← Back to Blog
Cyber Security: An overlooked necessity for SMEs January 8, 2020
In the past year Facebook was the subject of worldwide scrutiny when it was revealed that millions of unencrypted Instagram passwords had been stored online in plain text. What does this mean for the rest of us? Follow us on this ride on the cautious side to find out.
What is Cyber Security?
Cyber security is, in simple terms, the precautions put into place to protect the devices we use and services we access from cyber-attacks. Its main goal is to stop cyber threats that can not only access sensitive information, but also render a whole system damaged or inaccessible.
Why is it important?
There’s no denying that that technology is an integral part of our lives, and it just keeps getting more prevalent. Smartphones, computers and the internet are becoming so embedded in our society (to the joy of some and disgust of others), that living without them seems almost impossible.
Sure, it’s designed for ease and convenience, but it also comes at the price of exposing our personal data to the world. And just like bacteria build immunity to an antibiotic, hackers are getting better and better at stealing data. Firewalls and anti-viruses as the ultimate solution to security threats are a thing of the past. Exclusively depending on them could be damaging for you and your business regardless of its size.
A lack of cybersecurity can therefore mean the leaking of pictures from one unfortunate individual or the complete irreversible shutdown of a business. Scared yet? Well…
Facts and statistics
As of 2019, research has shown an estimated $2 trillion loss on account of cyber attacks globally, where half of these were targeted at small businesses. Why them? Well, when you own a small business you might think you are so small that you’re not worth being attacked, so you don’t exactly invest in proper security…which makes you the perfect unassuming victim.
Forbes calculates that by 2021 cyber attacks will result in £6 trillion in damages around the world – to put it into perspective, this is more than the cost of all natural disasters in a year or (and get this), the global trade of all illegal drugs. In fact, the 2020 Official Annual Cybercrime Report (ACR) predicts that businesses will fall for ransomware attacks every 14 seconds.
And (not to encourage anything but) all it takes to become a cybercriminal is just a quick dip into the dark web, where one can find an arsenal of hacking tools and services, all starting at the low price of $1…
Types of attacks
RANSOMWARE: it’s like taking a hostage and asking for money.
In 2016, the annual cost of ransomware was $1 billion. In 2018 it jumped to $8 billion; here in the UK alone, a cybersecurity breach has been identified in 32% of all businesses in the same year. Of course this is a scary rise, but scarier still is the fact that the latest ransomware attacks have not been done for the money but to destroy information or cause a distraction (almost all cybercrime incidents focusing on educational institutions were ransomware – around 70% of them!).
Whilst the growth of the IoT (Internet of Things, i.e. devices which can be connected to the internet) gives cybercriminals an easy playground for mischief, 92% of malware attacks are by malicious emails. One in every 412 emails had a malicious attachment on it, so you can see how easy it is for small businesses to fall into their trap. Unfortunately, emails are not the only way (or place) where cyber attacks can take place.
DISTRIBUTED DENIAL-OF-SERVICE (DDOS) ATTACK: slowing down/crashing websites by flooding it with traffic
PHISHING: disguising a malicious email as a normal one and making you fall for it
SQL INJECTION: like a parasite that digs into a website or application and makes it execute damaging commands
MAN-IN-THE-MIDDLE ATTACK: getting in between you and an (unsecured) internet connection and stealing your data
BRUTE FORCE ATTACK: password cracking
These are only some of the ways in which business and personal information can easily fall prey to anybody out there with enough time and skill. And it doesn’t stop there.
Big tech firms are at risk too
Remember that Facebook scandal we mentioned earlier? Now we can tell you that an issue of that size means that the one thing we rely on to protect our privacy could easily be accessed by the most novice of hackers.
And just when we thought this wasn’t enough to make us second guess using the platform, it was recently revealed that a security snafu resulted in over 400 million Facebook users’ phone numbers being disclosed, easily linking that bit of information to its users and, in turn, exposing them.
So… was putting users’ information behind a weak security system a deliberate manoeuvre, a lazy take on cyber security or simply human error? Well, it’s hard to believe that a mega company such as Facebook would miss this, but at the bottom of it also comes to show how easy it is for even the giants to fall prey to hackers, and in turn how easy it is for there to be cracks in the system.
Their error was not being vigilant enough, and that’s why paying attention to cybersecurity is a must for any business or, at this point, individual.
So… what to do?
How much? What kind? Where? and what? are some very valid questions. Former Cisco CEO John Chambers said, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”
So what’s the port of call if you are the victim of a cybercrime?
The first step is to appoint an expert to assess how bad the risk is. Things that should be considered:
- the risk to people’s rights and freedoms
- notify the ICO if it’s likely there will be a risk
You don’t need to report every breach to the ICO. They will look at the claim and tell you how to best proceed, depending on the breach.
Your next step is to learn from your mistakes and put a good strategy in place: ask your expert to identify risks and vulnerabilities.
Invest in good cyber security software, even if you think you won’t be affected (because if you think you won’t, you most probably will).
If you are creating a website from scratch or updating an existing one, there are some elements that are a must-have to increase the chances of preventing a breach:
- Ensure your website has an SSL certificate.
- If you question the origin of some of the code, don’t rely on it. In fact, a good rule of thumb is the fewer plugins, the better.
- Consider disabling, renaming or moving the website’s default admin features
- Apply a password policy for extra security.
- Conduct a third party review of the code before launching and an external penetration attack whenever possible. You can appoint a company to emulate a hacker and see how easy or hard it is to crack into your system.
Cyberattacks don’t just damage property, but also a business’s reputation. It’s not just about finding good cybersecurity software, but about being upfront with the data you store, so you can be on their side if the worst happens. Be transparent with your data and abide by the GDPR (General Data Protection Regulations), which lay out rules for collection, use, and storage of personal data. Tell your clients what you do with the data, give it to them in a commonly used format if requested, correct information that a customer claims is wrong, delete data when requested and restrict data processing when requested.
VPN services make it relatively easy to stay anonymous online and it’s difficult to trace a person’s activity. It’s the perfect invisibility cloak. In the end it’s all about prevention, prevention, and a little bit more prevention!
Be proactive when looking after your data online.
Unify your systems to stay consistent in the protection of crucial information.
Stay relevant with your online security, from keeping the latest updates to running regular checks.
These easy steps will have a resonant effect in your business and believe or not, will improve your reputation and trustworthiness to your customers.