Cyber security is not just for large super brands; it is a big concern for us all, so whether you are a start-up or a large enterprise, the problem is just as real. It is a growing problem that could cost your business thousands or millions if you lost your most important or valuable business data - not to mention the damage to your reputation.It is now the norm for everyday business transactions to be made online, couple that with a remote employee connecting to your business, together with online collaboration across companies, and we see why the risks continue to grow. The moment your business interacts with a remote device, machine or computer on another network, whether that is owned by another company, or at your employee's home, the risk to your company IT network and the data it holds increases if you do not have sufficient protection and procedures in place.
Last night the BBC’s Crimewatch TV programme revealed the scale of the problem, highlighting that in 2015/16 there were 5.1m online frauds and 2.5m cybercrimes reported to the Crime Survey for England and Wales.
With the tools and techniques of these attacks developing continuously, your IT security is not a topic you can fix and forget - it is a continual process and one that is every employee's problem, not just the IT department.
These attacks manifest in many ways:
- Denial of Service, which causes a loss of service to users
- Network spoofing, which invites users to seemingly harmless wi-fi networks
- Ransomware, which maliciously encrypts data on your company servers, holding it to ransom
- Hacking, where criminals exploit a vulnerability within the network to gain access critical data
At a minimum, corrupt or lost data has the potential to cause considerable inconvenience. Employees and customers may need to change passwords and (if financial details have been exposed) card details; more problematic, you could lose your customer altogether, and be subject to fines from a regulator.
Information published by Gemalto’s Breach Level Index suggests that 3.6 billion data records have been compromised worldwide since 2013. Also, there is a growing evidence which suggests that small businesses are being targeted by cyber criminals, as seen with an increase in the scale of malware attacks. Often, we only think about the actual issues caused by the attack; we do not reflect on the longer term business impact, such as:
- Theft of financial information
- Internal disruption
- Loss of trust
- Financial penalties
- IT costs
It is impossible for any business to be 100% secure; however, it is essential that businesses not only have a security solution in place, which will reduce the risk, but they should also have appropriate planning in place to address breaches if or when they occur.
Employees are a vital part in the defence of attacks. They also need to be made aware of your security planning and the role in which they have to play to reduce your company’s susceptibility to an attack and, in the event of a breach, to lessen the scale of its impact.
Despite increased concern and spend over the last year, there is a high degree of complacency and few common practices in response to this threat. This complacency in business is likely to lead to confusion in prevention and dealing with such an attack.
Are you doing the right things to prevent an IT security issue?