Cyber-attacks - Is my business safe from them?
Many business owners are fearful of a cyber-attack. With the constant advancement in cybercriminal techniques, all business owners must regularly review their cyber security risks.
It can be a common misconception that certain businesses don’t hold as much valuable data as others, and therefore the target is minimised for them. For example, a smaller business might believe its information is less valuable because they don’t hold as much data as a large corporation. It is more common for cybercriminals to target smaller businesses with the hope to gather data on their customers and suppliers to perform further targeted attacks.
All businesses hold valuable data. cybercriminals don’t pick their victims based on the scale of data; they pick them based on how easily they can obtain access. Aiming their resources at smaller businesses could mean less reward for them, however, it could equally mean more chance of obtaining sensitive data if that business has weak, untested boundaries or outdated cyber security systems…
That doesn’t mean larger businesses should slack on their security. As we’ve recently seen in the news, bigger businesses are still a primary target.
At CapNet, we’ve answered some of the most common questions we get asked from our customers, so you can be sure your business is safe from a cyber-attack.
1. Does the size/type of the business matter?
It can be a common misconception that small businesses are safe from cyber-attacks. However, both large and small businesses are at risk of a cyber-attack. It’s not surprising that business owners feel this way. With well-known brands constantly being portrayed in the news when a cyber threat hits, it can be easy to see why someone might believe this.
Recently, a well-known tech company, Acer, were hit by a ransomware attack. The criminals demanded $40 million for them to have their data back, or they would sell it to a third party.
The media portraying these well-known brands in the media will make them more inclined to up their security strategy. Leaving other businesses open to cyber-attacks.
It isn’t about how well-known your business is, or what you sell. Every business, big or small, has one major thing in common… they all store data. Whether that’s customer data, staff data, or financial data.
Every business should have the same measures of security in place. Most of the companies that have been attacked in the news have luckily managed to bounce back. However, not every business can do this. So, it’s extremely important to increase your security defences, as well as learn about all the latest security threats that could be imposed on your business.
2. How effective is my cybersecurity strategy?
This is a question many business owners should be asking themselves regularly. This is because the techniques that hackers use are constantly evolving as well as the environment that is constantly changing. Therefore, it’s important that you also evolve your security strategy by putting all the latest cyber policies in place. CapNet recommenced reviewing security at least once every six months whilst implementing automation systems to reduce the risks.
Some of the things you need to consider include:
If you were to face a cyber-attack, do you have all the right resources in place to quickly identify and isolate the problem?
Is your security strategy up to date, what exactly do you need to add to your updated strategy?
If you’re just launching a business, and don’t currently have any security policies in place, what do you need to do?
What exactly needs protecting in your business? For example, customer and staff data is extremely important, but what about financial data? Is there any data or information that has been overlooked?
Do you know what types of threats commonly attack your business? If so, do you know how to spot and report them?
Are all your staff on the same page when it comes to security? It can’t just be down to the IT department or yourself to protect your business from a cyber-attack. If staff are using weak passwords, or unable to spot a phishing email, they might need cyber security training. Every department needs to work together to keep their data and your customer data safe.
Attacks on businesses in the news have shown that companies must go beyond basic patching and checks if they are to avoid exploitation. With threat actors becoming more creative, access to mission-critical infrastructure needs to be limited.
At CapNet, we can help answer all your questions about your cyber security strategy and whether it’s effective at preventing a cyber-attack. We also offer many cyber security services to new and existing customers to make sure you’re fully protected from a cyber-attack, and up to date with all the latest threats.
For many companies, it’s really useful to invest in a penetration test (Pentest) service. This allows us to test your external boundaries to see if there are any potential weaknesses just as a cybercriminal would do. We can do this without any disruption to your business and we offer this at an introductory discounted price. A PenTest can be a one-off annual test or the (Cyber Essentials) recommended monthly test.
3. Will my security insurance cover a cyber-attack?
When a business faces a cyber-attack, there’s no guarantee of how much money they could lose as well as the added cost of downtime and loss of business. It can range from hundreds to millions of pounds. If a cyber-attack were to hit your business. Here are a few examples of how this could affect your business.
The cybercriminal might have stolen money when they’ve hacked into your accounts.
A cybercriminal might steal data and demand a ridiculous lump sum for you to have that data back through ransomware.
They could hack your networks and prevent your business from being able to operate. Cybercriminals will then demand payment for you to resume your business. This could cost you hundreds or thousands as you’re forced to come to a halt.
A cyber-attack that has resulted in customers or staff losing their data could result in the business’s reputation being damaged. This can cause loyal customers to stop using your products and services altogether. On top of this, staff could lose faith in the company and walk out. A reduction in staff could significantly affect how the business can operate.
To add to this, the customers or employees might warn other people about the data breach, which could cause a loss in potential new customers with a public investigation with the ICO.
Finally, customers or staff could attempt to take the business to court if their data has been stolen and not protected. This can take up a huge amount of resources.
Despite the amount businesses might end up paying out if they were to be targeted by a cyber-attack, many still avoid putting all the right security policies in place. This can be down to the fact a business has taken out cyber security insurance, and therefore any cyber-attack costs will be covered by this.
It can be easy to see why someone might think that insurance will protect you from all these costs. However, if you read the terms and conditions, it will usually stipulate that a business should have all the right measures in place to have prevented that cyber-attack from happening. If an insurance company can see that you’ve done everything you can to prevent the cyber-attack, they will usually let you claim.
Your insurance company would expect that you have basic things like: -
Have a Cyber security risk assessment in place reviewed every 12 months at the board level.
Have managed business antivirus on all systems.
Users have been trained on Cyber security from induction through to refresh.
All systems are fully patched and updated inclusive of third-party apps.
Follow either IASMI, Cyber Essentials or ISO standards.
Penetration testing and external boundaries.
By paying the small fee now to have an up-to-date risk assessment and all the right policies in place, you could be saving yourself a huge payout in the future.
4. Have we invested enough in cyber security services?
If you’re only spending money on a yearly anti-virus, this won’t be enough to protect your business from a cyber-attack despite antivirus being a fundamental service. Having additional security might seem like an unnecessary cost to your business, but as we covered before, you can end up paying more by not having the right measures in place.
Businesses can avoid downtime and unexpected costs by having the right protection in place now. The amount that is spent on security will be different for every business. However, we are always happy to break down the services we believe you may need. We will tailor our products/services to every business, so you know exactly how much it’ll cost, without any hidden charges.
If you don’t have all the right security in place, you risk becoming a victim and also having to deal with a possible legal case for the business once the employees or customers find out. You also risk a fine under the GDPR which states that all data must be stored safely and securely.
5. Is my team trained in preventing a cyber-attack?
Do your team know how to spot a phishing email? Do they know the different types of malware and how to spot them?
One of the easiest ways a cybercriminal can succeed with a cyber-attack is by targeting your employees. This has been proven by many of the cyber-attacks that we see in the news on well-known brands. They usually happen because a member of staff has opened a scam email, believing it to be from a colleague or someone in another department.
If your staff aren’t trained in spotting and reporting a potential cyber-attack, they become a weakness in your security strategy.
Getting your staff up to date on all the latest security threats and how to stop them is simple. Our bespoke cyber essentials training can be offered to you and all your team. We will ensure they have all the knowledge they need to avoid falling for these common scams.
In the meantime, you and your staff can read our latest blog posts about creating a safe password, as well as the most common types of security attacks.
6. Do I have the information I need to oversee a cyber-attack?
To ensure you have all the correct information to reduce cyber-attack, you should be asking yourself the following questions:
Do I know the different types of security threats that could impact my business?
Do I know how to spot these different threats?
Do I know how to report a potential threat?
Do my staff know all the above?
The best way to stop cyber-attacks is by learning about them. For example, if you and your staff learn all about phishing attacks, the damage they can have on your business, and how to spot one, you’ll become more aware when checking your attack is texts or calls.
At CapNet, we can offer our cyber essentials training to you and all your employees. By teaching you about these threats, we can help you all become more aware. We have also been posting about the latest threats that are attacking businesses in 2021, and ways to prevent your business from becoming their next target.
7. Am I secure from these security breaches?
There are many products and services that we offer, which could significantly reduce the chance of a cyber-attack on your company. Some of these include:
Cyber Risk Assessment - Focusing on your business and identifying the risks is a great starting point. A risk assessment ensures that you are fully aware of all aspects of your ICT systems and associated risks allowing you to make informed decisions.
End user training - It's important for you and all your team to receive cyber training. As cybercriminal techniques are always evolving, we offer you the most up-to-date training. We've conducted cyber training for many of our customers this year already, and we feel reassured that they know the different types of security threats, how to spot them and how to prevent them. We are currently offering our security training at a discounted rate to all our customers.
Spam filter - By incorporating a spam filter into your business, you could significantly reduce the amount of phishing and spear phishing attacks. These types of attacks have risen over 680% over the lockdown period and are expected to increase with the home working environment change
Penetration testing (Pentest) - This process involves testing your public-facing infrastructures such as websites, firewalls, servers, and external boundaries. We are confident that we can offer this at a reasonable and affordable rate compared to other companies offering this service.
Antivirus - All our customers should be using a business-grade centrally managed antivirus solution on every device, including their staff. We can offer business-grade managed antivirus which can help to prevent the likes of malware threats.
Cyber Essentials framework - By adopting the Cyber Essentials framework internally within the business you can keep your business extra secure. Cyber Essentials is a government-backed framework aimed to raise awareness and reduce security risks.
On top of this, your company must implement a password policy. Weak passwords are one of the most common ways a cybercriminal will access your business information.
Also, if your staff are working from home, we advise that you provide them with a business laptop. Personal laptops don’t come with the security you need to keep safe. If staff are using personal laptops whilst working from home, it’s increasing the chance of a cybercriminal obtaining sensitive data.
To find out more about what we offer, or to discuss one of our services, give us a call today!
8. Am I safe online whilst working from home?
Cyber-attacks have increased dramatically whilst everyone has been working from home. While some companies are settling back in the office, many are still choosing to keep their staff at home. Whether they are remaining at home full time or mixing between home and the office, remote working is looking like a permanent fixture for many.
Though working from home can save a business a lot of money, it does face many security risks. This is because the security measures you have in the office might not have been implemented at home. It can also be difficult to make sure employees are following the usual office security procedures if they’re working from home. Some of the risks include:
Staff working from home might not have a secure VPN or hold data locally.
Many staff are working from personal laptops, which is likely to lack the right security and software.
Staff might not be updating security and software regularly.
Working from home can make it more difficult for business owners to check these common procedures.
If you’re choosing to have staff working at home, whether it’s permanently or flexi work, it’s a good idea to put policies in place to help keep those members of staff safe. We also offer a remote service to help employees with any issues they might be having.
To conclude…
Cyber-attacks have increased significantly over the past year and are showing no signs of slowing down. Cybercriminals don’t seem to have a specific target. In the news, we’ve seen cyber-attacks on personal, home accounts, large and small businesses, charities and schools. The list goes on.
We want to do all we can to keep our customers off this list. We offer a variety of services that can be tailored to suit your business. We are happy to recommend products and services, as well as detail what these include and how they can help. However, if there is a product or service that you wish to know more about, please don’t hesitate to call us today!
As further support, we are also posting about the latest threats and how to prevent them. We have been posting these on our blog, as well as on our social media channels. Don’t forget to share out tips and advice with friends, family, and other business owners. This way, we can all help to keep each other safe online.