Cyber security has long been a concern for businesses. However, two years ago, the pandemic introduced new security challenges with people working from home. While pandemic restrictions have now lifted, many businesses are offering employees a hybrid model, combining office and home working.
A few months ago, the British Chambers of Commerce conducted a survey with the worldwide IT company, Cisco. It found that more than half of the 1,000 companies surveyed believed their exposure to a cyber attack had increased due to staff working from home. Yet, 80% of these organisations did not have cyber security accreditations in place.
The dangers of cyber attacks
The survey also found that ‘one in 10 firms have been the victim of a cyber attack in the last year’. While this might initially seem shocking, against the backdrop of so few companies being accredited, it is hardly surprising.
While we don’t know for sure why so many businesses are not protecting themselves, there are a few possibilities that come to mind. They may believe it is:
- Too complicated or difficult to understand
- A problem faced by larger organisations and they’re not at any real risk
- Another task they keep meaning to do but never seem to have the time
- Going to be expensive.
But a cyber attack can be costly for businesses. Not only can it result in downtime, but it can lose you customers, revenue and your reputation. For example, The Works recently had to temporarily close some of its stores due to a cyber attack. It also caused disruption to the resupply of stock and customer deliveries. And, last year, a ransomware attack hit Hackney Borough Council. Consequently, there was a major disruption to services and its IT systems were down for months. Of course, in cases where sensitive data is stolen, the consequences can be even more far-reaching.
But with the shift towards home working here to stay, what can organisations do to protect themselves from a cyber attack?
Protecting your organisation
In 2017, it was thought that businesses could have prevented as much as 80% of the cyber attacks they experienced with very basic measures such as:
Installing the latest software and app updates: when security issues are discovered, updates are usually issued to solve them. Keeping software and apps up to date is a crucial way to keep yourself protected. These days, updates often happen automatically so we don’t think about it. However, these updates only tend to happen when a device is turned off and back on again. Many employees, especially when working from home, will just put the laptop on sleep mode overnight, which prevents the updates from happening.
Stronger passwords: there is still a tendency to use simple passwords so that they are easy to remember. For example, it’s thought that there are now 23 million people worldwide using the password 123456. Strengthening passwords is a cost-free way of protecting your organisation.
There are also a few more simple steps you can take to reduce the likelihood of a cyber attack. These are all relatively straightforward and inexpensive:
Back up data: businesses today are often built on data, for example, customer information, orders and payment details. Without these, a business would struggle to run. Backing up all your data regularly will ensure you are able to quickly recover in the event of something happening. It will also protect you against ransomware attacks.
Staff training: for your cyber-security measures to be effective, your staff need to know and understand the role they play, such as switching computers off and setting strong passwords.
Get accredited: cyber-security accreditation is a government backed scheme called Cyber Essentials, which helps you to protect your organisation against a range of common cyber attacks. Not only does it offer you protection, but it also gives customers reassurance and opens the door to the potential of new business.
What about home working?
Much of this previous advice has been around for a few years. What it doesn’t address is the change in risks due to employees working from home. However, in 2020, the National Cyber Security Service (NCSS) released guidance on how businesses could prepare for home working. This included the following cyber security advice:
Use a VPN: A virtual private network (VPN) encrypts data and allows remote users to access IT resources securely.
Choose SaaS applications carefully: the nature of remote working means it is likely your organisation will increasingly use software as a service (SaaS) applications. To help businesses make wise choices, NCSS provides reviews of the security of many of the most popular SaaS applications.
Ensure devices encrypt data: home and remote working comes with an increased risk of devices being lost or stolen. This can pose serious security risks. Ensuring your employees’ devices encrypt data can help to protect your organisation.
It’s time to protect yourself
Cyber security has been crucial for years, yet many businesses are still not protecting themselves against the most common attacks. For those who have not implemented measures, the increasing popularity of hybrid working patterns poses an even higher risk. But protection does not have to be expensive or complex. With a few simple steps, you can protect your business from a cyber attack, and protect your customers, employees, and reputation at the same time.
If you need support, then the Bedfordshire Chamber of Commerce is here to guide you. Find out more at: www.chamber-business.com
