Cyber-security. It's on the tip of every business leader's tongue during the pandemic, with companies of every size having to set aside budgets to ensure they meet their data protection responsibilities post General Data Protection Regulation (GDPR).
Whilst the initial anxiety and panic over GDPR has now passed, in the wake of the Coronavirus outbreak, businesses of every kind now have an increased threat of cyber-crime... and of course, with new regulations introduced last year, there could be hefty fines should there ever be a data breach.
Ignoring the risk imposed by cyber-criminals could end up costing your business hundreds of thousands. The recent fines issued to British Airways and the Marriott hotel chain for data breaches (totalling almost £300m) are a harsh reminder that even huge, well-advised firms are not immune to slip-ups regarding GDPR.
However, it is not just the hefty fines that businesses are desperate to avoid. Cyber-attacks can immobilise your core systems and cripple the reputation of your business - with the added pressure to protect your brands image more important now that COVID-19, it is vital that your SME takes the steps required to protect itself. To better understand the true significance of the cyber-security threats your SME may face, here are some important stats from the Cyber Security Breaches Survey 2019.
- Around a third of businesses identified cyber-security breaches in the last 12 months.
- The average annual cost to businesses that lost data or assets due to breaches was almost £4200.
- 27% of businesses used vital staff time to deal with breaches or attacks, with a further 19% of businesses having staff unable to carry out their daily work due to a breach.
- 78% of businesses say that cyber-security is a high priority for their organisation's senior management.
The scaremongering of last year served a useful purpose at least, with huge conglomerates as well as SMEs tightening the reins around their cyber-security efforts in response. But there is no golden fix that allows businesses to remain protected at just the click of a finger indefinitely. Instead, your SME must be determined to continually protect its systems at all times and this, of course, requires ongoing vigilance. If your business has not reviewed its cyber-security strategy since the pandemic begun, it is advised that you do so now to help protect your organisation from the possibility of increased attacks.
We have outlined the different ways in which you can protect your SME from cyber-attacks moving forward so that your business can feel confident it is doing everything it can to adhere to GDPR. We understand that cyber-security solutions do not always come cheap, but with both secured and unsecured commercial loans available to support your SME, prevention of these attacks should be a top priority during and after the Coronavirus situation.
1. Carry Out An Annual Systems Penetration Test
At a minimum, your business should conduct a yearly external penetration test on all IT systems to pinpoint any potential weak areas and subsequently address them. By identifying the vulnerabilities that cyber-criminals could use to exploit your company, you will be safeguarding both your customers and business. If your business has not performed a systems penetration test since the Coronavirus outbreak started to spread, ensure it is done as soon as possible.
A systems penetration test will involve assessing your entire network for weak points and security issues in every device, server and host within your business. If you do not have the in-house expertise to undertake these important tests, there are companies out there who can do so on your behalf.
Threat management solutions might not come as cheap as most businesses would like, but they are crucial in protecting your SME from dangerous cyber-attacks that could destroy your entire brand in one fell swoop. If you are concerned about criminal hackers identifying weaknesses in entry points of your network, it is advised that you consult with experts who can assist in bolstering the cyber-security efforts of your business.
2. Educate Your Workforce
Your focus should be on training all employees in exactly how to keep the systems and data of your business protected. Believe it or not, human error is the leading cause of cyber-security data breaches and not the genius, light speed coders we envision whenever someone mentions the word hacker.
Teaching all employees how to accurately spot scams and cases of phishing is possibly one of the best defences your company has during this outbreak. Prioritising the delivery of security awareness training is the key to ensuring your employees are confident in cyber-security best practices.
But the old school approach of compiling legions of wordy information and delivering it with a drawn-out powerpoint presentation will not have the desired effect. The best way to ensure your business has cyber vigilant employees is to deliver awareness training in bite-sized modules. Each employee could be asked to complete visually engaging modules as part of their workload over the next week or two to help make sure every employee in your company undertakes the vital cyber-security training needed to protect your business from cyber-criminal activity.
3. Limit Access To Important Data and Information
Training all the employees working within your business should, of course, be your priority, but that is a strategy that will take time and given the urgency of the situation, it makes sense to limit access to important data whilst employees are working remotely.
If your business has new starters, you must limit access to all user data and information until you are confident that each employee is in the know regarding how to protect your business from the security risks posed by cyber-crooks. If there is capacity, it is a good idea to conduct online training for your new starters in place of face-to-face IT guidance.
No business is exempt from the threat of human error and the costly fines slapped on huge household names last year perfectly demonstrate that every business can become a victim if they fail to take preventative measures.
4. Use Spam Filters To Deter Cyber-crime Efforts
The most common attack vectors that cyber-criminals systematically exploit are emails and opportunities that arise from remote desktops. Email security should be one of the first places your business starts in its bid to protect itself from cyber-crime during the COVID-19 pandemic.
A common tactic hackers use are embedded hyperlinks in emails that direct the recipient to websites where they are encouraged to either provide personal data or download files that contain dangerous malware. These scams, referred to as phishing emails, are one of the biggest problems for businesses currently, with phishing attacks accounting for 90% of data breaches.
For mid-sized businesses, the average cost of a data breach through phishing equates to a shocking £1.3 million and that cost is set to rise with more than 1.5 million new phishing sites being launched each month. In fact, according to Comtact, phishing attacks have impacted 76% of businesses in the UK and those are stats you simply don't want to ignore.
Phishing attacks on businesses have surged by 667% due to the Coronavirus pandemic, so it is essential that you teach your workforce how to identify a potential phishing scam so they can take active measures to help protect your organisation
Your business should implement advanced spam filters and if possible, DMARC email authentication solutions. The latter will enable your company to protect itself from email spoofing which is crucial in today's cyber-crime era as email impersonation attacks are on the rise.
To stop your employees accessing websites that harbour ransomware, there are additional steps your SME can take. Ransomware is a dangerous reality for every business right now and it is the worst kind of malware that your business can encounter. This type of viral program will encrypt critical system files on a device or even an entire network and render them useless until the demands of the hacker are met.
These kinds of preventative measures can sometimes come at a cost. Cyber-security solutions are not cheap, but they are certainly a lot cheaper than the payouts you'd be required to make to the ICO in the instance of a data breach. Our Cash Flow Finance product would enable your SME to make the security changes necessary to protect your data and ultimately, your business. With this unsecured loan, you can borrow up to £150,000 and pay the loan back comfortably over several years. For a complete overhaul of your systems that may include hiring additional staff and equipment, a secured business loan will provide larger amounts with terms lasting up to 7 years.
5. Put An Emphasis On Patch Management
One of the most common ways for hackers to hold your business hostage is by identifying vulnerabilities that arise from unpatched systems. Your organisation must constantly update software as these updates are designed for a reason - that is, to patch up a problem or 'bug' that already exists in the software program your business currently uses.
Those incessant Windows updates might seem pointless and that is perhaps why research demonstrates that so many people still ignore repeated security warning messages. You and your employees may well be tempted to click on that "remind me later" button again and again, but putting off software updates can be a huge mistake for businesses - and one that costs yours more than you'd like to even imagine.
Software patches are what will help keep your systems protected from hackers during this uncertain time. The patches included in updates are fundamental to addressing any software vulnerabilities your network might have and if you can be sure of anything, it is that cyber-criminals will take complete advantage of those security holes, should they find them.
For more SME advice regarding the Coronavirus situation, take a look at the additional resources on our Coronavirus Hub.
1 April, 2020