In the most recent UK Government cyber crime survey, 39% of businesses said they had identified an attempted cyberattack in the past 12 months, with 31% of those reporting attacks saying they were attacked at least once a week. And, that’s just the businesses that have noticed they’ve been attacked.
Unfortunately, these attacks are not just frequent, but they can have a devastating impact. A cyberattack can cause a full stop to operations, a customer data breach (and a resulting loss in customer confidence), or result in the theft of intellectual property. They are also costly, with the average data breach costing £120,000* for small to medium businesses and even more for large international companies.
As part of Counterpoint's work providing Apple Mac IT Support for our clients, we often advise on cybersecurity or work with clients to create and support a cybersecurity policy, so we've created a new comprehensive guide for business owners and leaders to help protect your business. You can click here to download the guide, but read on if you'd like a little flavour of what you will get.
Know Your Enemy
On average, it will take businesses 66 days to discover a cyberattack if it was successful, and with a 600% rise in cyber crime since 2020 and the start of the pandemic, UK businesses need to know what they are up against to stand a chance of protecting their customers, assets and bottom line.
While the full guide contains a comprehensive list of threats we see on a regular basis, here are some of the most common ones that you are likely to see:
The most common form of cyberattack, with over 80% of attacks reported in 2020. Phishing is simple. You receive an email containing a link or attachment, and following the instructions in the email will lead you to reveal confidential information or allow access to your network. Phishing attempts are often disguised as a genuine email; for example, you might get an email asking you to reset your network password "for security reasons" but this actually is just prompting you to share your password with a malicious third party.
Often delivered using phishing, ransomware is a type of virus that you unknowingly install on your computer that will lock away access to your system or your data storage to ransom access back to you. Often you find that victims of ransomware are stuck high and dry, even if they pay the ransom, as there is little motivation for the criminals to unlock the data after they've been paid.
Password attacks - passwords are often thought to be a reliable method of securing your confidential data or access to business systems, but they are only as secure as the people who know that password. Many users will even write down or share passwords, and then all a potential criminal needs to do is walk into your office or look through your windows to see a sticky note somebody uses to remember a password. Also, 73% of businesses' passwords are duplicates, used for multiple logins. With this, a criminal only needs to capture one password and then could gain access to all sorts of private systems and information.
Keeping Your Business Safe - What Does 'Good' Look Like?
Your business will likely have a lot to lose in a cyberattack, so it's important to have policies and procedures in place to safeguard against these attacks. Our essential guide has an 18-step process that you can implement in your business to get a bulletproof cybersecurity policy in place, based on the UK Government's Cyber Essentials scheme and the Center for Internet Security's CIS Controls best practices. Here are a few steps as an example:
Data Protection - you may be familiar with the concept of protecting data from a GDPR perspective, but there is also a security concern here. Also, ensure you take into account that data is not just on your company servers, but with software like Slack, Google Drive, and others becoming increasingly popular a large portion of data will be stored online in the cloud. Ensuring good password protocol is followed and protecting your local data from theft is a considerable deterrent to cyber criminals looking to steal data.
Malware Defence - is the process by which you protect your systems and networks from installing and executing malicious software or scripts. Our guide has seven steps to defend your systems against malware, for example, disabling the use of removable media on company assets. With over 350,000 new malware signatures detected by preventative measures every day, it's vital that your systems be protected and that protection is constantly updated.
Staff Training - as we discussed earlier, staff can, unfortunately, often be the weak link when it comes to cybersecurity. Reusing passwords, allowing non-staff into company offices and falling for phishing attempts are all avoidable mistakes you can train staff to defeat. Social engineering, in particular, can only be foiled by staff knowing what to look out for.
5. Cost Savings
Investing in cybersecurity may initially appear as an additional expense, but the long-term benefits outweigh the costs. Cyber Essentials certification helps your business identify and address security vulnerabilities at an early stage, reducing the likelihood of costly cyber incidents. By preventing data breaches and other cyber attacks, your business can avoid financial losses associated with data theft, regulatory fines, reputation damage, and legal disputes. Furthermore, insurance providers often offer reduced premiums to Cyber Essentials-certified businesses, recognising your commitment to cybersecurity and risk reduction.
Would Your Like To Know More?
Protecting your data and your business is a complicated and daunting prospect. To support UK businesses in their efforts to protect themselves from cyber crime, we've created an extensive 39-page guide entitled CyberSecurity Essentials For Business Owners that is designed to demystify cybersecurity, even if you're a technophobe.
If you'd like to take the next step and safeguard your business against the growing threat of cyber crime then download our guide and start your journey to cyber safety.