Last year was the busiest year ever for cyber attacks against UK firms, with a 20% surge in hacking attempts, according to internet service provider Beaming – equivalent to one every 46 seconds. There is no cyber security silver bullet, but some data breaches can be avoided by educating employees on what to look for. There is no substitute for good cyber hygiene, but by creating a cyber-aware culture and adopting the right approach, organisations can establish a sound defence. Defending an organisation from cyber threats doesn’t need to be complex, costly or confusing, as the following five steps demonstrate.
Education and awareness training Phishing email scams are still one of the most common cyber attacks. These appear as emails from trustworthy sources, such as banks, government agencies, customers, etc, and are intended to trick employees into enabling access to company systems and accounts. This happens when the emails are opened and the reader clicks an unsafe link or downloads some malicious software.
Employee cyber security awareness training helps to identify the techniques phishers use in emails. If an employee does accidentally click a phishing link or enter details into a website, avoid apportioning blame. Instead, instil a culture that encourages reporting attacks and have a clear process that advises what steps to take.
Recognise your risks A risk assessment of business processes and systems is vital to understanding what data you have, its value and how a breach can impact the business. For example, what would be the impact on your brand, customer loyalty and cashflow if you or your customers could not access your systems for days or weeks due to a ransomware attack? This is where software from cyber criminals infects your computers and displays messages demanding a fee be paid before your systems will work again.
Regular reviews will keep you on track, help prioritise the risks most dangerous to the business and show how risks interact.
Develop a framework The key to ensuring data is protected is to document and implement policies and processes. Collectively, these form a guide for employees, detailing how data should be collected, processed and stored and what to do in the event of a data breach or an information security incident. This guidance should include back-up processes and how to recover lost data when adversity strikes to resume business as usual without delay.
Adopt a system to guide you Many organisations lack the resources to hire the dedicated expertise required to manage their cyber defences, policies and processes. Cyber Essentials [imagesmag.uk/Cyber-Essentials] is a government- and industry-backed certification scheme which provides guidance. It highlights five technical actions to deflect many cyber attacks. Adopt an online information security management system (ISMS) that incorporates basic cyber security principles and Cyber Essentials. It will pinpoint the areas your organisation should focus on and continue to guide you as threats evolve.
Get cyber insurance Having cyber defences makes your business a tougher target to attack, but does not guarantee safety online. The real expense of a cyber attack is not just the financial damage suffered or the cost of remediation, a data breach can also inflict untold reputational damage.
Cyber insurance can provide a layer of protection when an organisation is faced with the fallout from an attack. Look for an insurance policy that will cover the full cost of remediation activities, loss of business and legal costs from litigation.
As Cyber Essentials states, attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your house door to see if it’s unlocked. Make yourself a tougher target and it is more likely attackers will move on.
An ISMS that operates on a monthly subscription model with a clear fee structure and no hidden support costs will provide a cost-effective cyber security framework. (For example, for less than the cost of a daily cup of coffee, CySure provides a solution designed to help businesses manage the people, processes and policy required to stay cyber secure.)
As more business is conducted online, it is vital to be well-prepared as the consequences of a cyber attack could cost garment decorators dearly as more orders are taken online and suppliers become further integrated into your systems. The good news is that help is readily available.
Guy Lloyd is a director of CySure, a cyber security company founded by experts with extensive experience in operational and risk management. The company’s flagship solution – Virtual Online Security Officer (VOSO) – is an information security management system that incorporates GDPR, US NIST and UK CE cyber security standards.