearly reflect this, as it shows that most UK businesses did not provide any cyber security training for their staff. By providing regular training to your staff on how to maintain good cyber hygiene (regular software updates, install firewalls and anti-virus, back up data regularly) you will help keep your system secure. Additionally, by training your staff on how to spot phishing emails, how to appropriately report them or what procedures they need to follow when a cyber breach has occurred, you not only reduce your risk of falling victim to a breach, but you can also reduce the loss of damage and recover more swiftly from the attack.
Cloud-Based Security
With phishing and ransomware attacks continuing to be popular methods used to target businesses to successfully steal their sensitive information, and with more organisations using cloud-based storage this year to upload and back up their most sensitive data, it is crucial to keep it secure. Businesses can implement simple security measures to keep their data safe. In case of a breach, they can keep disruption to a minimum, recover more swiftly to ensure business continuity and reduce their overall financial, data and reputational loss that could otherwise be crippling to the business.
If you are using a cloud-based storage, make sure it provides data encryption, automatic software updates and allows multi-factor authentication to be used, as this will add an additional layer of security. A benefit of using cloud-based storage is that it keeps your data physically separate from your location and allows you to store large amounts of data at a more affordable cost. If a cyber breach or attack has occurred and data has been compromised, you want to ensure that you have access to a recent backup that is securely stored in a separate physical location or network. Since it allows for automated backup, it ensures that you always have the latest version of your data saved within the cloud.
While we recommend using cloud-based storage, this should not be your only method of storing your data. For example, in the event of a ransomware attack, there is a risk that your original files have been ‘ransomwared’ and the cloud-based storage you are using may automatically synchronise those infected files, resulting in you potentially losing your backup data as well. Therefore, we recommend that you have multiple versions of your backup on both a cloud-based storage and a physical storage device, e.g., external hard drive.
For 2022 it’s important to remember that phishing is here to stay and to keep your cloud secure! If you provide regular cyber training and raise awareness around phishing scams among your staff, as well as ensuring that you are storing your data in a secure place, you will reduce your risk of falling victim to a cyber attack in the new year.
Michelle Kradolfer
Police Crime Prevention Initiatives
