Recently there has been a lot of news about cyber-crime. The Office of National Statistics reported that around 1.9 million crimes are cyber-related.
While it often seems inapplicable to small business the reality is that cyber-crime is indiscriminate.
In the longer-term some organisations will not survive being hit. If you have a connection to the Internet, and particularly for banking transactions, or processing client’s details, you are top of the risk list.
While there is no infallible way to eliminate that risk, there are several steps to ensure that you’re in a better position for both prevention and recovery from attack. In this article, we advise businesses to consider the full range of options.
How to be resilient
Prevention requires a combination of awareness and the right technology.
Most attacks come from well-disguised email attachments. You should have a policy in place covering cyber-security and employees should be reminded regularly of the threats. Even vigilance, though, isn’t watertight.
There are many simple technology options. Using up-to-date threat-management software is obvious – anti-spam and anti-virus. It should be set to update automatically.
You should review computer hardware and update your Windows and Mac software regularly. Automated updates can seem disruptive but it’s a small price to pay to avoid potential outages.
Use automatic protection
There are a number of other, more specialised, options such as Internet filtering devices, with some that recognise new Web dangers.
One technology which is important both before and after an attack is backup and recovery. Modern backup systems are flexible and reasonably fast. Typically, they’re fully automated, with copies of your files and data both on- and off-premises. Even in the event of unforeseen disaster such as fire or flood you can restore your data at new premises.
Air-IT’s Technical Director, James Healey explains:
If you’re not a technology specialist, the breadth of options for limiting cyber-attack can be really confusing.
Businesses looking for comprehensive protection should consider seeking advice.
Be active before and after attack
Considering the impact of an attack is often overlooked. It’s all too easy to feel confident that preventative measures mean you’re fully covered.
Even with prevention, there’s still a risk of zero-day attack. This is when new computer threats launch so quickly that they successfully attack systems before security experts can identify and patch against them.
Cleaning-up after a cyber-attack is a process that has to be performed several times to prevent a repeat episode. During the clean-up you’re unproductive and consequently losing money.
There is then the time taken for backups to be restored. There may be complications when restoring your files and systems. It can take time and while it does, you’re still losing revenue.
More is at stake than simple financial loss though. While it’s difficult to demonstrate a direct connection between an attack and the long term detriment to a business, the impact can be considerable and far more harmful than the short-term effects.
Safeguard the future of your business
Dealing with the results of an attack can be very costly. Coming at the wrong time it is likely to play havoc on your plans for strategic use of capital.
Damage to your reputation within the business community, bad publicity and the loss of goodwill with clients are all important factors, and difficult to cover.
Insurance can help, and there are policies that cover damages from cyber-attack. There are differences in cover though – exclusions, warranties and conditions can vary greatly. It’s crucial that a company has the correct advice from an experienced Risk Manager to ensure suitable cover is sourced.
DB Wood is a Financial Planning, Investment Management and Risk Advisory business. Risk Manager, Richard Wilson, explains:
The problem with the current situation within the Cyber Insurance market is that all Insurers know and understand the cover that is required by the client, but only very few are prepared to give all of it at an affordable premium cost.
Cheaper contracts offer very little cover in reality because it is human error that will inevitably create a loss for a company, something which is basically excluded from cheaper contracts through limitations under “social engineering”.
Therefore, it is crucial that a company has the correct advice from an experienced and pro-active Risk Manager who will be fully aware of this failing in the market and lead the client to put the widest possible cover in place, which is available with high quality Insurers at more realistic premiums. The difference in cover between a cheap contract and paying a little more is massive and may well save a company from huge losses or worse.
What you should be doing right now
There are ways to protect yourself at all stages of attack, and you should consider the importance and role of technology as well as risk management solutions. Air-IT and DB Wood have all the knowledge and expertise to help you get it right.
Need more information?
If you would like more information about our Managed Security, Backup and Business Continuity services and solutions, please contact us today on 0115 880 0044 and we will be pleased to help and advise you further.