Stop! It’s here. Steer clear of ladders, don’t cross a black cat, don’t dare break a mirror, and for goodness sake, get those new shoes off that table! Yes, you’ve guessed. It’s Friday the 13th.
Apparently one in six Britons describe themselves as superstitious, and if you find yourself following this herd you’ll be glad to hear that this is the last one of these blasted days that you’ll have to endure this year.
So when it comes to business security, is it safe to adopt obscure rituals, cross your fingers and hope you don’t succumb to a Cyber Attack?
As a Managed Service Provider we work with a number of businesses and see the significant impact successful attacks can have.
There’s nothing to suggest that the threat of an attack is any more likely on a particular day, although you could argue that some twisted minds may seek the kudos of a memorable day like Friday 13th for a widespread hack.
Sadly threats are appearing everyday but the real question is whether becoming the victim of cybercrime is a case of bad luck or just bad planning?
It’s on the increase
We all know Cybercrime is on the increase. Reports of ransomware, viruses, and spyware attacks on businesses fill our news feeds daily, but have you fallen into the trap of believing it’ll never happen to you?
Sadly, there is a really good chance that it will.
Earlier this year, the government published the results of their Cyber Security Breaches Survey 2017 which showed that ‘nearly half of all UK businesses suffered a cyber breach or attack in the past 12 months’. This was even higher in larger firms and figure showed year on year increases overall.
More worrying, is that despite increased attacks and coverage it also revealed that ‘a sizable proportion of businesses still do not have basic protections or have not formalised their approaches to cyber security.’
So as figures like these show us that the likelihood of experiencing a Cyber Attack are increasing combined with the greater exposure, it seems fair to say that we can no longer put our head in the sand. Preventative action is required.
Clever business professionals
Cyber criminals are quite simply clever business professionals, but on the wrong side of the law. The image of a lone wolf in a back bedroom experimenting with code has been joined by focused entrepreneurs rolling out developed business models with call centre’s full of employees processing illegal data for profit.
The survey revealed that the most common types of breaches were related to staff receiving fraudulent emails (in 72% of cases where firms identified a breach or attack).
What kind of attacks?
Spear phishing emails that cleverly appear to be from senior colleagues, often directors requesting bank transfers can prove very profitable for cyber criminals.
Ransomware attacks that ask thousands of small businesses for comparatively low ransom amounts to release their data are proving to be a more profitable business model than the effort of going after one big organisation for the full amount. The trouble is, a ransom demand that might be pocket change to the big boys, could be a critical amount for your business.
Small to medium sized businesses are becoming easier targets than larger organisations due to their lack of understanding and low defences. Criminals are attacking them on mass and seizing every opportunity to infect their systems with viruses, and malware. Relatively low ransomware demands across thousands of smaller businesses can provide better rewards for their efforts than trying to target one larger enterprise.
Don’t under estimate the value of data
In the Security Breaches Survey, there was also a common theme amongst those senior managers who believed they were low risk for a cyber attack, with a common misconception that those likely to be targeted were businesses who offered online services. However, all data has a value.
Consider the value to your business if you could no longer access it due to a ransomware encryption. Also consider the value of the date you hold about your suppliers and clients and how accessing that would lead criminals to an even bigger piece of the pie. It isn’t always about you, it’s about how they can use you to get further and achieve more.
‘Three in ten of those who say it is a low priority for senior management say this is because they do not have online services (29%) and two in ten feel they have nothing worth breaching (22%).’
What can you do?
If you don’t do anything, you are leaving your business wide open to disaster.
The grim truth is there’s no guarantee if you do implement a strategy that you can stop an attack. However, the aim is being able to mitigate the impact on your business.
You can’t stop someone breaking into your home but you can still fit the best locks on the doors and make it damn difficult for them to get in and steal your valuables.
So if disaster strikes, what would you do if business files were encrypted with ransomware? Do you pay the ransom to retrieve them? We would always advise not to do this in most cases. But you need a plan B. You need the reassurance of knowing you have good backups and a sensible disaster recovery plan in place to restore your systems to get you back up and running.
To ensure you are doing all you can to help protect your business, it’s recommended to sign up to the Government backed Cyber Essentials certification scheme. Going through the certification process will force you to audit how cyber secure you are and what you need to do to correct any gaps. Achieving certification will also improve business opportunities as more and more businesses set it as a standard as to who they will choose to work with.
Bad luck generally refers to unforeseen trouble. Sadly in 2017 Cybercrime is not an unforeseen trouble, more an expected nuisance requiring a plan to mitigate its impact.
So while opting for your lucky pants and permanently carrying a rabbit’s foot around are one way of approaching your business security, we suggest you take a serious look at what you need to do to build your defences.
It is also advisable to speak with an IT Provider who can offer accurate advice and devise a cyber security strategy with you.
Key points to think about
- Cyber Criminals are clever business professionals. They are running successful businesses with call centres, large teams and investors. They are not going away. If anything, the numbers will only increase and the established ones will get better.
- Your data has a value to you and to criminals. What would you do if you lost access to it or had a breach with data you process on behalf of third parties?
- Doing nothing to secure systems will leave you wide open to an attack.
- Failing to ensure you have good backups and a Disaster Recovery Plan in place will mean you could lose everything should you suffer an attack.
- Educate your teams about the importance of Cyber Security. Introduce specific training shows them what to look out for and best practice when dealing with business data.
- Achieve Cyber Essentials or Cyber Essentials Plus Certification.
- Don’t leave it to chance. Put a plan in place.