Business cybersecurity
Cybersecurity: Why it's important for your business
Cybersecurity is a catch-all term referring to the technologies and processes designed to protect your IT, digital systems, and customer data from attack. No organisation can say they’re 100% safe. But if you get cybersecurity right, you’ll greatly reduce the risk of a successful attack.
Some of the most common types of cyber-attack include:
- DDoS: Distributed Denial of Service attacks are designed to overwhelm your systems with online traffic, rendering key systems such as the website inoperable. These can be launched in order to extort money from victim organisations, or as a distraction, while another attack takes place. They also prevent legitimate customers from connecting to the service offered.
- Ransomware: A type of malware that encrypts all your corporate files then demands a ransom be paid so they can be decrypted. Unfortunately, many firms don’t get their files back even if they pay up.
- Phishing: A popular way of stealing log-ins or spreading malware. Phishing attacks usually arrive in the form of spoofed emails designed to trick the user into clicking.
- Vishing: The fraudulent practice of making phone calls or leaving voice messages pretending to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.
- Smishing (SMS phishing): A type of phishing attack where mobile phone users receive text messages containing a website hyperlink, which, if clicked would download a virus to the mobile phone.
- Pharming: The fraudulent practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.
- Password Attacks: When an attacker tries to access your network by cracking your password, usually with a piece of software specifically designed to obtain people’s passwords. Login details should be changed regularly and not shared across multiple platforms – it pays to avoid using common phrases as these can be easier to guess!
FAQs
If your business is hit by a cyberattack you’ll need to pay for investigation and clean-up of the attack itself, then fork out for possible regulatory fines and legal costs. On top of this, you may suffer long-term lost business as customers go elsewhere.
Small businesses may think they fly under the radar of hackers, but the reality is much different. Cyber-criminals often prefer to target what they see as the “low-hanging fruit” — smaller companies that may not be well protected.
It’s not all about protecting your systems from an attack. It’s about the data that can be breached as well. If you hold important and personal customer information and fail to stop an attack, then you may face a fine, along with a serious dent to your reputation as a company.
The good news is that by taking a series of best practice steps, you can enhance cybersecurity for your business.
- Regular patching: Ensure you’re always on the latest Operating System (Windows, iOS, macOS, Linux, Android) and any other software you use. If you’re on Windows 7, you should make sure to update.
- Multi-factor authentication (MFA): This should be switched on/implemented for all your online services and corporate accounts. Adding an extra layer of security means that hackers would find it a lot more difficult to get in. At Zempler Bank, our online login process includes two-step authentication using the Zempler Bank app or a physical Code Key.
- DDoS Protection: If you use your company web site for e-commerce or other business essential services which you can’t do without for a prolonged period, you should invest in a DDoS protection service.
- AV everywhere: Make sure you have anti-virus/anti-malware from a reputable vendor, at the network, endpoint, server and web/email gateway layers.
- User training: Ensure your employees know how to spot phishing emails and other security dangers. They can form a great first line of defence. See our tips for spotting a scam email.
- Back-up: Keep copies of your data off-site, regularly updated, so that if you suffer a cyber-attack with data loss (ransomware), it will have limited impact.
- Plan ahead: Develop an incident response plan (also known as a play book) with key members of your company so you know exactly what to do if the worst happens.
- Password policy: Create a process for regular password checks. As we mentioned earlier, passwords should be changed frequently and be complex enough so that no one will be able to second-guess them (of course make sure that they’re memorable as well).
The government’s Cyber Essentials scheme is a good place to start and can show customers and suppliers you take cybersecurity seriously. The NCSC has also released some useful advice here.