Ten years ago organisations often perceived cybercrime as unlikely to have a major impact on them. Threats were dismissed as something that only affected major corporations and most relied upon the age-old adage that it ‘only happened to the unlucky few.’ Just as worrying was the belief by many businesspeople that potential threats could be easily identified, with only those foolish enough to give details during a phone scam or click on an ‘obvious’ phishing email who would run into trouble. Lip service was paid to cybersecurity, with many companies operating only a basic anti-virus software in a meagre effort to keep their systems safe.
Unfortunately, a combination of factors including complacency, lack of cybersecurity training, increased use of online services and increasingly sophisticated cybercriminal activity has resulted in exponential growth and subsequent damage caused by cyber attacks on organisations right across the spectrum. According to a recent article on the UK government website published in April 2018, ‘over four in ten of all UK businesses suffered a breach or attack in the past 12 months1’. If this was not bad enough, the figure rises to 72% for larger businesses with the average cost of these attacks per business being £9260 over the 12-month period2. In real terms, the cost of a cyberattack can be much more, particularly taking into account reputational damage and loss of consumer confidence that negatively impacts sales in the longer term.
Following an upward spiral in cyberattacks, major incidents hitting the headlines and with the new General Data Protection Regulation (GDPR) coming into force during 2018, cybersecurity has suddenly been bumped up the agenda to a top priority for directors of businesses, charities and other organisations. Most coming into this from a standing start have little knowledge of where to begin. In the remainder of our blog we provide some simple definitions to define some of the common threats and simple tips to get you started on the way to securing your organisation online.
Malware - This is a term used to describe malicious software that is designed to breach, attack or disrupt legitimate systems. Common types are viruses, worms, trojan horses, spyware and phishing software.
Virus – A malicious piece of code that causes a computer or device to operate in ways the user had not intended. The code attaches itself to a legitimate piece of software or file and is able to replicate and therefore spread - hence the term computer virus.
Worms – Pieces of software that are designed to replicate without any human interaction. They can spread from computer to computer and allow other malicious activity such as data theft and backdoor entry into systems to take place.
Spyware – Spyware is software that downloads onto a user’s computer without their knowledge. Often this happens when a user clicks on a download link in a pop-up window and the software is installed to their PC. The software monitors user activity from that point, harvesting information. Sometimes this type of software is used illegally to gain data which helps unscrupulous businesses to target advertising, as well as being used for more sinister purposes.
Trojan Horses – These are programmes that deceive the user by appearing as seemingly legitimate software but in actual fact have malicious intentions and functionality. There are several variations but a particularly nasty form is the Remote Access Trojan (RAT) which creates access into the system of an infected user machine by the backdoor. This means that it can take over most functions and operate as the user without being detected by the host computer systems and prevention software.
Ransomware – Another form of malicious software spread by various means. Ransomware blocks access to vital data on a user computer system or in some cases, steals or encrypts the data. A ransom is demanded by the perpetrator of the attack in return for unblocking access to the data or agreement not to publish it.
Keeping your business safe from ever-complex online threats can be a difficult task. For most organisations the threat of an attack is so great, it is a case of when rather than if it will happen. Despite training senior management and putting in place technical measures to prevent online security breaches, cybercriminals have identified the weak point in organisations - employees involved in the day to day running of the business who are not accustomed to such threats. These unsuspecting victims can unwittingly allow criminals access to the organisations they work for. To help, we have put together essential tips to help your organisation stay safe at the most basic level:
- Check that software updates are installed regularly at all user workstations
- Ensure anti-virus, anti-spam, firewall and other online security software is renewed on time and regularly updated on all workstations
- Train all employees to be aware of the common signs of a cyberattack
- Ensure senior management are trained in cybersecurity and data protection to an appropriate level enabling them to put in place an appropriate strategy to limit risks and keep the organisation safe
- Make cybersecurity awareness part of organisational culture so that all employees take appropriate levels of care with data and login details
- Develop an action plan about how to deal with a cyberattack should it happen including how to limit the spread and damage it causes
- Identify all sources of data within your organisation and how your business is storing and processing it. Audit your processes regularly to make sure they comply with all data protection legislation such as GDPR.
- Treat unexpected contact by phone, email or letter with caution especially if it relates to financial matters
- Do not click on suspicious links
- Be aware that scam callers can use technology to display any number, including those belonging to legitimate organisations
- Seek immediate expert help if you inadvertently appear to have come across or installed a form of malware
- Enrol on the Cyber Essentials initiative set up to help small businesses and follow technical guidance from the Cyber Security Information Sharing Partnership (NCSC)
Our latest blog only scratches the surface of this vast topic and every business will have different cybersecurity needs. Established since 1993, the team at LBT is expert in helping to keep client IT systems safe and secure, with the ability to assist with all consultancy, software and hardware requirements under one roof. For a free initial consultation, please click here to contact LBT today.