Cyber Security Or Cyber Crime: Which Do You Want?

Cyber security is something that is rather quite important and conversely, cyber crime is really quite frightening. But why is your accountant telling you about it? #JVaccountants #cybersecurity

Well, the answer is that failing to get your cyber security right could mean the end of your business! Some bits of cyber security really are that important. The problem could be that criminals damage your business.  Equally, it could be that the fines and penalties for letting criminals damage your business are what puts you out of business!

In the UK, the TalkTalk cyber attack of 2015 cost the phone company around ￡60m and led to the loss of over 100,000 customers; even though it only affected 4% of their customers. What would it cost you?

The first point to make is that if you would like a copy of a 208 point checklist to help you to manage this yourself then email your request in or call me on 0333 335 0422 and I can send it to you. This list has been prepared for Bedfordshire Police and covers quite a few of the important bases!

Cyber security starts with physical security! You can have all the passwords in the world, but if someone can wander in and get into your filing cabinets, or remove a hard drive then you have still failed!

Do you have access control to your offices and systems, physical access and electronic access? Is this subject to regular review and if it is electronic is it updated as necessary? Does your access control system watch over which employees or contractors have access to your system and its information?

A cyber attack on JD Weatherspoons in 2015 stole over 600,000 customer records, including some bank details. This information was put up for sale before the company even knew they had been attacked!   Make sure you have a detection system as part of your access control.

"The UK Government is taking cyber security very importantly!"   

So importantly are the government taking it that they have worked with the private sector to bring in two certifications for businesses to record how well they are doing ... and you can't do business with the government unless you have the minimum certification.

If you or your organisation are interested in being certified, then contact your local police force's cyber security adviser. Yes, your local police force will have a cyber security adviser!

A report published in May 2016 showed that 2/3rd of large businesses had suffered a cyber-crime attack in the last year with some suffering attacks every month. Bearing in mind that bigger businesses will generally be better equipped to respond to this challenge, it is more than a little surprising to find that only half of these businesses had taken the recommended steps and actions to deal with their security flaws.

"What is the pain of getting it wrong?"

The government's 2014 cyber-crime report showed that the average cost, for big businesses, was between ￡600,000 and ￡1.5m. Huge costs that can be minimised by taking reasonable steps.

Some of these costs will be because you need to repair your IT infrastructure and replace various items of hardware, but it is also the digital infrastructure that will need to be repaired. Software that will need to be repaired or replaced. Firewalls and anti-virus or malware that will need to be purchased.

There is also the cost of business interruption, 15% of American businesses who suffered cyber crime also experienced disruption to their business.

"What is a ransom attack?"

Well, the answer is in the question! A 2016 report from one of the online security firms showed a big rise in the number of attacks using ransomware. This is software that locks you out of your own programs or data by encrypting it and demanding a cash ransom before they send you the encryption key!   The author is aware of very small businesses being targeted with ransomeware attacks - because they are easy pickings!

With the rise of electronic gadgets (the Internet of Things) and the fact that many devices aren't protected with electronic anti-virus, this is likely to become more prevalent. One example in the report is of hospitals being targeted and the Bluetooth link between their network and other devices being exploited.

"What do they steal?

A lot of criminals are after data in the form of stuff they can sell on. So they are looking to access records on your employees and customers, but this is also how industrial espionage is conducted so they are looking for your intellectual property as well.

In terms of how criminals get in, a 2015 American report came up with the statistics that:

• 30% exploit your data

• 29% exploit your IT system

• 23% exploit a particular application

• 21% exploit your network

• 20% exploit removable storage

This is an issue you can't ignore!

If you run a business then you need to make sure you are aware of this and doing the simple and basic things to keep your business safe. We can help with information and to signpost you to specific advisers so do call me.