A large proportion of businesses have now ditched paper for a more digitally dedicated working environment. Companies have essentially moved all of their resources from the traditional methods onto servers and networks. As one of the fastest growing industries, the tech sector is perpetually developing new systems and processes while also inadvertently opening up its doors to the dangers that lurk with untested innovations.
All businesses are susceptible to attacks at any time of day, no matter what security measures they have in place. Whether it's a large corporation with millions of pounds worth of data at stake, or smaller companies with only a few employees, if you have an internet connection, you're open to a cyberattack.
Companies are more prepared for a flood or a fire in the workplace than they are a cyberattack, and the prospect of one of those happening is far less likely. But because it isn't a physical occurrence, companies simply dismiss the possibility of it happening to them. With the help of Red Mosquito, an IT services provider, we uncover some of the most common threats and the ways in which to prevent them from happening.
Phishing
One of the most common forms of cyberattacks is phishing emails. These are the spoof emails that are sent with the intention to take money from their victims. This online scam usually comes in the form of someone pretending to be from a legitimate company and asks you for sensitive information on banking or passwords for accounts. Due to the nature of their appearance, many people overlook the validity of these emails, as usually a link will take you to what looks like the website you use often, but is actually a fake website made to look like the real thing. The information you type into this false front is saved to the attacker's system for them to make use of later.
Naturally one of the main things you can do to counteract a phishing attempt is to not click on the link in the email. If you are unsure as to whether or not it is a legitimate request, leave the email message and open up a browser window yourself. Type the website into your browser manually and log into the real website and check that way, ensuring a secure connection.
Alternatively, installing a software or a webtool that automatically detects malicious websites for you so you know if the website it's pointing towards is legitimate or not, will give you another option when it comes to internet safety.
There are some easy checks you can do yourself to ensure a website or link you've clicked is secure too. Take a look at the URL bar at the top of your browser, and look out for:
- A padlock symbol to the left of the website address
- 'https' at the start of the website address
These are both signs that the website you're visiting is secure, and that the information you type into the website (such as passwords) is private.
Ransomware
Made globally known as a result of the WannaCry attack in 2017 which cost the NHS £92m, ransomware is a type of malware that infects a computer and blocks access to its data and files. The ransomware then demands the user pays a fee to the attacker to regain access to their files and data. This can be installed onto a computer as a result of clicking through a phishing email, which takes you to a URL which begins downloading the virus.
Insider threats
Are your staff the weakest link in the defensive chain? One of the most common cyber-threats to businesses comes from within the companies themselves. Humans make mistakes, and some of these are more costly than others. In the large WannaCry ransom attack, human error was one of the main causes of the attack, with many of the computers using out of date systems which ultimately led to the virus spreading at rapid speed.
According to an industry report by Shred-it, 47% of business leaders cited human error, such as accidental loss of a device or document by an employee, as the cause of a data breach at their organisation. Careless or uninformed staff are the second most likely cause of a serious security breach according to recent data, with 46% of cybersecurity incidents being attributed to human error.
GDPR
Although not in the same category as security attacks, breaching GDPR rules is a technological threat that could land you with a heavy fine. Since it passed legislation in 2018, it has changed the way businesses store, process and secure sensitive data that belongs to their EU customers and shareholders.
Remember Facebook being fined £500,000 for the Cambridge Analytica scandal? Well this was before the new GDPR restrictions came into force. British Airways and the Marriott hotel chain are among some of the more infamous victims of the fines, with the Information Commissioner's Office (ICO) having the power to fine a company 4% of their annual turnover. These factors are of course affected by the severity of the breach, as well as the level of cooperation between the company and the ICO. Had British Airways not cooperated to the level that they did, as opposed to the 1.5% fine that they received, the 4% would've landed them a £489m hole in their pockets. So, with this in mind, Facebook could have faced a fine of up to £1.4bn for their misdeeds had they been found to have breached the rules just a few months later.
Ensuring your staff are clued up on GDPR goes without saying but implementing refresher courses bi-annually to your workforce will not only help new staff coming through the doors, but also long-serving ones too that may be a little rusty on their tech security.