IT Security: It’s not a technology problem it’s a business problem.

If you’re of the view that technology issues such as cyber security are problems for the IT department, then it’s time to re-assess your opinion. Cyber security is an issue of concern for the entire organisation.

IT might not be your business, but IT runs your business.

When your system goes wrong – be it security breach or malfunction – then your business’ ability to operate can be severely diminished. Leading to potentially devastating costs to revenue, profit, and reputation.

Too often do we encounter business leaders with a false sense of safety; a perception that they are too small, too low profile to suffer an attack. A perception fuelled perhaps by the media’s focus on high-level breaches at major organisations, ignoring the ‘smaller’ breaches that occur on an almost daily basis.

Beyond the Big Headlines

ANO Accounting of London filing for administration after losing all its data in a ransomware attack is unlikely to grab too many headlines, an event that will pass unnoticed in the press. A hacking incident at TalkTalk, on the other hand, jeopardising the personal data of a million customers, makes for big headline news.

But what are the relative effects on both businesses?

Naturally, there’s a cost, both financially and reputationally, to a big global corporation following a breach. But such is the scale and scope of their organisation that these are costs that can be covered with relative ease. A fine, some bad press for a while, possibly a few rolling heads in management. 

That small accountancy, however, have no such buffer. The impact of the data loss is crippling; the consequences for those effected dire. The end of a once-buoyant business, job losses; the ramifications attached to lost client data. 

These are far from isolated incidents. In the week that this article was written, we were contacted by: a recruitment company of 85 employees, an accountancy practice of 20 and a marketing agency of 3. All companies who had never before used our services, all in urgent need of assistance following a cyber-attack.

Attacks that all could have so easily been prevented. 

Smelling Phishy

The recruitment company had suffered a phishing attack, resulting in the deletion of all incoming emails to the affected accounts. Worse still, the perpetrators then used these infected accounts to launch further attacks on the company’s clients. Passing the infection on to cause havoc and real damage to multiple businesses.

Once again, it’s a scenario that offers potentially devastating implications to both finances and client relationships.

Fake Tax Returns, Real Losses

As for the accountancy, they have fallen victim to a case of identity theft; courtesy of key logging software being installed on a number of machines.

The attack?

The attackers were able to hijack the company’s HMRC account, filing bogus tax returns on behalf of their clients, each requesting a rebate.

The result?

HMRC paid the rebates directly into a bank account belonging to the hacker, to the tune of ￡50,000. The accountancy was only alerted to the attack when their clients contacted them requesting the transfer of their ‘tax rebate’.

Creativity Lost

Perhaps the most devastating of all, however, was the small marketing agency; who were hit hard by a crypto virus (often referred to in the media as Ransomware).

Particularly malevolent viruses, Ransomware has the ability to encrypt all files on your computer (PC or Mac), plus any connected accounts such as DropBox, OneDrive, Google Drive or Box. You are effectively blocked from accessing any of your files; with the hackers demanding a ransom before they deign to decrypt your system.

The agency paid the ransom, only for the hackers to withhold the decryption keys; resulting in the loss of years of clients’ work.

Again, while there’s an immediate financial cost, it is in the knock-on effect that the long-term damage can be felt. Loss of client trust, potential irreparable relations; diminished reputation in their sector.

Three different scenarios, one common theme

The reality is that each of these attacks could have been avoided with relative ease using readily available technology and the following of some basic steps.

Ostrich Hunting

You might think that these companies were compromised because they weren’t running antivirus, but they were.

Antivirus is only one of many technologies a business in any industry needs to deploy to maximise the protection of the company, its employees, and its clients from possible attack.

Don’t be fooled into thinking this is technology that’s the sole preserve of ‘big business’. It’s likely, in fact, that some of these protection measures are included within your existing services. While other methods and services tend to cost less than a few pounds a day. A small price to pay for the protection of your entire business.

Mitigating Risk

You may be of the view that it’s just another business risk with which you can live. But ask yourself this: how will your clients’ feel if your inaction leads to their systems being infected, leading to downtime, data loss, or disruption of service?

Cyber-security is more than just protecting your immediate business interest. It’s about helping protect the interest of your clients, their data, your revenue, and your employees.

Do they not have a reasonable expectation that you will have taken precautions to protect them?