Businesses of all types, sizes and in all locations are at real risk of a cyber attack at any time. This could be due to security protection and strategies not evolving fast enough to defend against increasingly sophisticated cyber-attacks.
Cyber attacks are increasing
Cybersecurity issues are becoming a struggle for businesses and trends show a significant increase in data breaches and hacks. One of the biggest challenges for small and medium-sized businesses is maintaining a secure IT network whilst expanding.
You may primarily hear about large corporate security breaches, however it is the smaller-scale attacks on small businesses which can have detrimental consequences; 61% of breach victims in 2017 were targeted businesses with under 1,000 employees.
Data breaches by the numbers
Cybersecurity issues are presenting an ever-increasing threat to businesses:
- 71% of cyber-attacks begin with spear-phishing emails
- Around 24,000 malicious mobile apps are blocked every day
- Ransomware attacks are growing more than 350% annually
- Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds
- 38% of malicious file extensions are made up of Microsoft Office formats such as PowerPoint, Word and Excel
- IoT attacks were up by 600% in 2017
- In 2018 there was a 250% increase in spoofing or business email compromise attacks
The cost of data breaches
The average cost to a company of a cyber-data breach has seen a massive increase from $4.9 million in 2017 to $7.5 million in 2018 (US Securities and Exchange Commission). Damage related to cybercrime is projected to hit $6 trillion annually by 2021 according to Cybersecurity Ventures.
The banking and utilities industries continue to have the highest cost of cybercrime. The average cost of a cyber attack on the financial services industry is $18.3 million.
The energy sector has remained fairly untouched and has only seen a small increase of 4%.
The health industry, which is often targeted by cybercriminals, experienced a slight drop in the cost of attacks by 8% in 2018 according to Accenture Security. Unfortunately, this trend is not set to continue as ransomware attacks on the healthcare industry are expected to quadruple by 2020, costing the industry thousands.
How to protect your business against cyber attacks
In reality, there are six steps you should actively follow to protect your business from security breaches and attacks:
Secure your hardware
Loss or theft presents a real threat to company data. Protect all devices with complicated passwords and change these on a regular basis. It is also worth installing a ‘find my device’ software on all laptops, tablets and phones so the equipment can be quickly located if it is stolen.
Encrypt and back up data
For this to be effective you should have two steps in place to prevent physical access to sensitive data and render that data useless if it does get hacked. Password protection is a must to protect data and these should be regularly updated and never shared with others.
You should also encrypt data such as employee information, client information and all business data. After you encrypt the data you should back it up and store it separately. This way if you get locked out of your company’s system by a hacker you will still have access to all your data. Always check that encryption software is activated and updated regularly.
Invest in cyber insurance or liability insurance
Even though the threat of attacks is increasing, it’s easy to forget about it until it happens to you. If your company has an online presence, uses cloud-based software or stores client or company data on digital devices, it is worthwhile getting cyber insurance. Make sure you get adequate coverage to protect you against the worst-case scenario.
Use robust anti-malware and firewall software
In 2017, malware infections accounted for a significant proportion of all cyber-attacks. With ransomware being the biggest threat to small businesses, protecting your business from these threats is vital. It is important to invest in software that is equipped to deal with these viruses. Cyber security threats are evolving at a rapid pace, and it is important to run updates as soon as they become available.
Restrict access or network admin rights
Restricting who has access rights is paramount in minimising the risk of data breaches. Make sure whoever does has up-to-date training on how to safely store and access the information.
Create an incident response plan
In the unfortunate event of a cyber attack or data breach, it is important to have an incident response plan in place. Your plan should cover an attack response, how to eradicate the malicious software quickly and how to limit the information that could be taken. Your business may also be storing your client’s personal information, so you should have a communication plan in place to alert them of the data breach and any steps they can take to minimise their own personal liability.
We will keep your information safe
At Churchill Knight & Associates Ltd, safeguarding your personal information and your businesses information is of paramount importance to us. We have software in place to intercept and mitigate fraudulent attempts to access data and we are aware of the various phishing scams that target contractors and taxpayers.