How do I protect my business against cyber-attacks?

What should I actively be doing?

Light

The growth and development of technology in business during the last decade has completely transformed business. In a relatively short period it has revolutionised every business activity in almost every sector, industry and market, resulting in greater efficiency and cost savings.

This transformation and reliance on digital systems has however placed a huge reliance on the integrity of the technology, the internet and the systems in place to secure businesses’ online assets. It is this integrity, or rather the lack of it, which is fuelling an exponential rise in cyber attacks on businesses which may not only affect performance but can lead to total business collapse.

No company too small

Attacks are not limited to large businesses however. No company is too small to be the victim of a cyber attack. Hackers don’t just want to steal money from the company they are targeting, they may be looking to step onto a larger company and 80% of hacks at larger companies start in the supply chain.

These suppliers provide an easy route into the larger companies because the defences between the main company and its supplier will also be weaker than the external protection of the larger company.

Spoofed internal emails

One of the most common and simple attacks involve bogus invoices or requests for payment. Huge damage can be created with a stolen or ‘spoofed’ email address. For example, the financial department receive a ‘spoofed’ email supposedly from a senior board member asking for a cheque to be paid into a certain account.

The financial department doesn’t query the request as it appears to be from a senior executive and the cash is transferred, never to be seen again. A recent IoD report claims that 72% of businesses have been the victim of bogus invoices.

The perception that the majority of cyber attacks emanate from Eastern Europe or China is far from true. Insiders are responsible for as many as 60% of all data breaches courtesy of either good old human error or deliberate action.

Measures to protect your business

In addition to awareness of the threat and internal vigilance what can you do now to protect yourself further? Proactive management, education and a company-wide security culture will go far in countering the threat, while at the same time ensuring more trained eyes to help counter potential attacks and enhance overall business resilience. Specific measures you should consider include:

1. Having a cyber insurance policy: This makes good sense, but it is by no means a silver bullet and may not cover all outcomes such as reputational damage.

2. Contingency planning: Boards should plan how they would react to different scenarios and have a mitigation plan for when their business is hacked or compromised. It is important that all departments are involved in this; cyber security is as much an HR issue as an IT one.

3. Awareness: Senior managers should ensure all employees are cyber aware and alert to scams and social engineering, including not sharing passwords or memory sticks and are aware of public Wi-Fi risks.

4. Supplier Integrity: Cloud and IT providers must demonstrate the integrity of the security protocols they have in place and their disaster recovery plans.

5. Audits: Conduct a data audit to classify your most sensitive data.

6. Antivirus: Always have up-to-date antivirus software and check that all mobile phones and tablets have antivirus software installed.

Technology and the internet have delivered huge benefits, providing huge potential for businesses to flourish and opportunities for new forms of on-line enterprise to enhance our lives. But with the benefits come the risk to the security of on-line resources and assets.

Regulation is on the way to ensure business leaders are taking steps to ensure their on-line resources and assets are properly protected, with sanctions against those who don’t comply. But the largest sanction of all is your business being targeted and disappearing overnight.