Safeguarding your business against a cyber-attack

It is, without doubt, the biggest danger to have ever faced business security systems. In 2018 alone, ONS reported that 4.5 million cyber-crimes were committed across England and Wales. More worrying still is that over a quarter of businesses (28%) don't know how many cyber-attacks they've had and a third don't know how they happened. 

Continue reading to find out more about these growing threats and how you can safeguard against them.

If you think your business is small enough to fly under the radar of hackers, you’re mistaken. In fact, according to Hiscox, small businesses in the UK are the target of an estimated 65,000 attempted cyber-attacks every day.

For example, one of the most infamous attacks of recent years was not levelled against a huge corporation. Instead, NHS trusts (among others) were targeted by the WannaCry ransomware in 2017, costing the organisation over £92 million.

Hackers do not care how much your business turns over: if you have private user information or important data (emails, passwords, etc) then you could be a target. This valuable information can be sold on the black market or used as ammunition to hold your business to ransom. In many cases, however, malware propagation and general disruption are the ultimate goals.

It’s also possible that an internet-connected device in your company could be added to a botnet - a huge network of compromised sites. Once they are part of this network, the hacked device will be used to overwhelm other businesses’ systems by sending a torrent of traffic to their site. You may know this as a ‘distributed denial of service’ or DDoS.

One of the largest attacks of this kind was directed at Dyn in 2016. The domain name system (DNS) provider suffered major disruptions that impacted many well-known websites, including Netflix, PayPal and Reddit. This botnet was constructed from all manner of compromised devices, with cameras, printers and even baby monitors being used for the attack.

This case shows that even the most unassuming devices, as long as they are connected to your network, can be hijacked. This means you need to make sure your business stays cyber savvy.

If your business uses the internet for day-to-day operations, you need some form of cyber security.

Everything from your security cameras to shared servers could be compromised if opened up to hackers. With the appropriate provisions in place, however, you could prevent your business, employees, customers, and stakeholders from being disrupted.

To be sure you are protecting the most valuable areas of your business, you need to analyse what is often called the ‘three pillars of cyber security:’ people, processes and technology.

The ‘people’ pillar ensures your employees understand the importance of security. One simple way you can instigate this today is by ensuring your employees choose strong login passwords.

You could take this a step further by training your staff in more advanced cyber security measures, such as being able to spot phishing emails. These emails look like they have been sent by a trusted source and are designed to trick users into providing confidential information. You can protect your business by teaching your employees how to recognise scams such as these. Yet, according to research from the University of Portsmouth, only 20 per cent of companies take this precaution.

‘Processes’ refers to the way you deal with cyber-attacks, as and when they happen. This pillar is the strategy that identifies breaches, responds to threats and recovers your system if it is compromised. As methods of attack continue to evolve, you should regularly review your processes.

The final pillar is ‘technology.’ This is the front line of your defence and includes the likes of firewalls, DNS filtering and antivirus software. Hackers are looking for an easy target and your technology could deter them.

Even with the most stringent cyber security measures in place and a network of savvy staff at the helm, your business still isn’t safe. To be sure you are protected, you need cyber insurance.

While it won’t make your business bulletproof, cyber insurance will help you bounce back in the event of an attack. If you lose data, for instance, cyber insurance can provide a specialist team to help recover and rebuild your system. It can also cover any loss of income, should the attack impact your ability to trade, as well as legal assistance/representation.

For more information about how you can prepare your business for a cyber-attack, read our top tips.                                

• Set up two-factor authentication to log in to your systems. This means employees will log in to their account with a password and a one-time code (usually delivered to mobile phones). This makes it difficult for hackers to infiltrate your system without access to the codes.
• Ensure that all your software is updated. Regularly installing patches to fix holes in your system, makes them more difficult to breach.
• Similarly, you need to keep your antivirus software up to date. These programmes are regularly being updated to deal with new threats and viruses.

To protect your business against cybercrime, call us today for a competitive no obligation quote for your cyber insurance needs.