A cyber-attack can have disastrous consequences, particularly for Small and Medium Enterprises (SMEs). A recent study from the US’ National Cyber Security Alliance found that 60% of small businesses that suffer a cyber-attack are out of business within six months.
From spam emails to angry employees and connected devices harvesting your data, it is becoming increasingly crucial to protect your business. Any company with an IT infrastructure is at risk – even a small independent garage in Norfolk or an MOT station in Scotland.
What are the most common cyber-attacks?
■ Email hacking/phishing – if someone in your company clicks on or replies to one of these, they may activate a Trojan horse software which will operate on their web browser. Mirroring the key strokes of the user, the malware will inform the hackers of passwords being typed in. This method has been used to illegally withdraw significant amounts from online bank accounts. In many cases, the financial institutions in question have not accepted liability.
■ Email cloaking – an email is sent, appearing to be from one of your employees requesting payment for an invoice which appears legitimate. The money is sent to the hacker’s account…
■ Ransomware/virus – like the ones who targeted the NHS recently, criminals working on the dark web have built sophisticated businesses with the sole aim of gaining control of companies’ technology networks and systems. They then send demands for payment in exchange for returning the status quo.
■ Password theft/breach – this enables sensitive data to be accessed and released. A disgruntled employee at the supermarket, Morrisons, did just this in 2015, costing the firm over £2 million.
■ Connected cars and the ‘Internet of Things’ – this threat is particularly real to the automotive industry. Connected cars are, in essence, computers on wheels. They hold a tremendous amount of data (e.g. medical records, bank details) and connect to multiple systems (customer’s phone, tolls, congestion charge etc.). Hackers can access the on-board system to infect your network.
How could cyber-crime cost you your business?
You might be:
■ An MOT station owner – sending out reminders to your clients that their vehicle requires its periodic inspection.
■ An independent garage – working on connected cars, with connected equipment, exchanging and processing data.
In each of these cases, you handle data. In May 2018, the government will implement the General Data Protection Regulation (GDPR), a new regulation which will impose more severe penalties for non-compliance and data protection breaches. The most serious violations could result in fines of up to £15.8 million or 4% of turnover (whichever is greater).
How can you protect your business?
You should review your passwords protocol, firewalls/email quarantining process and ensure you are doing regular systems back- up. More information is available on the National Cyber Security Centre website, at www.ncsc.gov.uk.
Cyber insurance can help protect your business in the event of a data breach or a cyber-attack. You may also want the benefit of PR advice to minimise the impact on your business’ reputation. The cost of this can also be included in your cyber insurance policy.