Our society depends completely on technology. It’s how we do our banking, shopping and even how we socialise. Although technology aids our lives, it also opens up opportunities for cyber criminals to lurk in the shadows. Last month’s global cyber-attacks saw WannaCry, a ransomware virus, infect 200,000 machines in 150 countries causing lockdown for the NHS, and numerous businesses. Article by Alphus Hinds, Head, Cyber Risk, Security and Compliance.
Data security is a priority in these turbulent times. In 2018, the EU General Data Protection Regulation (GDPR) will deliver compliance consistency across Europe and the UK irrespective of Brexit. Its introduction will mean that all businesses will need to be legally ready to abide by the new rules – or they’ll face fines and won’t be able to operate. The EU Regulation will protect businesses and consumers, and its impact is currently being considered worldwide.
Why cyber-attacks are particularly dangerous for SMEs
The UK is far more vulnerable than we should presume to know. Research from the Government’s Cyber Security Breaches Survey shows that 46 per cent of businesses have been stung by cyber breaches in the last year and 72 per cent of these came from fraudulent, phishing emails, guised as trusted banks and suppliers. This is particularly risky for SMEs who often lack the specialist skills, infrastructure and funding to make cyber security a priority.
In addition, fraudulent invoices are also a growing threat. Research conducted by Tungsten Network has revealed that invoice fraud costs the business community £9billion a year. In the study of 1,000 companies, nearly half of all businesses (47 per cent) reported receiving fraudulent or suspicious invoices in the last year and tactics have included viruses embedded in attachments, unknown invoices attached to an email or sent by post, false changes to bank details, and sending duplicate invoices.
SMEs can often underestimate the cost that a breach could have to them. With research from Experian concluding that 54 per cent of SMEs view fraud as the single biggest threat, why is it that we are not doing more? After all, ignoring the problem could be costly. 95 per cent of consumers said they’d take legal action if their personal data was breached, according to the Experian study. This could lead to bankruptcy for small businesses unable to absorb the legal fees.
Online security should start in-house. Companies need to educate employees at all levels about its dangers. The Cyber Security Breaches Survey revealed that a mere 20 per cent of employees have received cyber training in the last year. To help educate businesses, the government has outlined basic security actions that companies should take, one of which urges companies to set up secure home and mobile networking which enables companies to cut out foreign threats, protecting data in transit and rest.
Trust between companies and suppliers should also come into question. How do companies know that their suppliers aren’t using corrupted software? Or have viruses embedded in their system? Vetting alien software and payment services is pivotal if we are to clamp down on data protection.
To tackle cybercrime, a change must come from within and businesses must recognise that the government can only do so much. Education is vital on all levels and in-house security teams need to be created. Simple steps such as firewalls, secure VPN systems and training will make the difference between a broke or booming business. It’s something we take seriously at Tungsten, as we work with the payment data of more than 200,000 businesses across the world. Having invested in accreditations like the ISO27001 and specialist IT security training, it sends a message to staff that this is something of most importance.
Cyber security threats aren’t going away and as our industry faces new challenges, criminals will continue to find new ways to breach trust. Ignoring cyber security can have huge consequences but there is growing support out there to help small businesses stay strong in the face of these threats.