Worried about cyber security? You’re not alone.
A survey of 2,000 business leaders from 140 countries, by the World Economic Forum (WEF), found that cyber-attacks are the biggest concern for businesses in Europe, Asia and North America.
Meanwhile, a study by insurance provider Hiscox found that the proportion of UK companies reporting a cyber-attack had risen to 55 per cent in 2019 (from 40 per cent the previous year).
As cyber criminals develop ever-more sophisticated methods for attacking businesses, you might wonder if there’s any way to see an attack coming. But the good news is that there are steps you can take to protect your business – particularly if you know the signs to look out for.
In this article we’ll look at eight signs your business could be at risk from cyber-attacks, along with strategies you can use to protect your business.
But first let’s bust a couple of myths about cyber-security:
Myth 1: My business isn’t big enough to worry about cyber-crime
Many business owners fail to protect their business from cyber-crime because they believe they are not a target. It’s natural to think that it’s the large multi-billion-dollar businesses that are the biggest target for cyber criminals, but the truth is, regardless of the size of your business, you could be at risk from cyber-attacks.
Small and medium-sized businesses are often easy pickings for cyber criminals. While big companies can invest millions in cyber-security, smaller companies don’t have the same levels of protection. So, although hackers might love the notoriety that comes from attacking a well-known company, it’s much easier for them to attack smaller businesses. Regardless of the size of your business, it’s essential to have a cyber-security strategy in place.
In a survey commissioned by the UK Government’s Department for Digital, Culture, Media & Sport it was found that 60 per cent of medium firms and 31 per cent of small businesses have identified cyber-security breaches or attacks.
Myth 2: We’ve got virus protection and a firewall, so we don’t need to worry
Cyber criminals are always developing new tactics and protecting your company is not as straightforward as putting virus protection on your devices or installing a firewall. Instead, you need a constantly evolving cyber-security strategy to keep you safe.
Equally, you might think that you don’t need to worry about cyber-attacks because you have an IT department who will make you aware of any threats. But even with an IT department or IT support company, you can still be at risk. But by knowing the signs to look for, you can put processes in place to help avoid a cyber-attack.
Let’s look at the eight signs your business may be at risk from cyber-attacks:
1. You’re using an old operating system
Your operating system, such as Windows, is the software responsible for managing all the hardware and software on your computers. It also comes with security features to keep your systems healthy and protected. But to work efficiently, you need to be using a recent operating system – not one that is several years old.
What operating system are you currently using? Is it up-to-date, or are you simply sticking with the system that was installed when you first purchased your laptops or desktops? Running an old operating system means you’re likely to be missing out on the latest security features, updates and patches developed to protect you from attacks.
Old operating systems can increase your exposure to cyber risk. This is because as the software ages, the provider stops providing support and updates for that particular version. For example, Microsoft is phasing out updates for Windows 7 and from January 2020, support for Windows 7 will stop completely. It’s predicted that criminals will begin targeting businesses who are still using Windows 7 more aggressively once this support ends.
2. Your staff use their own devices for work purposes
Allowing staff to use their own devices at work has many benefits. There are the obvious cost savings but employees also like the fact that they can work from their preferred device and can work more flexibly.
But allowing staff to use their own devices comes with a number of risks.
When staff use their own devices, it is more difficult for you to keep track of what operating systems and security protection they have in place. In addition, you can quickly lose track of how confidential data is being stored or accessed.
An employee could unwittingly download malicious software onto their device, giving cyber criminals a route into your systems. It’s also impossible to keep track of who has access to the device outside the workplace – could a friend, or relative access information on a device once it’s left the office, for example? And what happens when the employee leaves the company? Can you be sure they’ve removed everything connected to your business from their device?
So, while allowing employees to use their own devices can bring a host of benefits, it’s important to manage the process with documentation and training in place to help staff work safely.
3. Your anti-virus software is out-of-date
As malware and viruses are constantly evolving, it’s important to keep your anti-virus software up-to-date. Talk to your IT support provider to ensure you’re using the very latest protection, helping you keep one step ahead of the criminals.
4. Your data is not backed up properly
If you fail to back up company data regularly, you are increasing the risk of damage caused by a cyber-attack.
A robust back-up process is a great defence from ransomware attacks (where cyber criminals demand payment after blocking access to your data). If you’ve backed up your files, you know you’ll be able to recover the files. If you haven’t, you might feel you have no option other than to pay the criminals to reinstate your data.
A good back up process not only protects you from cyber-attacks but also from fires, flooding and equipment failure.
5. You have no cyber-security policies
Do you have a cyber-security policy in place? Have your staff been trained in how to keep your business safe from attacks? If not, you are dramatically increasing the risk of falling victim to cyber-crime. That’s because human error is one of the biggest factors in cyber-attacks. You can have virus protection and firewalls in place but that won’t always stop the damage caused if an employee clicks on a malicious link or opens an infected attachment.
Do your staff always create secure passwords – or do they create simple ones they can remember easily? One way to boost cyber protection in your business is by introducing two-factor authentication rather than relying on simple passwords alone. Do your staff know how to store customer data correctly? Make sure you have a cyber-security policy in place that all staff are familiar with. Make cyber safety a key part of your induction process and continue to provide ongoing cyber-security training for all staff.
6. You have no cyber security strategy
If you don’t have a cyber security strategy or have one that’s several years old, chances are you’re also failing to protect your business effectively.
It can be difficult to make cyber security a priority when you have pressing matters that need addressing. But if you keep putting it off, the day will come when the worst happens and your business grinds to a halt. So, take the time to create a robust cyber-security strategy and begin with a security health check throughout your entire business.
One cyber-security strategy you can put in place straightaway is ‘dark web monitoring’. This is a particularly effective defence against cyber criminals, even if you do not realise your details have been stolen. Dark web monitoring scans the dark web securely and alerts you if your details have been stolen and are now for sale on the dark web. You can then take immediate action to protect your business before damage is done.
7. You have a high staff turnover
If your business has a high staff turnover, this can increase the risk of cyber-attacks.
You may find you’re training new employees as quickly as possible and so skip cyber-security during their induction. If employees are on a part-time, or short-term contract, you might not go through the usual processes that you would with a long-term employee – instead taking short cuts so they can get to work more quickly.
It also becomes harder to keep track of devices, access, passwords as staff regularly join and leave the business.
Do you have a clear process when people leave the business – to ensure that they can no longer access sensitive information or gain access to your systems?
Cyber-attacks aren’t exclusively committed by full-time cyber criminals – a disgruntled ex-employee could create a huge amount of damage if they still have access to your systems.
8. You’ve noticed systems getting slower
Feel like your systems are grinding to a halt? If your internet connection is constantly dropping in and out or things just aren’t working efficiently, it could be a sign that you’re under attack from a DoS (denial of service) attack.
If things don’t seem quite right or are running more slowly than usual, take action. As you can see, there are lots of signs that your business could be at risk from a cyber-attack. So, don’t wait for the worst to happen before you take action. It’s much easier and more cost effective to prevent an attack than to try recover from an attack. Talk to your IT support provider to get a clear idea of what protection you already have in place and what more you may need to do to give your business the protection it needs.
- Discover more information about our IT support services
- If you’re thinking about switching from your current IT support provider get in touch here, or give us a call on 020 7101 0544.
- Want to learn more about what the right IT support looks like? Check out this article on how to choose the best IT Support provider for your business.