What is Cyber Security and Why Should Your Organisation Be Concerned?

Not long ago, cyber security would have been left to the IT department to think about. To most people, Cyber security simply meant having the right firewalls and antiviruses in place.

Office workers

Now cyber security has pushed forward to the forefront of every business’s mind and cannot be ignored.

Did you know that the iPad has only been around since 2010? This highlights how fast the world is advancing technologically. The digital era allows organisations as well as individuals to do far more online but with that comes the threat of a data hack or breach.

So, what is cyber security?

Cyber security is the practice of protecting anything connected across a network from hardware (laptops, desktops, servers) and software (communication and work applications) to data that is moving or at rest. It can also be known as information technology security or electronic information security.

Why should your organisation be concerned?

Every business is at risk of a cyber attack. The rise of technology has brought a rise of cybercrime.

A new survey of executives by the World Economic Forum (WEF) highlighted that cyber attacks are the biggest concern for businesses in Europe, Asia and North America. The responses showed that companies fear hackers will threaten their business over the next ten years.

One of the most obvious reasons for becoming concerned about cyber security is the increasingly digital world. The more we digitalise business, the more we digitalise our everyday life. Every device that has data or information regarding your business or personal information about your customers is another avenue for a malicious hacker to access your system.

An attack could be a costly issue that you cannot avoid.

Customers lose faith in companies that have been hacked and customers are becoming increasingly aware of the risks of putting their details online. Organisations need to prove to these users that they are secure and trustworthy.

“Cyber attacks are seen as the number one risk for doing business in markets that account for 50% of global GDP”

Lori Bailey, a member of the WEF’s Global Future Council on Cyber-security.

Hackers

Hackers tend to come in two forms. One is the “script kiddie” who will release ransomware on a single computer, looking for a modest pay-out. The other type is the “state-sponsored” hacker. This hacker is one who has turned to cybercrime as a form of war as it is faster and easier than traditional conflict.

In recent years, there have been so many hacks and data breaches that it is easy to produce an array of household names that have been affected.

The UK National Health Service cyber attack, otherwise known as WannaCry, is one of the most notable attacks which pushed the NHS into total disruption. The aftermath of this highlighted that “basic IT security” was not in place – if it had been then this attack could have been prevented.

Under Armour’s mobile application MyFitnessPal was hacked in late February for usernames, email addresses and passwords for around 150 million users. Under Armour had strong data protection so customers’ information such as birth dates and credit card details could not be accessed by hackers.

However, although they had used a technique called hashing on some of the passwords using the robust function called bcrypt, the rest were protected by a weaker hashing scheme called SHA-1, which has known flaws. Hackers were able to crack this and were able to steal these passwords.

Other high-profile hacks include British Airways, Ticketmaster, Facebook and HSBC.

What should your organisation do?

  1. Create strong passwords

Cyber attacks can begin by simply guessing an employee’s password. One of the most secure techniques is to create a reminder or secret message, such as taking the first character and punctuation from each word of a sentence.

Passwords should also not be written down, shared or used across multiple sites. If hackers obtain your login for one site, they will try it on other accounts. This means a hack on email could lead to a breach of your organisation’s systems.

Password managers such as LastPass and 1Password  can keep track of unique passwords.

  1. Back up your files

The cyber attacks mentioned above highlight how critical backing up data is. If your system is locked by a cyber attack, having an external copy can help your organisation get back up and running. Our blog on backing up your data is a good starting point.

  1. Be aware of phishing scams

Phishing scams attempt to pose as a trustworthy source to get people to hand over personal information. If you or your employees fall for one of these, your organisation could be exposed to a cyber attack. You can read more here.

  1. Protect physical assets

Organisations often overlook keeping their physical assets secure. This means stopping unauthorised personnel from entering your business where sensitive information is stored. Furthermore, companies should stop their own employees leaving the office with documents, USB sticks or laptops that they shouldn’t have.

  1. Train your staff

“A leading cause of security breaches is a basic human vulnerability: our susceptibility to deception. Hackers exploit this vulnerability by sending phishing emails that induce users to click on malicious links that then download malware or trick the victim into revealing personal confidential information to the hacker.” 

From a study published in the Journal of the Association for Information Systems

Training your staff is one of the most fundamental steps you can take. You can read our blog here.

 

Cyber Essentials

Cyber Essentials provides organisations with clarity about the essential security controls they need to have in place to reduce the risk posed by threats on the internet with low levels of technical capability.

Obtaining Cyber Essentials certification takes just three simple steps:

  1. Purchase your chosen level of certification – Cyber Essentials or Cyber Essentials Plus.
  2. Complete your Cyber Essentials self-assessment questionnaire and upload for review by BiP Solutions (Certification Body).
  3. Once your self-assessment questionnaire submission is approved, the awarding body, QG Business Solutions, will post out your certificate.