12 January 2023
Don’t let cyber-criminals ruin the start to your year
Businesses and organisations already face enough challenges without worrying about the damage and repercussions of a cyber-attack.
Data – an invaluable asset
Data might not be tangible in the conventional sense. But data is a currency of sorts and an invaluable one – an asset that needs safeguarding like any other. With cyber-attacks on the rise and increasingly sophisticated, businesses and organisations need to tighten their defences.
28 January is Data Protection Day. It’s an annual reminder of just how important data is. Acknowledged internationally, the event was established to raise awareness, highlight the challenges and risks faced, and promote best practice.
A solid, strategic approach to managing data security is an important cornerstone for organisations to put in place to protect against a cyber-attack and the ensuing fallout.
A loss of data or security breach can be catastrophic, with immediate problems and ongoing, potentially long-term ramifications, including:
- Operational downtime
- Trading suffers, share price drops
- Cancelled contracts
- Staff recruitment/retention issues
- Direct costs – the business may have paid a ransom and may have to pay for external support to get fully operational again
- Indirect costs – employee time managing the breach and getting operational.
- Their data has been made public or is in the hands of a person / group with malicious intentions
- Reputational loss
- Compensation for direct loss
- Or a combination of some, or all the above
Businesses and organisations fall victim every month. Details of cyber-attacks in September 2022 make for sobering reading. In the last full year reported, 2021, 39% of UK businesses and 26% of charities reported cyber-attacks and breaches. The hackers generally target larger organisations: large businesses (64%), medium-sized businesses (65%) and larger turnover charities (51%). The education sector is also increasingly coming up on the hackers’ radar. GOV.UK’s Cyber Security Breaches Survey 2021 goes into extensive detail.
A successful attack will undoubtedly hurt a business or organisation – the three main resulting variables being: 1) How much damage has it done? 2) What are the ramifications? And 3) How long is it going to take to fix it then get back to normal?
Adding layers of protection
It’s probably fair to say that no organisation is 100% secure against a cyber-attack and it’s no longer a case of ‘if’ but ‘when’ – with the only real difference being the extent to of the breach. Organisations can take steps to reduce opportunities, making it harder for cyber-criminals to launch a successful attack.
Incoming emails and phishing often provide the initial entry point for cyber-criminals. Employees need to be vigilant about any suspicious emails – particularly those with links or attachments – and delete (without opening) anything they are wary of and report it to IT.
Be careful of websites visited and any kind of social media post, however innocuous, which asks them to post even the most minor personal detail – the name of a pet, star sign or place of birth.
Be very wary of attachments and links within phone messages. Don’t know the sender? Don’t open it. Current mobile hacking techniques include a message about a package for you, asking you to click a link. Another scam comes from an unknown number claiming to be a close friend or relative using a new phone.
Passwords? Choose three random words, e.g. bananamoscowwig, stationjellyfoot or doctorbicycleflummox and add in numbers, capitals and special characters. Something easy to remember but hard for cyber-criminals to guess or crack.
When you’re travelling, keep your laptop and phone safe and secure. And never use public-accessible Wi-Fi when you’re working or for accessing any confidential information.
Pay attention to what your IT and data people at work recommend – they know their stuff. Every action you take is another layer of security.
Don’t get complacent
Ongoing vigilance is key to data security. Regular reminders to employees about their responsibilities and tips for protecting against cyber-criminals keep people alert to the dangers and likely fallout.
Getting hacked is something businesses and organisations must avoid at all costs.