30 September 2018
The world is changing. Twenty years ago, even a decade ago, business security meant shutters over windows and secure doors. It meant barred windows at banks, vaults and safes.
Now, securing a business is entirely different. Whilst, of course, physical security is as important as ever, now we have the invisible layer protecting our online presence and the modern world’s most valuable asset: data.
Data has been coined ‘the new oil’, such is its extraordinary value in the modern world. Yet, all too often, many still don’t understand the importance or methodology for keeping it secure. Both our personal data and that of our customers is incredibly valuable.
In this day and age, especially with GDPR now in force, a data breach could be catastrophic for a brand. Yet, we’re seeing more businesses targeted; look at BA who had a hacker swipe the details of 380,000 customers over a 16-day period. Currys Digital has also been hit this year, Superdrug too.
In reality, it’s a case of ‘when’ you’re targeted rather than ‘if’ these days. Cybercriminals are becoming increasingly intelligent and proactive. At one end of the scale, you can buy attacks online for a few pounds, targeting whoever you please. At the other end, incredibly intelligent hackers are able to find holes in your technology to access data, and use clever phishing techniques to trick you into sharing login information or personal data. As soon as a piece of technology is launched, hackers are looking at ways to break into it.
With reports showing that 74% of hacked companies are SMEs and that 60% of SMEs hit by a cyberattack go out of business within six months, there’s no wonder that the global cost of cybercrime is expected to top £2.1 trillion in 2019.
So why are so many businesses still unprepared? The latest government stats in the Department for Digital, Media & Sport Cyber Security Breaches Survey 2018, show that just 27% of businesses have a formal cybersecurity policy in place. Despite the introduction of GDPR and the number of recent high-profile attacks, that number has dropped from 33% in 2017. And only a third of businesses have a specific job role that includes information security or governance. It’s astonishing really.
When you pair this with stats featured in research from Verizon, which showed that 58% of malware attack victims are small businesses, it doesn’t tally that the number of formal policies have decreased.
National Cybersecurity Month
This week spells the start of Cybersecurity Month, a month dedicated to raising awareness and helping secure the internet.
There are a few simple practices that you can put in place to protect yourself that seem incredibly basic but actually create the foundation for strong cybersecurity. These include:
These are the absolute bedrock of strong security! Unfortunately the most used passwords in 2017 were ‘123456’ and ‘password’. Passwords should be long, include capitals, numbers and symbols at the very minimum. Consider two-factor authentication too, which adds another layer of security to your logins.
As they say, ‘knowledge is power’. Make sure you’re up to date with the latest threats; do you know what phishing is? Do you know what ransomware is? How can you protect yourself against something if you don’t know what it is?
How many times have you clicked ‘later’ on that update pop-up? These are essential updates that often patch flaws in your system’s security. Whether it’s on your phone or laptop, update now! You should have a system in place for your business tech, if not, look at how you can automate patch updates to make them easier. Speak with your technical teams about how and when updates are rolled out. Have a strategy to make sure it happens.
Educate your team
According to the ICO, four out of five data security incidents in the final quarter of 2017 happened because of human error or process failure. Of course, it’s difficult to change human behaviour and break bad habits, so it’s important to get your team together in a group to discuss the risks and how to avoid them. Teach them what to look for and best practice to secure data and avoid costly mistakes.
Bring in the experts! Ethical hackers use the same techniques as cybercriminals to look for gaps in your security and come up with ways to help you to secure them before someone can use them to break into your systems.
Reach out to your hosting provider or to a cybersecurity company that can help you put together an ongoing cybersecurity strategy for your business.
Throughout this month, the team at UKFast and Secarma are set to share content to help you increase your business and personal cybersecurity. Share your tips in the comments below. Ultimately, the only way we can improve online security is through working together and sharing the knowledge we have.