New warnings about Cyber Crime: “It’s when, not if”
8th February 2018
The beginning of the year brought dire warnings of a major cyber security attack on the UK. The head of the National Cyber Security Centre has reportedly said that the UK has been lucky to avoid a “category one” attack.”
While this may – for now – primarily concern major infrastructural companies such as energy and financial services, the effects would of course have a major impact on small-to-medium businesses (SMEs) too.
Cybercrime threatens small businesses
“66% of small businesses have been the victim of cybercrime.”
“Cyber crime costs each small business nearly £3,000.”
“Smaller firms are collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.”
These are the alarming findings of a Federation of Small Businesses 2017 report. While most small businesses need the internet and digitisation to thrive and grow, they are often least equipped to deal with increasingly sophisticated cyber-attacks.
The growth in SMEs taking advantage of digitisation, e-commerce and online banking has left them more vulnerable to specialist criminals to can target anyone from individuals, small businesses and larger organisations. These cyber criminals aim to steal your data and personal information to wring out them maximum benefit for them.
In fact online crime has become such a threat that in 2017 the government unveiled an extra £1.9b package to help fight the cybercrime threat. The funding doubles the amount spent on 2011 and is aimed improving automated defences for people and businesses, deterring attacks and protecting them from criminals.
What is Cybercrime?
Cybercrime and cyber-attacks cover a range of computer-related criminal activity. The attacks are becoming increasingly more sophisticated. What was once the preserve of futuristic movies or sci-fi novels no longer seems that far-fetched. The criminals may be close-knit teams working together or opportunistic individuals. While much cybercrime involves high level technical skills targeting valuable assets, at the other end of the scale, speculative hackers will pick vulnerable computers which do not have security updates installed or where users will click on malicious links.
According to the government’s National Crime Agency the most common cyber threats to businesses include:
● Hacking – where hackers use specialist software to get unauthorised access to your computer networks and systems. Hackers can then sell on your personal or commercially-sensitive data to fraudsters.
● Ransomeware – a form of malware which locks your computers and encrypts your files. The criminal then demands a ‘ransom’ for you to be able to access your files and data again.
● Distributed Denial of Service (DDOS) attacks – these attacks flood their target’s systems with incoming traffic (via ‘botnets’) so that legitimate users are unable to access online services. It can severely disrupt normal business.
Cybercrimes which are more often aimed at consumers but which can still threaten businesses include:
● Phishing – where fake emails try to elicit personal and security information.
● Keylogging – where unknown to the user, cyber criminals are able to record what is typed on the keyboard.
Businesses everywhere will have shuddered in May last year when Britain experienced its most serious cyber-attack so far – the ‘WannaCry ransomware” attack on the National Health Service. That cyber-attack, a ‘category two’ incident, resulted in the computer systems shutting down leaving confused patients and medical staff in limbo and struggling in the face of cancelled operations, appointments, deliveries etc. Financially, the worldwide cost of that cyber-attack was estimated at $4bn. Such an attack brings major chaos to the normal operation of business.
BBC says “firms feel they’re under siege” from cyber attacks
It’s no surprise then to learn this January also brought news of firms panic-buying insurance against cyber attacks. Fearful of being held to ransom by hackers, many businesses have sought out insurance against losses. Expensive insurance against cybercrime is becoming big business. However insurers can find it difficult to accurately assess risks and charge the correct premiums faced with this ever-evolving type of crime and the difficult of quantifying the loss of data and services.
Rather than panic buying insurance, a better solution against cybercrime is to investment in protecting your IT systems, your own data and that of your customers. Even if businesses do decide to go for insurance, premiums are likely to be lower if you can demonstrate the cyber security measures which you have in place and, for example, whether you have an appropriate disaster recovery plan. After all, just because you have house insurance doesn’t mean you should leave your front door open!
Why cyber security is important
● Whether it’s hacking, terrorism or a malicious employee, Cyber attacks can occur on any business. Imagine the paralysis of your business if you couldn’t access orders, deliveries, HR data etc. Even art galleries haven’t escaped this pernicious crime – last year cyber scammers broke into London art dealer emails and changed bank account details on invoices before anyone noticed. That sector has now invested in some cyber security to protect themselves.
● Apart from the direct hit on time and costs, from May 2018 all businesses will potentially be liable for some serious fines if they have not adequately protected their customers’ data. All businesses will need to be compliant with the new GDPR (General Data Protection Regulation) EU regulation by the looming deadline of 25 May 2018.
● If you want to secure work with a government body, the UK government now insists that every business has to conform to the Cyber Essentials standards set by the National Cyber Security Centre.
How to improve your cyber security and reduce cyber crime
There are the common sense practices which we should all remember – it’s all about protecting your personal information and being wary about giving away too many details. For organisations, however, data security is part of effective risk management.
You should enlist the help of a good IT solutions firm to check on:
● installing excellent antivirus and firewall protection
● updating software frequently
● having a procedure for routine data back ups
● identifying and encrypting sensitive data
● ensuring all staff are aware of best practice in cyber security
There are numerous further measures which can be explored too to ensure good cyber health.
Having your IT systems in optimal shape means business-owners and managers have more time to concentrate on profitability and growth. At 360ICT we have a strong focus on data security and protection. That’s why we have a well-developed range of solutions to help SMEs who are often targeted due to their vulnerability.
We prioritise listening to the needs of our clients. Our aim is to optimise our clients’ IT capabilities and security. And we’re always refining our approach and learning to improve future activity.
From small-to-medium businesses, to the public sector to larger corporations, we can provide professional advice and action on tackling cybersecurity.
We’re passionate about transforming what small businesses can do with their IT.
To make sure your organisation is compliant with all data security and data protection regulations have our business IT support experts carry out an on-site review. To arrange your on-site review or talk to our IT support team about your options, call 0208 663 4000 today
If you require any further advice or information please do contact us on 0208 663 4000 or Contact Us.