From one day to the next, there’s a constant flow of online fraud statistics and cybercrime attacks appearing in our news headlines. But what can you do? We explore more.
Nowadays there is an ever present risk of cyber attacks for businesses of all shapes and sizes, and for customers who can mistake fraudulent adverts or emails as a genuine one. The damage done to your business following a security breach could be substantial – not only the costs and time to fix it but also significant reputational damage.
What does cyber security mean for businesses?
From global ransomware attacks that have crippled parts of the NHS computer systems to nasty malware, mostly spread via emails – the risk of being hit by some form of criminal activity is something that cannot be ignored.
The UK government provides cyber security advice and guidance for businesses. It undertook a survey in 2017 which reported that ‘nearly half of all businesses (46%) reported a cyber breach or attack in the past 12 months’ (Cyber Security Breaches Survey 2017, Department for Digital, Culture, Media & Sport).
Let’s take a look of some of the digital systems and security processes which can help prevent your business becoming a victim of fraud:
System backups and network security
Your company’s data should be backed up on a regular basis to a storage device (such as a cloud or server) which isn’t permanently connected to your computer network.
You can increase protection of your networks, including wireless networks, against cyber attacks through the use of firewalls and access lists.
For home and mobile workers, all sensitive data should be encrypted when stored or transmitted online outside of your secure networks.
Every company has a responsibility to protect the personal data it holds about its customer and other stakeholders so system security is of paramount importance. Restricting user access, additional security to extract data and other data management processes should be in place, documented and communicated to all staff. Everyone is responsible for data protection.
Protection is better than a cure is a term that springs to mind. Regular anti-virus software updates can ensure that your company devices are protected with the latest releases from your software or operating system provider. Consider placing restrictions to certain websites to lessen the risk of being exposed to malware and ransomware.
Regular operating system and software updates
Hardware and software manufacturers regularly release patches and security fixes which will help protect your devices from viruses and hackers.
Criminals use emails to spread viruses and other malware quickly and widely. Many email systems can be set up to filter spam and phishing emails. However, there are always a few that manage to get to people’s inboxes.
Employee communications should highlight the importance of checking emails for poor grammar and spelling, or low quality versions of recognisable logos which are common signs of a phishing email, and to not click on suspicious links or files.
Where can I get more advice on cyber security for my business?
The UK government website is a great place to start. The National Cyber Security Centre also provides more detailed guidance on how organisations can protect themselves in cyberspace.
What can we do to help our customers?
You can help customers to choose a strong memorable password which isn’t easy to guess from their personal information. There are tools which indicate if a password is weak or strong, and you can specify that passwords contain a mixture of number, letter and special characters.
Your customers can use an app on their device or a separate random code generator to provide an extra layer of security when logging into their account.
Data security messages
In all customer communications, you need to remind customers of how (email, text) and when you’ll contact them and remind them of what you’ll never ask them, such as password details or requests to send money in advance of a transaction.
Where can our customers find out more information?
Get Safe Online is a jointly-funded initiative between several UK Government departments and some private sector businesses. Their website provides practical advice on how to protect yourself, your devices and your business against fraud, identity theft, viruses and many other issues you can encounter online
It’s important to report it!
Action Fraud is the UK’s national reporting centre for fraud and cybercrime. You should report it if your business or an employee has been scammed, defrauded or experienced cybercrime in England, Wales and Northern Ireland.
If your business is currently suffering a live cyber attack (it’s happening now), you can call 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.