Kate Wood - Senior Lecturer (Faculty of Science & Engineering)
The internet is arguably the best invention of the 21st Century. However, as with anything, it is not without its drawbacks (and I’m not just talking about your kids being obsessed with Snap Chat).
In everyday life, we all know someone who has been affected by breaches in cyber security. From unexpected charges on a credit card to hacked social media accounts, online fraud can be both frustrating and distressing.
Opportunists are constantly looking for areas of weakness, so as banks and email and social media providers attempt to clamp down on unscrupulous activities directed at individuals, some unethical hackers are inevitably turning their attention to public and private organisations; capitalising on gaps in their cyber security due to a lack of IT investment throughout the recession.
How can cyber-attacks impact businesses?
According to gov.uk, the BIS 2014 Information Security Breaches Survey reported that "81 per cent of large organisations had experienced a security breach of some sort. This costs each organisation, on average, between £600,000 and £1.5m". Only last month, the NHS became the latest victim of cyber-crime following the largest attack in its history when it was infected by a ransomware attack called "WannaCry", which demanded payment to regain access to medical records.
"But we're a small business, surely hackers won’t target us?" I hear you say. Wrong.
2016 figures released by The Federation of Small Businesses (FSB) show that on average, "a staggering seven million cyber-crimes are committed against smaller businesses in the UK every year. That’s 19,000 every day. A cyber-crime incident costs a small business victim nearly £3,000, and takes more than two days to recover from."
As well as the obvious financial impact, attacks can be really disruptive for your staff, suppliers and customers and potentially expose your intellectual property, such as customer data or vital trade secrets that give your business its competitive advantage.
How can you protect your business?
Keeping up to date with all the underhand tactics unethical hackers use is a hard job for top cyber-crime prevention experts – let alone directors and managers of SMEs with busy day jobs. Therefore, 100 per cent prevention is near impossible.
However, there are practical measures you can implement to help safeguard your business. In February this year, The UK Domain released ‘Ten steps to keeping your business secure online’ summarised below:
1. Managing Risk: Accept cyber security is ongoing. Create a plan to continually assess and monitor risk in your business.
2. Passwords: Keep them safe and secure, remember to change them every six months and use a mixture of numbers, letters, characters, cases and symbols.
3. Preventing Viruses: As well as installing a trusted antivirus software and ensuring a firewall is active, warn employees about suspicious emails or downloading from untrusted sources.
4. Security Settings: Ensure all software is up to date, record serial/asset numbers of equipment and backup data regularly.
5. Browsing and Sharing Safely: Use public WIFI only when absolutely necessary. Encrypt all personal and confidential information and use cloud services to host your files.
6. Securing Your Own Equipment: Apply the same guidance to personal mobiles and tablets if being used for work purposes.
7. Peripherals: If you have to use USB sticks, always encrypt them.
8. Training: Make sure all staff understand the risks and how to help mitigate them.
9. Monitoring: Monitor systems for updates and check logs for detected and recorded suspicious activities. I also highly recommend regularly checking the National Cyber Security Centre website and following their Twitter for live updates.
10. Managing Security Incidents: If a breach occurs, you will need to revert to backup data. Identify failures and put systems in place to address them.
Lack the skills internally to implement a cyber security plan?
If this sounds like your business, don’t worry, there are a whole host of online resources, local courses and topical events on cyber security.
Here at the University of Wolverhampton, we’re hosting a free breakfast briefing on Thursday 13 July 2017 at our Telford Innovation Campus called ‘Addressing the IT & Cyber Security Skills Gap’. Click here to find out more or book your place.
The University also leads on the Knowledge Exchange & Enterprise Network (KEEN); a business improvement programme part-funded by the European Regional Development Fund (ERDF). The programme could help you fill your skills gap through a recent, qualified graduate who you’d employ to work on a cyber or IT-related project over six to 18 months with the guidance of an experienced academic.