Cyber security has been at the top of the boardroom agenda for a while. As a result, many businesses have efficiently installed the latest email security and anti-virus software to keep cyber criminals at a bay.
However, despite increased efforts, in the last year UK businesses reported a 22 per cent increase in cyber-attacks resulting in a £1bn bill.
Whilst it’s vital to minimise the risk of ‘hacks’ by implementing firewalls and anti-virus software, a large proportion of cyber-attacks succeed due to human error and poor security practices by uninformed employees.
Understandably, employee education is a vital prevention practice, yet there are no guarantees that criminals won’t continue to pursue new avenues. Therefore, it’s also crucial that businesses implement disaster recovery plans.
Recently, there’s also been a surge in email scam, which manifests when fraudsters trick employees with bogus messages from co-workers or clients that, at a quick glance, appear to be legitimate. It only takes one employee to fall victim to the trap, open the email, follow a link or download an attachment that will wipe or encrypt an entire computer network.
Businesses are only as strong as their weakest link. Therefore, to prevent the above scenario, it is important that employees are educated to be vigilant when using email.
Typically we advise our employees to follow these basic practices:
- Name-check the email – sender’s name should appear as in previous correspondence. If you don’t recognise the sender, be cautious of opening the email, let alone clicking attachments or links.
- Review the full email address – this should mirror previous communication as fraudsters often make minor changes such as replacing ‘.co.uk’ with ‘.com’.
- Remember, it’s better to be safe than sorry – if anything is legitimate and you ignore it, someone will always chase you up on it.
- Last but not least, it’s also important to advise employees to be alert when web browsing and avoid clicking on links that appear to be too good to be true – they generally are.
These handy tips should be summarised in your employee handbook. It is also good practice to issue a quarterly reminder to keep cybercrime not only on the boardroom agenda but on every employee’s mind.
As long as human error is involved, no business will ever be invincible to cyber-attacks. However, depending on whether you have a working system backup, an attack could range from minimal damages to complete destruction. A staggering 70 per cent of businesses that don’t backup data close down or never reopen to the same capacity after suffering a cyber-attack.
Following an attack, businesses usually remain out of action for one to three days until it’s identified where the virus originated and the disaster recovery plan is put into operation. To reduce time lost, firms should implement daily or twice-daily backups, meaning that no more than a full day of data is lost.
It is also good practice to keep the backup software off-site so it doesn’t get encrypted when the attack takes place and make sure the system works when necessary by implementing test restores monthly. In addition, it will be worthwhile to carry out a full disaster recovery test across all systems annually.
Ensure your business doesn’t become a cyber crime statistic and contact Simon Turtington at Champion I.T Solutions today on firstname.lastname@example.org or 0161 703 2500.