According to IT Governance, September 2021 saw 97 security breaches and cyber threats equating to 91,127,815 million breached records, with many of these breaches caused by unsecured databases. The data compromised included individuals’ names, display names, dates of birth, weight, height, gender, geo-location, and other personally-identifiable information. This takes the year’s security incidents to 996, with 4,132,751,378 records breached. With cyber attackers infiltrating all kinds of businesses, from tradesmen, restaurants and retail, through to eCommerce and hair & beauty salons, there has never been a more important time to keep your company safe, and your staff and customers protected. Because these security breaches were of varying kinds, we’ll now outline the main types that occurred, and then discuss cyber security measures that can help protect your business from these threats.
Cybersecurity Threats That All Industries Must Protect Themselves Against
One thing to note about cyber threats is that they can come from a range of malicious sources, such as: cyberterrorists, industrial spies and hackers, as well as disgruntled employees, business competitors and even organised crime groups. The range of security threats they may use include:
Phishing Attacks – According to GOV.UK’s ‘Cyber Security Breaches Survey 2021’, phishing is the most common type, with 83% of businesses having experienced one this year. Phishing is where you’re lured into giving your username, password, and other personal information to someone who you think you know, or believe you can trust. It can be done by phone or email, and can be pretty convincing.
There are however, some useful tips for spotting phishing scams, such as:
- If you receive emails stating that there are issues with your account from an email address you don’t recognise.
- Emails from a friend’s or colleague’s email address that doesn’t sound right or as if it’s them talking.
- Email addresses that haven’t been verified.
- Attachments that haven’t been checked by your security software or links that seem dodgy.
Cloud Jacking – This is where cloud computing is hacked by a third party. Once they’ve gained unauthorised access to your business’s cloud, they may try to reconfigure it to manipulate confidential information, spy on staff members and company communications, or try to take over the entire system. What’s more, cybercriminals may use this access to create fake memos, instructions and files to trick employees into unsuspecting actions. Employees, believing these instructions and actions are approved by the business, may download the malicious files or follow the fake instructions to the company’s detriment. At its worst, this can result in staff providing cybercriminals with company access, releasing sensitive data, and moving funds into fraudulent accounts.
Network Attacks & Lack Of Endpoint Security – From those who travel for work to professionals working remotely, all can suffer from unsecured network perimeters and endpoint issues. Remote working environments often lack much of the security measures that encompasses a company – such as those related to your computers, phones, tablets, servers, databases and software. When it comes to mobile devices especially, they can be subjected to phishing schemes, as fast-paced communications and interactions can make staff more likely to click on links without thinking. Ensuring that all business communications are carried out safely should be a top priority for all companies – regardless of where they take place.
Cyber attacks from within your own company can be a shock to the system, but in actuality, affect 34% of businesses worldwide. These network attackers may be acting intentionally to harm the company or by accident, out of complete ignorance or due to negligence. On the plus side, there are highly-advanced tools to detect and combat insider threats – uncovering unauthorised logins, app installation and new devices on restricted networks. Providing cyber security training is always a safe bet too – ensuring mistakes are an unlikely event.
Cyber Threat Guidance That Can Help Keep Your Business Safe
According to the National Cyber Security Centre, there are 10 steps to cyber security, which are:
- Risk management: Take a risk-based approach to securing your data and systems.
- Engagement and training: Collaboratively build security that works for people in your organisation.
- Asset management: Know what data and systems you have and what business needs they support.
- Architecture and configuration: Design, build, maintain and manage systems securely.
- Vulnerability management: Keep your systems protected throughout their lifecycle.
- Identity and access management: Control who and what can access your systems and data.
- Data security: Protect data where it is vulnerable.
- Logging and monitoring: Design your systems to be able to detect and investigate incidents.
- Incident management: Plan your response to cyber incidents in advance.
- Supply chain security: Collaborate with your suppliers and partners.
As part of this, you can:
- Install antivirus software across devices.
- Ensure the browsers you use are safe, trusted and secured.
- Regularly back up your data, personal information and client details.
- Testing the strengths and weaknesses of your network security and acting accordingly for improvements.
From restaurants, hotels and fashion boutiques through to eCommerce sites and tradesmen, your business is not immune to the threats of cyber risks and the damage they can cause. Businesses large and small are attacked daily, and it’s up to you to secure and protect your business’ future for your team, clients and stakeholders. Along with following the 10 steps above, taking out a cyber insurance policy can provide support and financial assistance to help get your business back up and running if your company should suffer an attack. Cyber policies can provide cover for data breaches, cyber extortion, hacker damage and more. For your cyber insurance quote, please click here, or call our team on 0161 968 2030.