The question looms large in the minds of all leaders when safeguarding their organisations: Is my company secure? It’s natural to immediately think of physical security measures—adequate alarms, CCTV systems, locked safes, and video entry phone systems protect your employees and assets.
But what about the risks that often remain unnoticed until a major incident strikes?
Could your own team be inadvertently jeopardising your organisation from within?
I’m referring, of course, to the perils of a Cyber Attack. While every business acknowledges the potential threat, the common sentiment is that it’s “highly unlikely to happen.” Consequently, investing in this area is often not prioritised. Alternatively, you may have had your IT systems monitored and certified several years ago, and since then, they’ve been running smoothly. So, why bother?
Let’s examine the statistics for a moment—according to the Cyber Security Report 2018 by Gov.UK:
- Nearly all UK businesses (98%) and charities (93%) represented in the survey rely on various forms of digital communication or services, including staff email addresses, websites, online banking, and the ability for customers to shop online. Charities face additional risk with online donations.
- Over four in ten businesses (43%) and two in ten charities (19%) have experienced Cyber Security breaches or attacks in the last 12 months. This figure rises to seven in ten (72%) among large businesses and a similar proportion (73%) among the largest charities.
- Less than three in ten businesses (27%) and two in ten charities (21%) have formal Cyber Security policies.
Cyber criminals are becoming more adept at exploiting emerging technologies and are currently on the FBI’s most wanted list. It is estimated that by 2020, the average cost of a data breach will exceed $150 million.
What is a Cyber Attack?
At its most fundamental level, a Cyber attack aims to steal and exploit sensitive customer, employee, and financial data, thereby compromising some of an organisation’s most critical assets.
How Can I Prevent a Cyber Attack?
Closing off all digital communication channels or suspecting all your employees of malicious intent is neither practical nor desirable.
The first step in safeguarding your organisation is understanding the various potential threats to your IT system and then delving into ways to prevent such an unforeseen attack. It is essential to note that being “Cyber Aware” and taking precautions extends beyond creating strong passwords. While you certainly don’t want to end up on the annual list of the worst passwords, it’s crucial to remember that preventative measures include regular employee training and software/system updates.
Cyber Security Training
Ongoing Cyber Security training benefits the entire business, not just the IT department. This is because, even with the best technology and personnel in place, the weakest link in your security chain is often your own employees.
Take a look around your desk. How many Post-it Notes, printed emails, or company records do you see? Now, how many of these contain account numbers, passwords, or other confidential data? If there’s even one, that’s one too many. Your office might seem like an unlikely place for a data breach, but Cyber thieves operate in the physical world as well as online.
Naturally, you cannot go around suspecting your company’s greatest assets of potential criminality, but diligence goes a long way in protecting your organisation.
Awareness and Action
With remote working revolutionising how companies operate, understanding online scams like phishing will help your team be alert to the risk. Additionally deploying mobile device management, and installing anti-virus software protect your organisation on a regular basis. When employees feel empowered through training, they will act with confidence and be fully aware of any risks, reducing the likelihood of human errors that could result in a damaging breach.
This will also free up your IT department, enabling them to deal with more complex tasks and potentially serious breaches.
Often, the simplest prevention methods are the most effective. Many companies grapple with outdated technology or spend a fortune trying to keep it up to pace with their evolving organisation. Many will recall the infamous WannaCry ransomware attack which affected the NHS in 2017 and other major companies globally The attack targeted organisations that had not installed Microsoft’s security update. While it wasn’t directly aimed at the NHS, it exposed vulnerabilities within the healthcare system and underscored the need to enhance discipline and accountability around Cyber Security at senior leadership and board levels.
Companies like Microsoft and Apple dedicate time to developing and releasing software updates for a reason. They continually fix potential security vulnerabilities that, if ignored, could cost you both financially and reputationally.
The reality is that no organisation can be completely immune from an attack, and there’s no room for complacency. You wouldn’t leave your car unlocked just because it didn’t get stolen the first time you parked it in a car park, so why take risks that could potentially lead to an irreparable event? Priorities and choices lie in the hands of the organisation—make sure you make the right ones.