Cybercrime is evidently on the rise and there are some very important measures you and your business should take to protect yourselves. Cyber-security is the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. Having anti-virus software installed is just one of the means to defend against malicious attacks, but it could also be one step behind the hackers. A quick look on this page
from Kaspersky, one of the world`s top providers of IT security software, which shows - in real time - attacks that are detected around the globe every second. When visualised in this way, the magnitude of the problem is quite astounding.
Cybercrime in Business
Cyber-attacks can be extremely costly to a business, especially where they lead to a data breach. According to the Ponemon Institute`s Cost of Data Breaches Study, in 2017 the average cost to an organisation was reported to be $7.35 million in the USA and $3.10 million in the UK. Those figures may not include the final cost of the Equifax breach in 2017, which is estimated to run to over $600 million. The personal data of over 145 million people was stolen in the Equifax hack, primarily Americans, but also some Canadians and British citizens. It was the largest single data breach reported in 2017 - but certainly not the only one. Costs can also be incurred by the individuals, businesses, insurance companies, banks and financial institutions that deal with the aftermath of their hacked personal data and the fraudulent use of it.
With GDPR (General Data Protection Regulations) coming into effect in Europe and the UK in May 2018, the cost of data breaches may soar, where reporting of breaches will become mandatory and fines for noncompliance with the regulations - even at the lower level - could be up to $10 million or 2% of the worldwide annual revenue of the prior financial year. For many organisations, this could be catastrophic.
So, cyber-security is something every organisation and individual should take extremely seriously. If you hold a large amount of personal data, there is even more reason to ensure the data is well protected and your company is cyber secure, but even if you hold personal data on one EU or UK citizen the rules of GDPR still apply and you need to ensure that you can prove you have taken steps to secure, protect, correctly store and when appropriate properly destroy any applicable personal data.
Mitigating risks allows you to understand what exactly the dangers are and how they get into your businesses framework; the top sources of data breaches (according to K-Cura.com) are as follows:
- Around 30% occur due to hacking or malware - electronic entry to your system by an outside party
- Around 22% are due to lost or stolen devices such as laptops, tablets and mobile phones
- Another 18% are due to unintended disclosure of sensitive information, eg; posting on social media or accidentally sending to the wrong third party
- Approximately 10% due to physically lost or stolen non-electronic records eg; paper files
- Worryingly, 10% are due to an intentional breach by someone with legitimate access
- The remaining 10% are due to lost, stolen or discarded hardware such as servers and computers, credit card fraud and other means, sometimes never known.
Over 90% of cyber-attacks start with a phishing email. Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in an email or another communication channel, such as Skype, and uses phishing emails or messages to distribute malicious links or attachments. These links may contain malware (malicious software) which can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission. One type of malware is ransomware which prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid.
More modern ransomware, collectively categorized as crypto-ransomware, encrypts files on infected systems and attempts to force users to pay the ransom through certain online payment methods to get a decrypt key. As you can tell from the above, your people are both your highest source of risk and your best line of defence. Just one of your employees clicking a link in a phishing email can lead to your organisation losing data, being unable to perform your usual daily business or having critical documents destroyed - and you could face blackmail too, as well as fines for a data breach. Fortunately though, there are a host of sensible measures you can take to help prevent such an attack.