As part of our ongoing series of weekly features, and following on from our article this week on how businesses can recover from a cyber-attack, we asked our our expert panel;
What Can Business do to Enhance their Online Security?
Our panel's thoughts can be found below, but if you would like to contribute to this feature, or any of our future features, please contact [email protected]
Leanna Davies | Senior Portfolio Executive
“The wide range of cyber-attacks over the last 12 months has highlighted the critical importance of cybersecurity. Google and McAfee estimate there are 2,000 cyber-attacks every day around the world, costing the global economy about £300bn ($460bn) a year. But what threats exist for businesses of all shapes and sizes in Wales and what can businesses do to ensure their business is fully protected?
“The 2017 Cyber Security Attack Survey published by the UK government revealed that 46% of UK businesses had faced a cyber-attack within the last 12 months. If you are a business owner, the reality is that you will face cyber-security threats, but your ability to withstand an attack is dependent on how prepared you are. The good news is that there are steps you can take to protect yourself:
- “Understand your business and your risks. Questions to ask include whether your team use strong passwords and different passwords for each system? Do you back up your data and how do you know if you have an intruder trying to steal it? If you sell online, how secure is your site? Do you have the right support contracts in place to get you back up and running quickly if the worst should happen? Are your firewall, anti-malware and encryption packages up to date? Finally, do you hold any personal data and if you do, can you demonstrate that you have the right technology and organisational measures in place to secure it?
- “Be informed. Keep up to date with the latest trends in cyber-security and where the emerging threats are. The tactics used by cyber criminals change regularly, becoming increasingly sophisticated. The National Cyber Security Centre is an excellent source of information.
- “Consider Cyber Essentials. This standard is aimed at small businesses and is designed to be simple but effective. The cost of accreditation is low and can be valuable as competitive advantage when bidding on new contracts. https://www.cyberessentials.ncsc.gov.uk/”
To learn more about identifying and preventing cyber-crime to protect your business, join the Development Bank of Wales at their ‘Cyber Essentials’ events in association with Thomas Carroll and Santander in Cardiff on 5 September and Swansea on 20 September.
For more information visit: https://developmentbank.wales/news-and-events or email [email protected] to RSVP a place
Karen Thomas | Head of Corporate Banking
Barclays has stepped up its mission to educate customers, including SMEs, about the growing risks of fraud and cybercrime, investing over £18 million during the past 24 months on its national Digisafe campaign, which has already engaged five million people. The bank has also prevented over £857 million of potential fraud and scams (more than £35 per customer) in the last year.
We’re on a mission to educate all small businesses of the growing risk of cybercrime and fraud.
The staggering cost of these crimes can stop a small business from investing in new jobs, training or equipment, in turn boosting local economies.
Fraudsters are targeting hard-working entrepreneurs, in some cases impersonating suppliers and staff, intercepting emails and sending fake invoices.
However, the good news is that the vast majority of fraud against businesses can be easily prevented. Simple steps to increase security, such as having strong passwords and increased staff awareness, can all help combat fraud.”
Simple top tips to help SMEs combat the risk of fraud and cybercrime :
- Strong defence: The best way to keep attackers out is a strong password. It's much harder for fraudsters if you use lower and upper case letters, along with numbers and symbols
- Don’t be complacent: Protect your computers with anti-virus software, as well as a good firewall, and keep software updated regularly. Delete unsolicited emails with links and attachments as these could allow fraudsters to infect your device
- Trust your gut: If something feels wrong speak up and check it. Don’t assume a call, text, email or invoice is genuine, fraudsters can sound convincing. Always check requests using known contact details and never move funds to a ‘safe account;’ even if the request appears to have come from your bank or CEO
- Pay by the rules: Have a clear procedure for making payments in your firm. Always check email requests to make payments or to change payment instructions by calling a trusted number, not by return email. Unexpected calls, particularly from fraudsters claiming to be from telecoms providers and retailers are on the rise – so make sure you stay alert
- Team talk: Every team is only as strong as your weakest link. Boost tactical knowledge and share guidance with your team. Find out more on the Barclays fraud awareness site
Steve Perkins | Business Adviser
Securing your online business relies on process as much as technology.
Be prepared and have a recovery plan
Information that you hold about your own business and your valuable customers is critical, plan for all eventualities and have a strategy for what happens if the worst case scenario occurs. Business Continuity plans keep companies trading.
Staying up to date is essential
Keep your Anti-virus software, firewalls, etc. up to date and use cloud based software services. Cloud based software applications are a great option for managing your costs. You don’t need to worry about regular software updates, it’s all done for you.
Backup your data
The most cost effective, secure and reliable way of making sure your business data is available 24×7 is to choose a cloud based storage and backup solution.
Use a human firewall
A large proportion of information security breaches come from inside businesses, rather than outside hacking & phishing. Ensure you have policies and procedures with your staff to manage the security of your business and your customer data.
ISO standards. If you’re tendering for business, ISO9001 and ISO27001 will go a long way to helping you develop a quality and information security policy that will show your customers you’re committed to delivering a quality service.
For more info about digital technology and online security visit the Superfast Business Wales website
Risc IT Solutions
Jeremy Keane | MD at Risc IT Solutions
Data security is critical for all businesses.
Here are my top tips to stay secure:
- Use strong passwords – You could have all the security measures in the world but if your passwords are weak, it’s all in vain.
- Have a secure firewall – Think of this as a security guard for your network – it keeps the bad guys out.
- Install antivirus – Antivirus will prevent infections in your network.
- Patch regularly – Patches fix vulnerabilities in software, making them less susceptible to attack.
- Secure portable devices – Encryption, password protection and remote wiping will protect all types of mobile devices.
- Backup – Storing a copy of your data in the Cloud means you can pick up where you left off if you lose your data.
- Educate your staff – Teach them that links can be malicious, that surfing the web has dangers, and what to look out for.
Jody Tranter | Head of Kaplan Altior
Online security is increasingly a concern across all industries, especially legal (as recently highlighted by the Solicitors Regulation Authority) due to its significant impact upon businesses. Cybercrime comes in many guises including email modification, phishing/vishing, CEO fraud and identity theft.
To manage these cyber risks, businesses need to invest in more than technology. They also need to educate their teams, highlighting examples of cyber fraud and best practice procedures to help them identify, investigate and prevent breaches of this kind and remain compliant. Internal teams can be the most effective asset in identifying security threats. Yet often we’ll see firms enrolling just one member of staff onto a fraud course with cybersecurity topics, such as a Certified Fraud Examiner course, in the belief it will minimise risk to the firm. This is a great first step however, to truly have an impact, enhance security and manage risk, fraud prevention techniques need to be embedded throughout the whole business.
Simon Ahearne | Managing Director
Cyber security is an industry that is increasingly adopting emerging and powerful technology, with artificial intelligence (AI) seeking to provide a defence against the fast-growing threat of cyber attacks on businesses.
AI involves the use of machines carrying out human-like tasks through deep learning, adjusting to new inputs and language processing. The technology also involves large data processing and subsequent analysis of data for trends and patterns, in which a behaviour is programmed to react to certain patterns. AI technologies include self-driving cars, chess-playing computers and marketing analytics.
The use of AI software in this sector is becoming increasingly achievable and implementable. In principle, the use of AI could help save firms billions in cyberattack damage, as well as relieving responsibilities from the current human taskforce responsible for cyber security maintenance.
Indeed, the use of AI may also combat the increasing and unsustainable demand on IT professionals. A survey by Spiceworks found that knowledge workers like IT professionals worked on average 52 hours a week. That’s a whopping 12 hours beyond what the average professional works, and an overworked cyber security team can be detrimental. It can reduce productivity and make it difficult to respond to threats appropriately, efficiently and effectively.
Ultimately, AI could be used to automatically identify malicious software behaviour or potential attacks. The introduction of AI in cyber security will increase the speed and efficiency of identifying threats by searching and identifying security trends. In addition to this, AI can mine through a significantly larger amount of web data.”
Paul Lyons | MD of Designweb
WordPress is the most commonly used application for developing websites with.
Here is our advice for keeping your WordPress website secure and avoiding hacking disasters, that could lead to sensitive data being compromised.
- Use a quality host
- Switch your site to HTTPS
- Create secure login credentials
- Enable two factor authentication
- Enable a web application firewall
- Keep your WordPress version up to date
- Keep your plugins up to date and choose them carefully
- Configure your file permissions
- Authorise new users and track admin activity
- Backup your site regularly.
For assistance with any of the above, please contact us at [email protected] or call 01745 508588.
Dr Debbie Garside | CEO
The big companies like Google and McAfee like bandying around scary statistics because it suits their particular business message. However, if we take a deeper dive into these statistics we can see that the actual likelihood of your business suffering a cyber-attack is a fraction of a percentage in real terms with most of these avoided if you just install updates on your devices in a timely manner. There are some shocking statistics around relating to installing patches and updates. I recently came across a statistic that stated that up to 64% of people never install updates on their mobile phone for instance. If we look at the effects of Wannacry, a ransomware attack that cost the NHS millions, this was only successful because organisations had not installed software updates and patches when prompted.
So my advice is to make sure your organisation implements an update policy across devices and software applications in a timely manner. Stay safe, stay secure!
Adrian Coles | Relationship Director Corporate and Commercial Coverage, South East Wales
Cyber crime is becoming a more aggressive form of fraud that is affecting an increasing number of businesses. As a bank we have invested significantly in our online banking security, however it is important businesses take simple, preventive measures so that they are their staff are vigilant to any unscrupulous actions. This includes frequent password changing – typically every 30 to 45 days – and never sharing this information; using up-to-date, accredited software protection to defend from malware and investing in an in-house or external IT team; and considering a suitable cyber insurance policy. The latter is becoming more of a necessity and something we are supporting businesses with.
Chris Heirene | IT Manager
We see evidence on a monthly basis of increasingly sophisticated and targeted phishing attacks by criminals using LinkedIn, Companies House and other public sources to craft attacks designed to fool our systems and people. Within the pensions industry, scammers are creating websites and companies designed to trick members into giving over their lifetime savings. While there isn’t a single solution that businesses can implement to prevent themselves falling foul of cyber criminals, there are simple steps that can help. Tagging emails that arrive from outside the business can be effective at assisting your staff with detecting these attacks.
Many businesses are looking to the Cloud to streamline and expand their IT offering, but without adequate protection, the only thing between your clients’ data and an attacker is a single password. Wherever you can, look to implement two-factor authentication as this could be the difference between a major breach and a minor incident.