Chief Underwriting Officer
October is Cyber Awareness month. Now in its seventeenth year, Cyber Awareness month calls attention to the risks that individuals and organisations face from cyber, and how we can all take action for cyber security.
If you think cyber security is only a concern for major companies, think again. The reality is that individuals, entrepeneurs and small businesses are far from immune.
Almost half of businesses experienced a cyber breach or attack in the last year, with one in three experiencing them at least once a week, according to the Cyber Security Breaches Survey 2020. In fact, cyber attacks are regularly listed as one of the top risks affecting businesses around the world.
Who can be the victim of a cyber attack?
We often hear about ransomware attacks on huge multi-national companies and governments, but the truth is that anybody can experience a cyber attack.
If you operate online in any way – even in seemingly low-risk ways like emailing clients’ invoices or processing customer orders through your website – you can be affected. Whether you handle tons of data or a small handful of it, cyber criminals could still make you a target.
How has Covid-19 affected cyber security?
As more and more of us work from home, many businesses have had to adapt their approach to cyber security. When everybody works in the office, only handling company data on one secure device, and accessing a secure network, cyber threats can be easier to handle. But staff at home, with non-secure networks, or using a mixture of their own and work devices can drastically affect security.
75% of IT leaders surveyed in a recent research report from Tessian said the future of work will be “remote” or “hybrid” as people choose to work from anywhere. However, 82% of IT leaders also think that their company is at greater risk of phishing attacks, while 78% think their company is more susceptible to insider threats, when employees work away from the office.
“The problem is that employees feel like they can get away with riskier cybersecurity behaviours when working remotely, because they aren’t under the watch of their IT teams” said Laura Brooks from Tessian. “This lack of visibility into people’s behaviours poses a huge threat to data and company security. Companies must, therefore, consider how they can enable people to work flexibly but also securely.”
Small changes - like ensuring staff are fully informed, receive regular support with their cyber-security and have all the hardware they need so they don’t access customer data on private devices - can make all the difference.
What will cyber attacks look like in the future?
“Criminals are coming up with novel ways of stealing credit card information all the time” says Andrew Mason, founder of digital experience monitoring platform, RapidSpike.com. “They will always look for the fastest route to access the most customers at once. This can often span different countries in a matter of minutes.”
“Business email compromise will continue to become one of the greatest threats to organisations’ security” says Laura Brooks from Tessian, “As hackers effectively impersonate senior executives, third party suppliers, or other trusted authorities in phishing emails to deceive employees. And everyone is a target - from the CEO to the new joiner.
“Just as hackers have evolved their tactics from “spray-and-pray” phishing campaigns to launch more targeted and sophisticated spear phishing attacks, they’ll continue to evolve their techniques to make their attacks even more convincing. For example, we could well see an increase in vishing (voice-phishing) attacks, like the one experienced by Twitter earlier this year, whereby attackers target employees over the phone pretending to be trusted authorities and tricking them into sharing credentials. A quick follow up email from the attacker to ask employees to share sensitive information could, then, see hackers accessing internal tools and systems.”
But it’s not all cause for alarm. Here are 8 simple actions you can take now for cyber safety.
How can I protect myself against cyber attacks?
Cyber security doesn’t have to be super expensive or complicated. Start with the basics, and get them right. Clear information, regular briefings for your team, following the UK government’s Cyber Essentials standards, investing in decent software and insurance will all take you a long way towards cyber safety.
Know the risk
Don’t fall for myths like “my business is too small to be attacked.” Treat cyber security as a business priority. If you had business premises, you would carefully lock up cash and confidential data. So don’t forget to do the same when you’re online.
The UK government’s Cyber Essentials certification is an excellent place to start. And if your company serves the NHS, you can apply for specialist funding to get certified.
Analyse your existing cyber security
“Web-skimming, or Magecart attacks, are the number one threat to ecommerce today” says Andrew Mason. “Companies need a multi-layered approach to protect their online assets, customers’ data, and most importantly their reputation. To prevent attacks, you should complete a security analysis including penetration tests and vulnerability scans to check for known vulnerabilities that leave websites open to be attacked.”
Don’t bury your head in the sand
If you’ve spotted an issue or experienced a breach, don’t delay. Take strong and decisive action. “Patching security issues quickly can stop attacks occurring in the first place” says Andrew Mason.
Invest in software
“Third-parties are commonly used by ecommerce sites, with the average site loading 85 third-parties” says Andrew Mason. “It’s easy to mistake malicious domains for genuine ones. We recommend companies vet all third parties before putting them live. One of the easiest ways you can keep your IT system safe is to regularly update software such as Windows, and invest in good Anti-virus software. Avoid free software, it’s free for a reason.”
It pays to be insured
If the worst happens, it pays to have insurance protection. Superscript provides cyber insurance for small businesses on a monthly subscription basis and bespoke cover for larger businesses with more complex risks.