Computer hacking has been top of the news agenda again with the arrest of Julian Assange, mastermind behind WikiLeaks. While WikiLeaks was more interested in hacking government computers and making their secrets public, the episode reminds all of us about the importance of keeping your digital data secure and the huge possible consequences of not doing so.
Meanwhile the UK government has been battling to keep its Cyber Security Programme on the road after massive cuts which have diverted 37% its £169m funding elsewhere. Last month’s National Audit Office progress report was highly critical of the Programme.
One success, however, is the National Cyber Security Centre (NCSC) which is good news for businesses. This is because the NCSC is credited with creating a good platform for targeting businesses and becoming more involved in responding to certain types of cyber-attacks. The NCSC aims to “make the UK the safest place to live and do business online”. Since 2016, the NCSC’s Incident Response Programme has reportedly dealt with over 1,100 cyberattacks – this includes dealing with malicious emails and websites.
● In 2017-2018 the NCSC has blocked over 54.5 million fake emails – many of these falsely promised VAT or tax refunds, scams to which businesses have fallen prey.
Cybercrime continues to take its toll on business
However in spite of the steps taken to tackle cybercrime, scammers soon adapt and develop new ways of targeting our money – the previous two months alone have brought the following online crime news:
● BBC reports more than half of British SMEs ‘report cyber-attacks in 2019’
55% of UK firms faced an attack in 2019, up 40% from 2018, according to a survey of more than 5,400 small, medium and large businesses across seven countries, including the UK, Germany, the US, Belgium, France, the Netherlands and Spain. Alarmingly, average losses have leapt up to £176,000, an increase of 61%. Yet cybersecurity had fallen with British businesses spending the least across these countries. The surveyors speculated that this may be due to the large number of small businesses in the UK feeling that they won’t be targeted because there is a tendency for only larger security breaches to be reported in the press. However 8 out of 10 UK firms say they have made changes since the launch of the new GDPR data laws last year.
● Businesses struck with malware and blackmail
This month a UK man got a six-year sentence for his part in a huge ransomware scheme. The scheme targeted millions of computers globally, attacking systems with poor cybersecurity and then infecting them with the Reveton ransomware. When some companies had found what the criminal was doing, he hit them with a series of distributed denial-of-service attacks which reportedly cost them over £500,000 in lost revenue and recovery costs. The UK National Crime Agency said that this was “one of the most sophisticated, serious and organized cybercrime groups” they had ever investigated.
● SMEs are being attacked by ransomware
Last month the University of Leads reported on its ongoing research project (EMPHASIS) looking at the economic, social and psychological impact of ransomware. It said that small and medium sized companies are being favoured by cybercriminals over larger firms which tend to have better IT security. Auto bots have been used to send random malicious emails aimed at extorting small amounts of money, about £300-£500. However, 2017-18 saw an increase in higher-value firms being targeted and asked to pay larger sums in order to get their data back. Researchers say that cyber criminals are using software to hunt for vulnerable computers and servers and then repeatedly try different passwords until they hit their jackpot.
How are businesses tackling cybercrime?
Aside from the day job of running the business, business-owners have to take care of lots of other activities without which their business would not survive. Tax returns, sourcing insurance, health and safety compliance and so on all take time but are essential to keeping your business going. Similarly, ensuring better online security is vital for guarding against criminal disruptions to your business as well as preventing loss of profits.
This is the message in the latest major report from ‘ Business in the Community’ , a business-led membership organisation created nearly 40 years ago by HRH The Prince of Wales to champion responsible business.
‘Would You Be Ready For A Cyber Attack?’ highlights the reasons why SME business-owners need to take action against cybercrime and how they can keep their businesses safer online. Their research also found that smaller businesses are not investing sufficient time and money in their own cyber security.
Out of all small and medium-sized businesses:
● only 35% of SMEs have a basic data protection policy
● only 29% have a policy for controlling access to systems.
● most alarmingly, 25% of small and medium-sized businesses do not have any cyber security strategies.
● 30% of small businesses (less than 50 employees) do not have any cyber security strategies in place, compared to just 4% of medium-sized businesses (50-249 employees).
● in the last 12 months 40% of small businesses have not undertaken any cyber security action (policies, insurance, staff training etc.), compared to only 8% of medium-sized businesses.
● 18% of business in London and 20% of businesses in both the East of England and East Midlands indicated they have no cyber security measures in place.
● at the other end of the scale, 40% of businesses in Wales and 32% of businesses in the North East indicated that they have no measures in place.
What action can small businesses take to improve their cybersecurity?
It’s easy to become overwhelmed by the different types of cybercrime which could occur and do nothing at all. Sadly, as surveys have shown, too many businesses are not sufficiently protecting their interests.
There are five basic security steps which all professional experts advise businesses to take:
Five steps to better cybersecurity:
1. Install or enable Firewalls – ensure that firewalls are used on all computers and devices to secure your connections to the internet.
2. Use anti-virus software – protect your devices from viruses and other malware
3. Use Encryption – if your data is kept in the cloud then cybersecurity experts recommend that it should be encrypted where it is stored, but also while it is in motion across the internet.
4. Update software – use auto-update mechanisms to keep software up to date – it will help guard against malicious attacks.
5. Control password access – only give access to your data and online systems to those who need it and change passwords regularly.
These five steps make an excellent start for cybersecurity. There are many more cyber protections which professional IT experts advise especially if you are making financial transactions online. If you want a chat about protecting your IT systems further, let 360ict help. We can provide a thorough review of your ICT so that you can reduce the risk of becoming the next victim of cybercriminals.
360ict is an experienced and professional IT company which specialises in supporting small and medium businesses to make the best of their ICT – whether it’s supporting your staff or managing your ICT.