The importance of cyber security
What do Easy Jet, T Mobile and Honda have in common? They have all been subject to cyber-attacks during or just before the Coronavirus pandemic.
And, it’s not just the big companies that are at risk, cyber criminals are also targeting SMEs. A study at the University of Maryland found there is a hacker attack on average every 39 seconds. With many people still working from home and others now returning to offices and factories, the threat of being hacked is very real.
Types of cyber threats
There are hundreds of different ways that criminals can try to hack your business. However, some of the most common to look out for are:
· Phishing emails are where hackers try to con you by sending you an email from a company or individual known to you. Their aim is usually to get you to click on a link, which takes you to page where they will ask for personal or account information. If you’re not expecting an email from someone that contains a request to click on a link, it is always worth calling them to see if the email is legitimate.
· Ransomware is a type of malicious software designed to deny access to a computer system or data until a ransom is paid. Attachments are often sent in phishing emails, asking you to download the file; once downloaded, the hackers take over the victim’s machine.
· Man-in-the-middle (MitM) or hijack attacks are like a virtual eavesdropping. A hacker will intercept communications between two parties; they then send or alter communications from one person to another, so both parties believe them to be genuine exchanges. For example, you could be sending account details to a client for them to make a payment but, in a MitM attack, a hacker would interrupt this and send the customer their account details for them to pay the money into.
· Denial-of-Service (DoS) attacks shut networks or websites down, so that the users that need to access the site cannot do so. Hackers do this by flooding the system with traffic or by sending information that crashes it. They can cost businesses time and money to sort out, and in some instances, hackers may try to extort a company for money to get the system back up and running.
Cyber and working from home
A study by OpenVPN revealed that 90% of IT professionals believe remote workers are not secure. This could be because environments are not controlled when employees are using their own WiFi connections, as they don’t have the security of office-based networks. They may also be using their own personal devices to access work files or information instead of ones that are set up with company policies and security.
If you haven’t already, you might want to think about implementing a Virtual Private Network (VPN) server for your business; they provide a secure connection between your employees’ computer and company files and drives. What this then does is prevents criminals from spying on or hacking into any messages, documents or data.
Cyber and returning to work
If you’re opening your doors once more, now that Government guidelines are allowing businesses to start up again, it is wise to do a thorough scan and check of your networks and devices. If your system hasn’t been monitored regularly while your premises were shut, hackers could have compromised it or breeched your people’s or company’s passwords, simply lying in wait for you to return to instigate a ransomware or DoS attack.
Get cyber cover
According to RSA, 52% of businesses think they have cyber cover, but in reality less than 10% actually do. During these unprecedented times, criminals have seen this as a window of opportunity, making companies more vulnerable than ever before. As your broker, we want to help you, your people and business stay protected at all times. Just as you would insure your building and machinery, it’s equally vital that you have cyber insurance.
Our top tips to staying cyber safe
· Avoid clicking webpage links in any emails that relate to the coronavirus. Report these to your IT team and go to the relevant website independently.
· Make sure your password hasn’t already been breached and encourage your staff to do the same. You can check your password using this link: haveibeenpwned.com/passwords
· Only visit trusted websites, don’t visit sites from businesses you’ve never heard of. Check the spelling of website names or, better still, access them via your ‘favourites’.
· Be very careful where payments and donations are concerned – if you’re unsure then visit the website directly and only donate to reputable sources.
· Accessing organisational data or your work email from a personal device comes with a high risk. With this in mind, reiterate to your people that using personal devices should be avoided.