The escalating use of technology in our private and business lives is here to stay. However, alongside the many benefits of digital technology – the convenience, the speed and reach – we are all having to learn to be secure in how we use IT. For businesses, a lack of cyber awareness can prove especially costly and damaging.
Businesses are being attacked by cyber crime
An individual in the UK is 10 times more likely to be a victim of fraud than theft, according to the Office for National Statistics. Businesses, charities and organisations are no different.
In April 2018 a new cyber incident classification was introduced by the National Cyber Security Centre ( NCSC ) and UK law enforcement designed to boost UK response to cyber-attack. A new class of cyber attack – ‘Category Six’ – now recognises the threat of cyber attack on SMEs (small or medium sized business).
Each month brings a further spate of cybercrime warnings about the threats to businesses:
● the average cost to all business of IT breaches in a year was £1,570, though this rises to £19,600 for larger businesses ( Cyber Security Breaches Survey 2017 ).
● 44% of SMEs (small to medium-sized enterprises) have been targeted by fraudsters and almost one in four (23%) have fallen victim to fraud, according to a YouGov survey on behalf of Barclays.
● almost 11% of all SMEs surveyed had suffered a cyber-attack, with almost 9% of those making staff redundant to cover the cost of cybercrime, according to the same YouGov survey (as above)
● it is estimated that the scale of charity fraud is anything between £150 million and almost £2 billion per year.
A report on how cybercrime could become the most common crime in the UK – ‘Good Morning Britain’:
What are the main cyber crime risks for business?
Cyber crime covers a whole host computer-based criminal activity. In today’s business environment, one of the main cyber-risks is to think they don’t exist. The government’s National Crime Agency advises that some of the most frequent cyber threats to business include:
● Fraud – this involves false representation, e.g. identity fraud or failing to disclose information. Fraud is one of the most reported crimes in the UK. It can come from external sources or be ‘insider fraud’: when an internal source, for example an employee, acts fraudulently.
● Hacking crime – when hackers gain unauthorised control of your computer networks and wreak havoc via computer viruses, bank account hacking or using your personal or commercially-sensitive data.
● Phishing – when criminals try to ‘phish’ for personal or security information via fake emails
● Ransomware – an ultimate nightmare for businesses in which criminals use malware to lock your systems and then demand a ransom for you to access your data. The true extent may never be known because businesses prefer not to advertise when this has happening fearing commercial consequences.
These are just a few of the threats posed by cyber crime. Fraudsters, hackers and other cyber criminals are evolving all the time in the ways in which they attack honest businesses.
Digital technology has undoubtedly brought society many benefits. For successful businesses focussed on growth, the use of ICT is now ingrained in their organisations, their processes and their marketing. Use of IT is a key tool for driving productivity and profitability. But how prepared are businesses for cybercrime?
What action can businesses take to prevent cyber crime?
While the headlines may suggest otherwise, it’s a misconception that fraudsters target larger companies rather than smaller businesses. Cyber criminals know than smaller firms may not have the resources to devote to cyber security and therefore may be more vulnerable. Some experts think that the typical cyber-criminal is opportunistic – they will go for ‘the window without security locks’, so there’s a high degree of opportunism involved.
Businesses are increasingly recognising online threats and making investment in cyber security . So how much so businesses spend on cyber security?
The government’s Cyber Security Breaches Survey 2017 has revealed the average investment in cyber security in the 2015-2016 financial year by businesses of different sizes:
Here are some of the cyber security actions which SMEs can take:
● Secure your passwords
● Install anti-virus and malware protection
● Ensure software updates are maintained
● Encrypt data
● Make sure your staff follow a routine procedure for data back up
● Have an incident management plan
These may seem obvious steps but it is surprising how often they are overlooked – this is what criminal count on and when they take advantage.
In addition to good routine IT security practices such as the actions above, here are two further steps small businesses should take which will enhance their cyber security:
● Prepare for GDPR – all businesses will need to comply with the new General Data Protection Regulation, or GDPR, by 25 May 2018. The checks and preparations which firms make will render their data more secure and increase cyber security. According to a government survey , the finance and insurance; information or communications; and the education sectors have the highest awareness of GDPR (79%, 67% and 52% respectively) while the construction and the production &manufacturing sectors are among the sectors with the lowest awareness (25% and 27% awareness respectively).
● Get verified by Cyber Essentials – suitable for businesses of any size, in any sector, the government has developed this set of basic technical controls to help organisations protect themselves against common online security threats. Once verified you receive one of two Cyber Essentials badges. The scheme is backed by the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses.
When you are busy with the everyday details of running your business, trying to address all the potential cyber risks can be challenging. That’s why it’s best to consult a good IT firm with experience of advising small firms about improving their cyber security.
360ict Ltd can help you to fix the basics, protect what matters for your business and be ready to react appropriately to pertinent threats. We’re here to help you preserve your business services integrity, customer experience, legal compliance and reputation.
To arrange your on-site review or talk to our IT support team about your options, call 0204 538 4774 today.