Cyber Crime and Data Breach prevention

In the first six months of 2019 alone, 4.1 Billion sensitive records were exposed by hackers.  In 2018, 291 records were compromised every single second that passed during the first half of the year, according to Gemalto’s Breach Level Index.

Hackers and cyber attackers are criminal chameleons who adapt at the speed of technology. Data is valuable, especially to cyber criminals. According to AVG, criminals may be after anything from addresses and phone numbers that could be used in fraud, to passwords, to sensitive intellectual property or even information classified by the government. Many criminals are ruthless in their pursuit of what they want. That may sound like fear mongering, but the statistics speak for themselves. According to the BBC, in fact, more than 190,000 gbp is stolen every day through cyber crime. The average cost per-business, per-crime is 3,000 pounds. Few small-to-medium companies could absorb a loss like that, and remember, that is the average, some attacks could result in much higher losses.

Norton reported in 2018 that malware (or malicious software), on mobile devices was on the rise, so it’s not just your computer that is at risk. Mobile devices are increasingly coming under fire too. Symantec’s Internet Security Threat Report from 2018 also reported that there had been a 54 percent increase in malware variants for mobile devices the previous year – and that figure is steadily on the rise.

What can happen?

Malware is just one of the many popular tools used by cyber criminals. It can be installed on your computer without you (or any other user) realising, and work in the background. Malware can come from links clicked (for example, links sent in emails) or even from visiting unsecure sites. It can do a variety of things, from logging keystrokes and discover personal information, to locking your computer until you pay the criminal who installed it a certain amount of money. This latter kind of software is commonly known as ransomware. For malware prevention, keeping security up to date is a must. You may also want to train yourself and your staff on how to identify and avoid suspicious sites and emails.

The emails you might get which contain links to malware are known as Phishing emails. Other similar scams include tech support scams, in which criminals will convince you they are engineers or employees from a reputable tech company. This may be over email, chat or even the phone. Once they gain access to your computer, scammers could steal files or, once again, install malware. They may also attempt to sell you useless software.

Cyber insurance can help cover the costs of crimes like these, from legal costs to loss of income, and even help rebuild your business’s reputation post-fallout from the crime (of course, policies differ and exclusions apply. You will need to look over any policy carefully to make sure it meets your needs. We have an article to help decode the technical language that may cause troublesome here). In short, cyber insurance can help you pick up the pieces after a data breach, but we all know that old adage about prevention vs cure. So, what steps can your business take to prevent attacks from happening in the first place?

Why protect yourself?

If the UK statistics aren’t enough, consider that data breaches and cyber-attacks cost affected companies globally an average of about £3.18 million in 2019, according to a Ponemon Institute survey.

You can do everything ‘right’ in terms of being aware of the risks and taking steps to avoid crime, and it can still happen to you and your business. New threats are emerging daily.

All over the world, organisations are beginning to view cybersecurity in a far more serious light and are putting comprehensive security measures into place to prevent attacks. And the cyber insurance market is also steadily growing.

A single effective protection measure can literally save your company millions, so it’s time to stop griping about those antivirus subscription fees. They’re a lot cheaper in comparison to what you could be in for.

Beyond this, you should have a cyber risk management plan in place as an SME owner. Such plans usually include education for all employees, as well as appropriate tech support. Further to that, all online transactions should be protected for your users. Talk to your vendors, and have contracts in place that ensure security measures are being taken by them. Make sure email authentication is in place, such as domain key authentication. This puts a digital signature on outgoing mail that identifies it as genuinely coming from you. Before that, when deciding on a web host, think about their security. TLS is a basic requirement, and when it is in place most browsers will see a domain as secure (the web address will begin with https/).

In the unfortunate instance of a breach, you should also have a plan. Think about how you would notify customers, how you would save and store the data that can be rescued and how the business could be run with compromised systems.

Analyse your potential risk first

Risk

Never assume that you have enough protection. You should always be looking for ways to better protect your business. First, look at all the hardware that is connected to your network. How are these devices protected? Who has access to them? Remember, mobile devices are high-risk, so a good starting point is an analysis of less secure mobile devices that have network access.

Next, consider your data. What is the most valuable data asset you have and just how vulnerable is that asset to a potential attack?

Retain

It is often worth paying for a cyber security analyst to come and assess your potential weak points so that you can boost your cyber-security measures upfront. But if you do it yourself, simply try to break your assessment down into simple steps. Maybe you can afford security software that has comprehensive support, so that someone is always at the end of the phone?

Protect all data you can before you do anything else, and then, proceed to the next step:

Cover yourself where it counts

As a smaller business, you may not have access to some of the expensive resources and experts that can bring your security up to scratch for you. But you can use what you have wisely and invest in the things that count.

First, invest in reliable and reputable antivirus software. Techradar.com’s top five for 2019 are:

  1. Bitdefender Antivirus Plus 2020
  2. Norton AntiVirus Plus
  3. Webroot SecureAnywhere AntiVirus
  4. ESET NOD32 Antivirus
  5. F-Secure Antivirus SAFE

No network is perfect, unfortunately, because as fast as software engineers work to improve their security, hackers work to break it down just as quickly. Imagine how much more productive the world would be if these cyber-criminals applied their minds as keenly to contributing to the economy.

That said, there are key areas you should never neglect, and even if your resources are slightly limited, you can cover these bases:

  • Always keep your software up to date. With every update, there are generally renewed security measures.
  • Use firewalls and protect your internet gateways.
  • Encrypt your data.

Secure your data and always, ALWAYS back it up

Data doesn’t only stay on your premises. Information is more fluid than it has ever been. And as mentioned at the beginning of this article, mobile devices are becoming greater targets than ever before.

Mobile devices, tablets and laptops are commonly used by employees to work off site. And these items are far more vulnerable to theft. Security measures on mobile devices are also nowhere near as effective as the ones your company has in place in the safety of your office, so it’s a logical conclusion that mobile devices put your data a much higher risk.

Again, there are no guarantees, but backing up your data to a secure cloud-based platform and having your staff work online, as opposed to simply saving their work on their mobile devices, can decrease your risk of losing precious data (and can also ensure that your employees don’t lose their work if they lose their device).

It should be noted here that, if you do invest in cloud storage, the word – and commodity – that should be emphasised is security. The more encryption, password protection and multi-factor authentication measures in place, the better, even if those measures do annoy some of your employees occasionally.

Real world back up doesn’t hurt either. It’s advisable that you do both. Server backups can be set to run after hours, when you and your employees are less likely to be inconvenienced or experience work interruptions. You won’t necessarily need to back up every day. But it’s an effective failsafe to have in place.

Remind your staff that data is also their responsibility

Most cyber-attacks occur because of human error. People click on the wrong link, download the wrong attachment, install the wrong app, or are tricked into sharing information that they shouldn’t have. Of course, almost every time, they do it unintentionally.

Teaching your employees about cyber-security and regularly reminding them to be vigilant is just as important as having formal technical measures in place. All the firewalls in the world won’t matter if one of your staff members inadvertently gives away a password, for example. And even if you do have back-up measures in place, advise your staff to back up to password-protected external drives, too.

When all else fails, claim from cyber insurance

When all your security measures have been battered down or if wily hackers have somehow found a way to get in through an overlooked back door, cyberinsurance.co.uk / cyber security insurance will help you make up for any loss of income, repairs or setup costs, and even legal and customer communication and relationship management, in some cases. There are always exclusions in policies of course, so do make sure you are aware of these. And insurance is just in case of breaches. Your number one priority should be to avoid them.

Be sure to protect yourself with all of the above – and more, where possible. But there is never a 100% guarantee on cyber-security. Rather play it as safe as you possibly can.

Browse this site for impartial comparisons of the best cyber-insurance providers in the UK, so that you can make a more informed decision. We have no affiliation with any of the companies listed, so you can rest assured that all reviews are completely unbiased. We hope you’ve found this article helpful, and that you will keep checking in with us for more informative content.

Sources:

https://www.cbronline.com/news/global-data-breaches-2018

https://us.norton.com/internetsecurity-emerging-threats-10-facts-about-todays-cybersecurity-landscape-that-you-should-know.html

https://www.teiss.co.uk/data-breaches-financial-impact/

https://www.akamai.com/uk/en/our-customers.jsp

Share This: