As a business, the law requires you to keep and maintain extensive records on health and safety in your workplace. Accident reports, personal details and procedures; these details and records need to be stored securely and protected so as not to be left vulnerable to security attacks.
From May 2018, the new EU Data Protection Regulation (GDPR) comes into force. This regulation requires all businesses to demonstrate greater accountability and planning for their cyber security processes. Larger fines will be implemented for businesses that do not meet the necessary requirements.
Per the latest statistics released by cyber security firm Symantec, more than half of spear fishing attacks – carried out using fake emails, carried out in December 2015 were against SME’s. Unfortunately, a lot of companies do not think that an attack will take place on their business, they are small and insignificant. However, this is the exact reason that SME’s are more likely to be a target. Cyber security takes a back seat with smaller businesses and so the criminals know exactly how to exploit their vulnerabilities.
There are several simple steps that you can take to reduce cyber risks, your passwords are the easiest place to start, people tend to choose one or two passwords and stick to them. It is a better idea to choose passwords that consist of three random words. Install antivirus and malware software on all company devices, this will protect you from most attacks on your system. Training and educating staff on cyber security can alert them to threats and to ensure they know what to look for.
There are certain major threats to SME’s that you should make yourself familiar with;
Ransomware – A piece of malicious software, typically received via a phishing email, encrypts all the data on the company’s network, with the senders demanding a ransom to provide the decryption key.
Hack attack – A hacker exploits a vulnerable area in the company’s software to gain access to personal details, such as client payment/card details. These can then be used to damage people’s financial information.
Denial of service attack – Website servers are bombarded with data to bring the network down. This is a relatively easy attack to carry out and it is cheap, with some tools costing £25 per hour.
Human error – Typically people are the weakest link in any security chain and a vast number of data breaches are the result of information being lost or mistakenly handed out by employees.
CEO fraud – Where a criminal, poses as a member of senior management within a company, either by hacking or replicating their email account, and persuades someone with financial authority to transfer a payment to an account.