Did you know, there was a cyber-attack on UK firms every 49 seconds between April and June in 2021? (Beaming, Cyber-attacks in Q2 2021). Cyber-crime affects businesses of all sizes, but there are steps you can take to protect yours.
Superfast Business Wales has recently teamed up with The Cyber Resilience Centre for Wales to find out the answers to the online security questions most frequently asked by businesses.
Read on below to find out why you should be putting cyber resilience at the top of your agenda, as well as what you can do to protect your business online.
You can also find out more on our special free Cyber Resilience Event. Get free advice from experts from Wales Cyber Resilience Centre and Tarian Regional Organised Crime Unit – find out more and book
What priority should I be giving cyber security when there are so many other priorities to address?
Businesses should give cyber a high priority! Cyber incidents have increased due to the fact many businesses have embraced remote working as a result of the pandemic.
The frequency of ransomware attacks, in particular, has risen dramatically over the past year, with 93% more carried out in the first half of 2021 than the same period last year, according to Check Point’s mid-year security report. More firms were targeted by criminals in 2020 than in 2019, and those who needed to defend their business often did so several times. In fact, the survey found that 28% of the businesses that suffered attacks were targeted on more than five occasions in 2020 (Hiscox Cyber Readiness Report 2021).
What measures should be in in my Business Continuity plan relating to cyber?
It's important to include standards for identifying, managing, and reducing cyber risks in business continuity planning. This allows for collaboration across departments and helps ensure that organisations have a timely plan in place to respond to potential attacks.
Consider a recognised cyber security standard such as the UK Government-backed Cyber Essentials or Cyber Essentials Plus schemes.
Also do the following:
- Test your systems
- Plan and prepare for a successful cyber-attack
- Raise staff awareness about phishing attacks
- Embed security across your organisation
With so many big companies out there, why would a cyber-criminal target my small business?
It’s more difficult to get money from large companies. A common tactic for hackers is to steal a company’s data, then threaten to release it unless they’re paid a ransom. You can see how if a large company was threatened, they could potentially use their resources to try and get their data back from the criminals. But smaller businesses often don’t have these resources at their disposal, leaving them with having to choose between suffering a privacy breach or a financial loss. Hackers know that the easiest option is often just to pay.
Small businesses are typically less prepared. Large companies might hire a cyber-security consultant to assess their vulnerabilities or have an in-house cyber-security team to get ahead of any potential threats. Not so with smaller companies. Without policies in place, small and medium sized businesses can easily underestimate the risks associated with accessing and handling their data, leaving them susceptible to attack. And considering that most data breaches are a result of human error, it makes this vulnerability that much more tempting to criminals.
Data is valuable, no matter the size of the business. A company with even just a few thousand clients, or personal data records has valuable information that could be exploited.
It doesn’t matter what size your business is, if there is a weakness discovered by hackers, they will look to exploit it.
How will not being prepared for a cyber-attack affect my business?
When people learn that an organisation paid millions to resolve a ransomware issue, they assume that fixing it cost the company just the ransom. This is not necessarily the case as a phishing attack increases the likelihood of a data breach and business disruption. Many of the costs incurred by companies come from lost productivity and remediation of the issue rather than the actual ransom itself. Lost productivity may be a significant share of the money paid out following a cyber-attack, with a host of other investigative and compliance expenditure thrown into the mix, as well as the price of putting in place security measures to prevent a further breach.
It's important also to be aware of other potential issues, both financial and non-financial, such as:
- Reputational damage
- Possible fines for breach of GDPR if data loss is involved
- Personal stress
Find out more about cyber security and how to keep your business safe online – sign up to Superfast Business Wales’ free programme of digital support.
Further free support from Wales Cyber Resilience Centre
The Cyber Resilience Centre for Wales delivers free training and advice to businesses, working in partnership with Welsh Universities. Businesses can also benefit from free or enhanced membership which includes access to further guidance and resources. To find out more, visit their website.