Did you know that over 90% of UK businesses have suffered an attempted cyber-attack in the past year? Approximately 50% of all cyber-attacks are against small to medium-sized businesses, targeted due to a comparative lack of protection, awareness and expertise. Worried? Perhaps you should be. If you’d like to learn more about what to look out for, and how you can protect your business, read on…
Types of cyber-attack
There are many different types of cyber security attack which could affect your business. Their consequences range in severity, from a little inconvenience and lost working time to huge financial losses. These are some of the most common methods cyber criminals may use to gain access to your network, compromise your data and cause havoc for your business:
- Phishing: Often posing as a trusted third party, a phishing attacker will send a request by email asking for personal information. It may look like a typical email from your bank, for example, containing a link to a ‘dummy’ site. If you enter your username and password into this site, the information will now be in the hands of the cyber attacker. This type of unwanted email is more dangerous than normal ‘spam’. Be wary of clicking links in any email you receive. Most organisations will not ask for personal information via email.
- Malware: This term covers a number of threats, including viruses, spyware and Trojans. Malware is in the form of hidden code which is typically designed to steal data or destroy important files. It is usually introduced to your system through email attachments or downloaded software. Avoid downloading attachments or clicking links from unknown sources, and perform a virus scan before opening any new files or applications you have downloaded.
- Ransomware: This malicious software is a type of malware. It essentially locks down your system, blocking your access to all files and software unless you pay a ransom fee. This is a very common type of attack, and can cause significant downtime and financial loss. Find out more about ransomware, and how it brought the NHS to its knees last year.
- Man in the middle (MITM): In this type of cyber attack, the ‘man in the middle’ impersonates one end of an information exchange, for example between you and your bank, or you and a website you’re visiting. They then receive all the information transferred between the two parties. The best way to avoid this kind of attack is to only use encrypted, fully secured wireless access.
Protect your network from cybercrime
The best protection against attacks from cyber criminals is to ensure your systems are fully protected by a strong firewall and anti-virus software. Viruses and other malware are constantly evolving and becoming more sophisticated all the time, so it pays to make sure you have the latest update available.
You might consider hiring a professional to conduct a security audit of your business. This will help you to understand areas where you are not adequately protected, leaving you exposed to potential attacks. This is a service that we offer here at Custard, and we can also help you to ensure you have appropriate security in place, and that your data is sufficiently backed up.
Ensure that data on all of your devices, including mobile phones and laptop computers, is encrypted. If devices are stolen or accessed by an unauthorised party, they will find it harder to access and read your information.
Education is essential
One of the most effective ways to protect your network and your business data is to ensure that you and your staff are fully aware of the consequences of a security breach. Implement a strong password policy (follow our advice on how to do so ), and encourage your employees to be vigilant about all email attachments, links, and downloads. Even if your firewall and security software is up to date, some attackers still manage to infiltrate even the strongest of networks, so minimise your vulnerability by screening all attachments manually too.
If the loss of productivity and inconvenience wasn’t enough encouragement for you to review your business network security, there is now the added incentive of GDPR compliance to consider. In May 2018, the UK introduced a new EU Regulation as a replacement and updated version of the current Data Protection Act. The GDPR, or General Data Protection Regulation, apply to all businesses handling personal data, and how it is stored and encrypted. If your business is subject to a security breach and you are not GDPR compliant, you could face a hefty fine.
Talk to Custard
For help with everything from protection against spam emails to a full network security review, talk to our team of IT experts today. We’ll help you identify where changes need to be made, and recommend the most suitable solution for your needs.