The truth is all businesses are. Cyber criminals can infiltrate businesses of all sizes – if they can find a vulnerability to target.
The Department for Digital, Culture, Media and Sport Cyber Security Breaches Survey 2020 has revealed that one in five businesses targeted for an attack experienced a negative material outcome, losing money, data, or both.
The fifth edition of the report warns that “the extent of cyber security threats has not diminished” while figures show that cyber attacks have “evolved and become more frequent”, with almost half of businesses (46%) reporting cyber crimes in 2019.
If your business wants to improve its cyber security strategy and, we have collated a list of major risk factors that could put your business in the firing line.
Modern working practices
Remote working is now one of the most desirable benefits an employer can offer. Giving staff the freedom to work wherever they want is a great motivation for staff. However, according to the Department for Digital, Culture, Media and Sport, the rise of remote working could leave your business at risk. Within the Cyber Breaches Report 2020 it states:
“while most organisations have certain technical controls such as secure configurations, firewalls and malware protection, they are less likely to have formal cyber security policies – particularly ones covering home working or what can be stored on removable devices.”
As well as creating a Bring Your Own Device (BYOD) policy, it is essential that you continually review access control.
This means ensuring that your employees only have suitable access to the files and tools they require, which will help to protect user accounts and prevent the misuse of access privileges.
Your business should be reviewing your staff’s level of access to applications, computers and networks regularly.
Backing up your data
Your business should always prepare for the worst when it comes to cyber security, which is why backing up your devices is vital.
You can do this safely by copying or archiving files to a separate location, as cyber attacks can leave systems, files and data corrupt or they may be held to ransom. Having your data and files backed up means you will be able to restore any important systems or files.
Backups play a crucial part in the recovery process after a cyber attack. It is essential that at least one of your backups is off-site or isolated from your network so it cannot be attacked or deleted during a cyber attack.
If you think about the amount of personal data your organisation holds on employees and customers, the loss of this data would be devastating as well as destructive to relationships.
Lack of employee training
Your employees are your first line of defence against cyber attacks. Every worker should be provided with basic security advice, e.g. beware phishing emails, avoid using public Wi-Fi, and ensure home Wi-Fi routers are sufficiently secured.
Cyber criminals can target your employees in several ways, and an error such as clicking on a malicious link or opening an infected attachment could do serious damage to your business’ data. It is important that regular cyber security training is held and that your team is aware of the most common threats.
Cyber security and senior management
The Cyber Breaches Survey also revealed that 66% of senior managers are updated on cyber security (at least) once a year.
Cybersecurity is a CEO-level issue. It is vital that leadership teams are involved in cyber security regularly. If your business is not engaging at a leadership level, it should make sure that it is investing time into this.
Make sure your leadership team are actively involving themselves with matters around cyber security and make them aware of the need for a cyber risk assessment and a strategy that will help to combat the ever-growing threats. If senior management do not buy into a cyber security strategy, this could leave your business at risk, which will inevitably cost the business money and valuable time.
The National Cyber Security Centre recommends that you keep all your devices and systems up to date. This process is often referred to as ‘patch management’ and it is a requirement of Cyber Essentials certification that all devices, software and apps are up to date.
This is a simple and easy way to reduce risk. The Government recommends setting devices to automatically update where possible. Remember, system updates don’t just fix bugs, they also increase security.
Reduce risk with Cyber Essentials
Officially backed by the UK Government, Cyber Essentials is a great solution for businesses looking to improve their cyber security settings and standing. By implementing five simple key controls, you can protect your business from up to 80% of common cyber security threats.