Cybercrime is one of the biggest challenges facing businesses today. In 2017 there were 159,700 cyberattacks reported worldwide, exposing more than seven billion data records. These included the headline-grabbing attack on the credit evaluation agency Equifax, where hackers exploited a vulnerability in their application framework, gaining access to personal data belonging to 146 million people around the world.
Whether your organisation is large or small, cybercriminals do not discriminate. For example, research from the Ponemon Institute shows that 61% of SMEs experienced a cyberattack in 2017. As the head of an organisation, you have a responsibility to your customers and your staff to make sure you are as insulated as possible against cyberattacks. So what are the steps you can take to prepare your business and ensure that your employees play their part?
1 – Be Mindful of the Threats
Before you can start to safeguard against cyberattacks, it’s essential to know the many ways in which cybercriminals can target your organisation. Some of the most popular include:
- Remote attacks designed to bring down your business’ website or IT system
- Attempts to steal customer or employee data
- Ransomware – a remote attack that freezes your IT system until you pay the ‘ransom’
- Theft of IT equipment
- Using your staff to get into your system, unwittingly via phishing or wittingly by co-opting them
Cybercriminals are developing new ways to target businesses all the time. It’s important to stay up-to-date with their methods. Once you’ve done that, only then can you begin to manage the risks.
2 – Preparation is Key
Planning is essential in the battle against cyberattacks. Start with an assessment of how you are you currently dealing with cybersecurity. Firstly, I=is it fit for purpose?
Every company will deal with the risk of cyberattacks differently, but a good place to start is an audit of your current IT equipment, systems and software:
- Ensure all the operating systems and software are up-to-date
- Apply two-factor authentication to all your computers and software, where employees receive a one-time code sent to their phone when they log in
- Make sure all your WiFi systems are secure
Other safeguards include checking your company policy regarding taking IT equipment off company premises. How much valuable data is being let out into the world? You should also consider taking out insurance against cybercrime.
3 – Educate Your Employees
Unfortunately, a company’s weak link is its people.
A study by IBM found that 95% of cyberattacks preyed on human error in some way. Most of these were honest mistakes, but they were still disastrous for the company involved. As an employer, you must create a culture where everyone is always vigilant against cyberattacks.
Make sure your staff are educated on the risks involved with cybercrime. Train them to be better at spotting phishing emails, to not click on emails or attachments that appear suspicious. Ensure they use passwords that are not easy to guess. Make sure they do not use their own external devices such as USB sticks on company computers.
As a company leader, all the precautions you take involving cybersecurity are worthless if one employee makes a mistake. Don’t let it happen to you.
4 – If the Worst Happens, Respond Quickly
If your company is victim to a cyberattack, you need to deal with it in the right way. Firstly, for data breaches, the new GDPR law requires you to report it to the Information Commissioner’s Office (ICO). Do not think you can sweep a cyberattack under the virtual carpet.
Next, do whatever needs to be done to preserve the integrity of your system which includes:
- Finding the intruder
- Investigating their activities
- Containing the security breach
If your existing IT team cannot do it, bring in a specialist cybercrime incident response team. If you are insured against cybercrime, your insurance company can assist you with this.
Once the crisis has been averted, assess what went wrong and how your company policies can be tightened up to stop it happening again.
Cybercrime never sleeps. It is always developing. As a result, safeguarding against cyberattacks is an ongoing process. When you are budgeting for the future, make sure to take your cybercrime policies into account. In 2018, companies worldwide will spend an estimated $96.3 billion on security products and services.
As technology progresses, with mobile devices, Internet of Things (IoT), Artificial Intelligence (AI) and more becoming commonplace, the risks from cyberattacks will only grow. Protecting your company starts at the top. Don’t be caught out.
Director, Hampleton Partners
Henrik is a highly-experienced CIO, having worked at the most senior levels internationally in both the private and public sector. His experience runs from Navision, now Microsoft Business Solutions, to the Danish Ministry of Finance, where he lead the entire horizontal government IT complex. He then headed up SAS Institute’s Information Management Division out of Copenhagen, working with early Big Data and Advanced Analytics Technologies. Henrik has been based in Silicon Valley since 2012, founding eCommerce and international business development companies. He is also the co-author of Return of the Vikings: Nordic Leadership in Times of Extreme Change.