A cyber attack on your business in 2021, sadly, is much more likely to be a case of ‘when’ and not ‘if’. So it’s important your business is prepared to deal with any attack, as well as knowing how you can protect yourself and your business.
What is cybercrime?
Cybercrime continues to adapt and grow, affecting essential public services, businesses and private individuals alike. It’s estimated that cybercrime costs the UK £27 billion, causing damage to businesses' infrastructure, supply chains and reputations. It even threatens national security.
The way we set up a business online has changed in the last 2 years and cybercriminals have continued to adapt their attacks to take advantage of the vulnerabilities that have opened up.
The cost of cybercrime against businesses in the UK
Whilst businesses have faced the cost of the pandemic in the last 18 months, they also face a bill of £8,460. This is the annual cost for businesses that lost data or assets after a cyber security breach.
With 39% of businesses identifying cyber security breaches or attacks in the last 12 months (according to the Cyber Security Breaches Survey 2021) - among that 39%, we also know that 27% were attacked at least once a week.
Unprepared staff are at risk of being caught unaware of the threats they could face online, with only 13% of small businesses training their employees on cyber security.
The most common cyber security attacks your business could face online
This is when attackers attempt to trick you into clicking a bad link that can download malware or direct you to a website that wants you to hand over personal passwords or account details. Whilst phishing messages are commonly sent as text messages, you can also get them via social media or by phone. But, the term 'phishing' is largely used to describe attacks that arrive to your email inbox.
Ransomware is a type of malicious software that threatens to publish its victim's data online or encrypt that data unless the victim pays a ransom to the hackers. Often demands are made in bitcoin for millions of dollars.
This is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software. This is mostly sent via email by cybercriminals who impersonate company executives or managers.
Weak passwords used by employees or using the same passwords across multiple accounts can cause data to become compromised. The National Cyber Security Centre (NCSC) recommends using 3 random words to create a strong, unique password that can be more easily remembered.
Protecting your business
Keep your social media profiles secure.
Whilst social media is a great way of quickly communicating and updating your customers, be careful about how much information you share with the public.
The national reporting centre for fraud and cybercrime, Action Fraud, received 15,214 reports of email and social media hacking between February 2020 and February 2021. 88% of victims were individuals and 12% were businesses who had their accounts compromised by criminals.
To stay secure, make sure you:
- review privacy settings and check them regularly as updates can affect settings
- think carefully about any images, videos and content that you share - are you sharing things in the background you do not want people to see?
Make your staff aware of the latest email and text scams
Your staff should be alert when opening emails and texts, especially if they are not aware of who the sender is. If you receive an email or text which is unexpected or seems unusual, even if it’s from someone you have spoken to before, you should encourage your staff to contact the sender directly to check if they have sent that message.
Your bank, the police, the NHS, HMRC and reputable companies will never ask you for sensitive or financial details of your business via email, phone or text.
To protect your business from scams, known as 'phishing', you should:
- never give out business information, financial details, or passwords in response to an unexpected email, phone call or text message
- think before responding to, opening attachments, or clicking links in emails or texts if they’re received from unknown sources
- make sure your IT department has set up spam filters on all your accounts
- always go to a website directly, by typing out the address yourself, when logging into any accounts
You should forward phishing emails to the NCSC’s suspicious email reporting service via firstname.lastname@example.org and forward phishing text messages to your network provider via short code 7726. Both will take steps to prevent these at the source.
Make sure your data is backed up
If your business is not regularly backing up documents and data in at least one place (online or offline) - this is your time to start. Having a backup minimises the risk of losing everything if you get a virus or become a victim to a ransomware attack.
You should back up your data onto:
- a USB stick
- an external hard drive, (the drive does not need to be always connected), as ransomware can infect devices connected to a network
- a cloud server. Make sure that your cloud password (and any backups) is a strong password and one you have not used anywhere else
If you fall victim to a cyber-attack - report it
If your business, charity or other organisation is experiencing a live cyber attack (in progress), you should call the police at any time on 101 or report the attack to Action Fraud on 0300 123 2040 immediately.
You do not need to be a computer expert to reduce the chances of your business becoming a victim. Make sure you’re making a habit of backing up and using strong passwords. These can:
- drastically reduce the chances of becoming a victim
- make you less vulnerable
- help keep your business secure online
The Cyber Resilience Centre works with small and micro-businesses through our free core membership. It’s a helpful introduction to cyber resilience and how to train you and your staff to be cyber aware.
You can also find further reading on the NCSC’s small business guide.