The world economy loses more than $1 trillion to cyber-crime annually. That’s an astounding amount of money! And it’s a figure that’s risen by over 50% since 2018.
In 2019, two thirds of all organisations reported a cyber-crime related incident or occurrence. It is almost certain that this figure has climbed substantially in 2020 as well as this year, thanks to cyber criminals capitalising on the Covid-19 pandemic. It’s easy to dismiss these large figures and not connect them back to your own business. However, the typical cost of a corporate data breach is estimated to cost approximately $500,000.
This massive average breach figure includes:
- Any ransom demanded by criminals who lock your data and remove your access to it.
- The cost of recovering your data, and undoing the extensive damage done.
- Putting in place additional ongoing security measures after the breach.
Cyber crime is definitely an issue that every business owner must be aware of and plans and strategies are required to be in place to deal with such instances if they ever arose. The most common types of cyber crime include ransomware and phishing. Ransomware is where your data access is blocked until you pay a ransom fee, whereas phishing is when cyber criminals pretend to be someone else and get you to click on a bad link which can then infect your computer with a virus. These are ways in which your critical systems can be accessed remotely.
On top of the monetary impact that cyber crime can have, there is also a reputational one. Could you envision having to advise every single client that your data about them had been accessed and stolen and potentially for sale on the dark web? What would happen if the local media or newspaper got hold of this and ran a story about it? Your brand image would be in tatters as you attempted to recover your system access. 92% of businesses that have been hacked also report the substantial impact that it has on company performance and productivity, with employees losing an average of 9 hours work time when such an occurrence takes place.
You must seriously ask yourself: Could your business afford to be affected by a ransomware or phishing attack? – The truth is that many small businesses, unfortunately, couldn’t.
So why do so few businesses have a plan in place to prevent and respond to cyber-crime? It’s estimated that more than half of all businesses don’t have a strategy in place to address such incidents. Does yours?
If you answered “no” – it’s time to do something about it! There’s been a surge in ransomware and phishing attacks in recent times. If you don’t have a reliable and effective strategy in place to help keep your business protected – and to help minimise damage if the worst were to happen – you are leaving your business extremely vulnerable to a cyber crime. Cyber criminals are relentlessly and constantly targeting businesses via the use of high-tech automated tools that pinpoint company’s vulnerabilities on a digital platform. It is only a matter of time until your business’s defenses are examined and put to the test.
Below is our recommended 5 step action plan that will help your business prepare for a cyber attack as well as assisting in safeguarding your organisation and its assets.
1) Training to help prevent cyber crime
It is vital to remember that your devices and software aren’t the weakest link in your online defense – your people are. Your employee’s awareness of various risks, and their ability to recognise them promptly and proactively address them in a timely manner can make a remarkable difference to the possibilities of being negatively impacted.
Although they would never purposefully do anything to harm your business, it only takes the touch of a button, with one click, one bad link or email having the ability to affect your organisation for good.
Phishing scam’s sophistication levels are increasing dramatically each day, becoming even easier to succumb to. With some of the smartest social engineering, even the most careful individual can be caught out.
Fortunately, with the right cyber security training, your team can be shown the various tell-tale indicators and features of a scam email. Things to pay attention to include;
- The email address it was sent from
- The language used
- The font and design of the email
- Checking if a link is safe before clicking on it
Unfortunately, there is a lot that can go wrong online, with the more people you have working for your business, the greater your risk of one of those detrimental cyber crimes occurring. Your entire employee team as well as yourself, should have regular cyber-security awareness training to ensure that the company systems remain secure at all times. Things change very frequently in this day and age so it is in your best interest to keep everyone’s understanding, skills and knowledge remains up to date.
2) Utilise accessible tools for your business
There are many tools out there to aid in keeping your company secure and protected from cyber-criminals. By taking advantage of these, you can help safeguard your business.
Some frequently utilised tools include;
- Multi-factor authentication: This is where you enter a code from another device to ensure that you are the user that is attempting to log in.
- Password managers: These generate lengthy random character passwords and remember them for you on a secure platform so you don’t have to.
- VPNs: A Virtual Private Network provides you with a secure connection to business systems when working remotely.
- Encryption: This encrypts the content of your devices and makes them look like random characters to anyone without the encryption key.
Additionally, there are several other layers of security that are available to use for your business as well. The ideal solution is combining the right type and amount of online security tools for your particular business requirements and needs. This will ensure that your systems remain protected whilst your company and team operate business as usual.
Your IT support provider can help with providing appropriate recommendations. If you are in the fortunate position of having an IT partner, they can work closely with you to understand how your business works inside and out, before making personalised recommendations for you.
3) Continuous Data Back-up
It is of vital importance that you have a daily automated backup of data and that it is safely and fully secured remotely and not at your business premises. It is critical that a copy of all your data is kept as a fail-safe option. If anything ever goes wrong and your data is corrupted, lost or held to ransom, you can retain a copy of all the data that you need to keep your business functioning as normal.
If you already have an offsite back-up in place, you can minimise your worry. However, it is important to conduct verification on a daily basis to check that it is functioning as it should be.
You’d be surprised to discover how many people leave their back-up unchecked until they need it – only to find that it stopped working properly or the data was corrupted in some way.
4) PPP - Policy, Procedure & Protocol
Develop a policy, procedure/s and protocols that you can follow in the unfortunate event of a data breach or cyber crime. This sounds obvious but a strategy needs to be in place before your business has a problem. Your organisational policy will set out how you will deal with any form of cyber attack or data breach, in order to minimise its negative impacts.
Ensure that your policy is as detailed as possible and include the steps that your employees must perform as a minimum to help keep the business safe, including the use of a password manager and two step factor authentication for your systems.
Every member of staff should have a copy of this policy as part of your company handbook and should be provided with this upon their orientation. This cyber security policy should also be signed off to ensure that every staff member has fully read and acknowledged it and is aware of what steps they need to take and follow.
Your protocol is a written plan that contains the procedures your team must follow in the event of a cyber attack. The procedures you should include are;
- Who to alert in the case of a suspected breach
- What steps should one follow to try to block the attack
- What everyone in the business should do
A procedure should also be followed in the case of lost or stolen devices in order to ensure they can be remotely wiped for peace of mind. Ensure that everything in your PPP is as accurate and detailed as possible so that you and your team know exactly what to do in the event of a cybercrime or online data breach. Your IT support provider can assist you further and help create various cyber policies, protocols, and procedures with you.
5) Bring in the professionals!
If you’re not IT savvy or a computer expert, a lot of this can appear very time consuming, daunting, complex and difficult to understand. We completely understand that, but nonetheless, you should recognise that cyber security is an extremely worthwhile investment for your business. If you feel it is something that is beyond your expertise, it is a smart choice to attain the help of IT experts. A skilled IT support provider or partner is more than willing to assist you in this area.
You should also have someone that continuously monitors and maintains your devices and network, identifies and solves issues before you notice them, as well as ensuring that you are using all the appropriate tools and software to optimise online security & employee productivity. Often, it is unrealistic to have a full-time team employee to do this work for you, with outsourcing being a viable alternative that you can access.
If you don’t currently have a plan or strategy in place to ensure your business is protected from cyber attacks, I hope this article has outlined how vital it is. If you do have a plan in place, it may be an ideal time to revisit it and make certain that it is still effective in this constantly evolving world of cyber crime and security.