Information technology (IT) is the broad subject concerned with all aspects of managing and processing information across an organisations infrastructure, which can include physical: hardware; operating systems; applications; databases, storage; servers and even telecoms technologies.
Cyber Security is designed to protect systems, networks and data from cyber-attacks intended to commit fraud, steal intellectual property or even disrupt an organisation from functioning or cause damage to companies’ physical infrastructure or areputation.
What is the consequence of not implementing a Cyber Security strategy?
Cyber-attacks can disrupt and cause considerable financial damage running easily to many tens of millions with the average cost per UK organisation being £2.5M reputational damage. Whilst hard to quantify financially, can be yet even more costly.
Incidents of all types of cyber-attacks are on the rise, ransomware attacks (designed to hold a company’s data as the hostage) increased 91% in 2017 and is predicted to cost $5B globally this year.
It is not a matter of ‘if’ but ‘when’ your organisation will come under attack. Most likely it has already happened, but if you don’t have the mechanisms in place to recognise and alert you to an attack you could remain in a blissful state of denial not knowing what has happened, what has been interfered with or what the cost has been.
Where do I start?
Understand your risk. Build a risk register of importance to your business, understand what systems are critical, what data you hold, where and how do you hold it. Consider what might happen in the event of losing yours or your clients data? What would be the impact if your systems weren’t working? What would fraudulent payments do to the cash flow?
Once you understand your risks, you can put in systems to mitigate them and focus your efforts on protecting those most critical.
Our experience shows that prevention is always far more cost effective that curing.
Focus on making small changes that make the biggest impact.
- Turn on two-step verification for email.
Email theft is one of the biggest cyber-crimes. The major hacks making headline news have led to a massive number of stolen login IDs and passwords for sale on the dark web.
To protect users from hackers who have access to stolen identities, most email providers offer two-step verification. If yours doesn’t, switch to one that does.
- Don’t click that link
Ninety-one percent of cyber-attacks and the resulting data breaches begin with a spear phishing email. A spear phishing attack — essentially a fake email — might pretend to be a customer support representative asking a user to click a link to change their password ‘for security’.
Or an imposter might look like a CEO who is asking one of their finance employees to send money under their instruction to a customer.
- Poor password practices
Weak passwords make it easy for hackers to guess correctly or use simple password-cracking tools to access email and other user accounts. Ensure your organisation insists on passwords with a high degree of complexity (Minimum 8 characters, at least one uppercase, lowercase and special character). Consider making available a password manager.
- Back up your data regularly
Ransomware is a malware that infects computers and restricts their access to files, often threatening permanent data destruction unless a ransom is paid. An attack of this nature can result in permanent loss of data compromised. The best way to thwart a ransomware attack is to back up files.
Regular communication with staff highlighting the need to be vigilant with emails with attachments and links can be a highly effective way in preventing issues.
If you are ever in any doubt or feel that any of these tips are outside of your skill set, seek professional advice. Most SME’s outsource their IT support, let alone employ a full time cyber security expert. We are not suggesting you should, but having a consultant do an audit, is not a costly exercise and worth the peace of mind it brings.