The outbreak of the Covid-19 and global lockdowns saw many businesses being thrown into a tailspin as they were forced to shift business operations completely online. Twelve months later and many are still grappling with frequent closures, new regulations and decreasing revenue. So, it’s no wonder that cyber security may have fallen down the list of priorities.
Yet still, cyber-attacks have increased dramatically since the beginning of this pandemic. A recent survey showed a 600% rise, with over 46% of global businesses having reported at least one cyber-attack since the shift to remote working.
The most common types of cyber attacks
Cybercrime is any type of criminal threat or activity that targets or uses a computer, mobile device or network to gain access to private data or financial information. This type of crime is primarily motivated by financial gain and has developed into a billion dollar industry in itself.
The most common forms that we see are phishing attacks where, for example, an employee may be sent an email pertaining to be from someone at management level requesting them to provide confidential company information. Another typical attack comes in the form of a malware or ransomware attack. This is where an email is sent containing a malicious file or link and if clicked or downloaded a program is dropped onto your computer with the potential for serious consequences.
The impact of cyber-attacks on a business?
The obvious negative effects of a cyber-attack are theft of private intellectual property and data, financial losses due to assets being accessed but also costs for repairs to network infrastructure and clean up post attack. Other side-effects, however, can be felt in a non-direct manner.
For instance, if you have suffered a data breach, under the GDPR, you will be obliged to disclose this information to the supervisory authority. This means that any such incidents cannot just be swept under the carpet and you could potentially be at risk of regulatory fines and sanctions.
Not only this but such an incident could greatly damage the company reputation. This is something that could have a long-term impact on your business as a recent survey indicated that 59% of buyers are more likely to avoid purchasing from companies who have suffered a breach or attack.
How can businesses protect against these attacks?
It may feel like an intimidating and daunting task to undertake but cyber security is a very serious matter and neglecting it can have serious repercussions for your business. With that in mind, we have created a simple checklist to follow so you have a place to start:
Do – Backup your files
Every business should build good habits around backing up of data. In the event of an attack, your backups are what could potentially save the business and allow it to carry on without huge issues or disruption.
Don’t – Do one backup and think you are safe.
Systems need to be backed up frequently. At least for every day that information has changed. It should also be stored both on and off site and recovery data tested regularly.
Do – Set up firewalls and anti-virus software.
Firewalls are a business’s first line of defence and offer a certain level of security, preventing dangerous and destructive incoming and outgoing traffic.
Don’t – Use firewalls and anti-virus software intended for personal use.
This type of software may be cheaper but it is not built to take the same amount of traffic and could result in slowing down the network, therefore, impacting negatively on productivity.
Do – Train employees on cyber security and outline company policies.
Employees at all levels should be fully educated on best practices and company policies in order to protect company data from theft, loss, destruction or malicious modification.
Don’t – Allow apps or programs to be downloaded without IT or management permission.
Installing third party apps and programs can cause serious security issues for companies due to the risk of infection from these unauthorised downloads. With sensitive data and information at risk, it is wise for company policies to prohibit downloads of such unless permission has been specifically requested.
Do – Implement multi-factor authentication and unique logins for each employee.
Trends suggest that this form of security, which requires two or more forms of credentials to be provided in order to prove identity, may take centre stage over the usual username and password style of gateway.
Don’t – Distribute the same password for access to all users.
59% of employees use the same or similar passwords across multiple sites and platforms. The impact of this is that if a password for one platform is compromised, it opens up all the others to attack also. It is vitally important that each user is given a unique password and that this password is changed on a regular basis.
Do – Develop an incident response plan.
In the event an attack does happen, it needs to be caught and managed as quickly as possible. This is why it is critical that each member of the team is briefed and trained so that they know what to do. The quicker an incident can be detected and contained, the greater the chance of minimising the damage.
Don’t – Assume that all threats are external.
Many smaller businesses assume that they are not at any great risk simply because of their size. This could not be further from the truth. There has been a significant rise in the amount of outside attacks on small businesses during the past 12 months, but we must also consider that not all threats are external. Many cyber security risks actually stem from within the company itself. In 2020, 95% of all security breaches were caused by human error.
Conclusion
This last example is a crucial point to note. The need for effective cyber security protocols for every business, regardless of size, is vital. Many attackers prey on smaller businesses as they are betting on the fact that they won’t have the resources to implement strong security protections.
No matter the size of the company there are always measures you can take to help protect against attack. Get creative and look at what is possible right now. There are more resources and tools available to SME’s than ever before.
Whether you keep your security management in house or you outsource, you need to be 100% sure that you choose someone that knows what they are doing. This is a very complex area with many variables so you need someone with experience and foresight to implement and oversee its management.
Cyber security is no longer an optional add-on, but a necessity for every business and an essential element of the overall business strategy as otherwise, it could end up costing the business greatly. An investment in the short-term could save your business in the long term.
Enlisting a cyber security specialist.
If you are concerned about the cyber security of your business or organisation, please don’t hesitate to contact us today for an assessment. Our experienced Dublin-based team are standing by to help you identify how you can protect your business from cyber attacks.
Contact us on +353 (0)1 8183272 or on info@calnet.ie.