Once again, cybersecurity is in the news. As the pandemic forced more of us to move services and operations online, cyber criminals sensed an opportunity.
The figures are alarming. In just four months of the pandemic, the Suspicious Email Reporting Service set up by the National Cyber Security Centre (NCSC) received 2.3 million reports. Globally, data breaches exposed 36 billion records in the first half of 2020. The average cost of a ransomware attack on businesses runs into tens of thousands of pounds.
The risk of security attacks for small and medium sized businesses cannot be overstated. Research carried out before the pandemic, which is likely to underestimate the current problem, showed that 47% of small businesses and 63% of medium sized organisations reported one or more cyber security incidents in 2019. A third of UK small businesses say they have experienced an increase in cyber attacks since the start of the pandemic.
And the results of a cyberattack can be catastrophic. In a recent poll of SME leaders, nearly a quarter said that dealing with the average cost of a cyberattack could put them out of business.
New threats in cybersecurity
Cybercrime comes in different shapes and sizes, but cybercriminals have leapt on the pandemic to launch a wave of phishing and spear phishing attacks on unsuspecting businesses and members of the public. In fact, HMRC detected a 73% rise in email phishing attacks in the first six months of Covid lockdowns.
These new phishing attacks have played on Covid-related fears, with malicious emails disguised as legitimate correspondence from the NHS, the government or the company trying to deliver your online shopping. Businesses have also faced phishing scams purporting to come from government agencies and banks.
The sheer weight of phishing attacks means that, inevitably, some get through. However good we think we are at detecting fraudulent emails, guards can slip. According to Verizon, 94% of malware arrives on a computer via email. Phishing attacks lead to more than 80% of reported security incidents, including the leak of sensitive information.
Nobody expects cyber attacks to reduce as the pandemic eases. Online criminals will simply shift their focus to the next opportunity.
The cost of cybercrime
As we’ve seen, the costs of a data breach can be huge, with many SME leaders convinced a successful security attack would put them out of business.
The immediate financial loss from disruption to operations and trading is only the tip of the iceberg. GDPR penalties can amount to 5% of your entire years’ income, if lax security was found to be responsible for allowing criminals to steal sensitive data. In addition, the blow to your reputation among customers and suppliers is hard to quantify but impossible to overstate.
In other words, cybersecurity is not an area to scrimp on in the short term. A small amount of money spent now could save you from business-threatening losses in future.
The basics of cybersecurity
So what can you do to limit the risk of your business falling prey to cyber attack? Encouragingly, basic cybersecurity protocols can go a long way to protecting your organisation.
A good place to start is the government’s NCSC site, which contains plenty of useful articles and guides, like their 10 Steps to Cyber Security. Start by researching and implementing policies on creating strong passwords and two factor authentication. If you allow employees to use personal devices for work, put policies in place to make sure they do so safely.
And cyber security training is essential, especially if staff are working from home, far from the watchful eye of your IT team. Staff awareness sessions are important, alongside regular reminders of the five key ways to identify a fraudulent email:
Check where the email came from
If it comes from a public email domain, like Gmail, Yahoo or Hotmail, be suspicious. In most legitimate cases, the email domain (the bit after @) will match the name of the organisation sending it.
Check the domain name spelling
Sometimes hackers try to trick us into clicking on an email by making the domain name similar to the real name, but it won’t be quite the same. A misspelt domain name, or one with a random number or character in it, should set alarm bells ringing.
Phishing emails are often poorly written, and few legitimate organisations would send emails littered with spelling errors and grammatical mistakes. Look out for grammatical errors especially. Non-English speaking scammers will spell check words, but can’t filter out illogically written sentences.
Don’t open links
If you’re not confident the email is from a legitimate contact, don’t click on a link. It’s clicking the link that can lead to malware being installed. Even if it is from someone you know, if you’re not expecting the attachment check with them first before you open it.
Scammers know that if you stop to think about an email too long, you probably won’t fall for the fraud. So they create a sense of urgency, by – for example – targeting employees with emails that purport to be from the boss. If an email demands you do something straight away, check before you do it.
How Mooncomputers can help
For many SMEs, security is a headache they could do without, taking senior staff away from other, more productive, tasks. If you’re worried about the security of your digital services and data, speak to an expert.
At Mooncomputers we offer a cost-effective managed security service that means you can leave the worries to us. We’re specialists in cybersecurity, and we’ll monitor your network for unauthorised access, misuse or modification, and make sure your security is always updated and fit for purpose.
Whether you’re looking for a web security solution for remote workers, secure internal networks or email security, Mooncomputers has the answer. Get in touch to find out more.