Cyber attacks on the increase
From malicious or criminal attacks, human error or system glitches, to personal details being sold online, data loss has serious consequences and companies in the UK aren't immune from attacks.
Some recent high profile data breaches affecting companies in the UK include:
- Tesco Bank (2016) - the consumer finance wing of the British supermarket giant froze its online operations after 40,000 accounts had been compromised. As many as 20,000 customers had money stolen from their accounts.
- Moonpig (2015) - a software flaw in the firm's Android app let a researcher access the records of any Moonpig account holder he tried, in theory compromising a total of 3,000,000 people. This was a significant breach as it involved a mobile app rather than the more common website breach.
- Morrison's Supermarket (2014) - an employee of the supermarket published details of the firm's entire 100,000 workforce database online. , 100,000 employees in all. Inside events are particularly feared because they abuse privileged access that is hard to lock down. Some employees later launched legal action against Morrison's.
If you're an SME you may be thinking that only blue-chip companies and their customers are at risk. Right? Wrong.
Since 2012, an increasing number of cyber thieves have been targeting small businesses, viewing them as ‘easy targets’. Due to the increasing number of data breaches, larger companies have ramped up their security, but SMEs are failing to do the same. Recent Government statistics show that 60% of small businesses have suffered a cyber-security breach in the past year. To put it into context, cyber-attacks are costing British industry a staggering £34bn a year and these costs are likely to rise if the breaches aren't resolved quickly and successfully.
RSA one the UK's leading insurers, carried out some research, indicating that many businesses are more likely to take out cover when the threat becomes real to them. When questioned, 53 per cent of those with some form of cyber insurance cover had experienced an attack or know of someone who has had an attack. They also found that age is a determining factor when considering the need for cyber cover. The figures reveal that while 37 per cent of 18 to 34-year-old business owners surveyed have considered cyber cover, only 9 per cent of those over 55 have done the same. The type of business also has an influence on whether SMEs would take out cyber insurance. Just 17 per cent of professional or legal services SMEs have considered taking out this insurance, and ironically just 30 per cent of those in IT or computing.
“Smaller businesses can find it harder than large ones to repair the damage if their data is compromised, and financial repercussions will often hit them harder,” says Joe Siegrist, vice president and general manager at LastPass. “We’re likely to see an increase in cyber attacks on SMEs before we see a decrease, because many businesses need to improve their cyber security."
25th May 2018
On this day, the General Data Protection Regulation (GDPR) will come into force. This will increase users' control over their personal data and strengthen data protection policies. Businesses that do not meet these rules will have to either pay sanctions of up to around £16.8 million (€20 million), or 4% of their global annual turnover, whichever is higher. Any regulation the UK implements post Brexit will most likely be along similar lines to the GDPR if personal data is to move freely between the UK and the EU.
So what practical steps can your business take to reduce the risk of a breach?
- Training – educate your staff in how to securely use the company’s systems and recognise potential breaches.
- Manage and monitor IT systems and networks – control the access of staff, limit the number of privileged users, monitor activity and log and analyse unusual activity.
- Keep your systems updated – securing ‘patch’ software to automatically update programs to fix security vulnerabilities and carry out regular scans.
- Monitor removable media – limit access to removable media including memory sticks and scan them before uploading data to company software.
- Establish anti-malware protection – scan for malware across the business.
- Protect your networks – implement network security controls to protect networks from internal and external attacks.
- Create a disaster recovery plan – produce and test plans to ensure the business is prepared in the event of an incident.
It's imperative that everyone in your business buys into these steps It could prove critically important for the life of the business, as well as its customers and employees.
HM Government has established Cyber Essentials which aims to help companies protect themselves against common cyber-attacks. UK businesses can apply for certification under this scheme and thereby prove they comply with standards of cyber security that businesses should be adopting.
Artemis Insurance Brokers can arrange cyber insurance which covers the losses relating to damage to, or loss of information from, IT systems and networks. Policies generally include significant assistance with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.
RICHARD J. CLIFFE - Sales & Marketing Manager
☏ 020 8619 5000