Laura Rutledge explains why now is as good a time as any to take a step back and evaluate your cyber security policy...
With a new year just starting off, it is important to set goals and milestones early to make sure that the appropriate steps will be made towards achieving them.
Although this job is mostly related to profit and productivity objectives, it doesn't only pertain to them. It is now time to take a step back and consider setting the bar higher in crucial fields that might be going unnoticed in your company: cybersecurity, for example.
Online fraud most common crime in UK – and costly for businesses, too
Online fraud is much more costly for British companies and their clients than one might imagine – and certainly much more widespread. In 2017, it was widely reported that almost 50% of all crime in the UK was cyber-related, with one in ten individuals falling prey to online scams.
In fact, online fraud has reached the top and become the nation’s most common crime – yet almost 80% of all fraud crime does not get reported to the appropriate authorities, increasing the potential for recurrence. So making sure that there are appropriate procedures in place within the corporate environment for online fraud to be suitably reported is crucial for combating it.
Cybercrime affects all types and sizes of businesses – and arguably, not enough is being done by authorities to battle it. The National Audit Office found that online fraud is still a very low priority for the police force, even though it reached £2m in 2016.
Government statistics indicate that in the 12 months leading up to April 2017, almost half of all British companies experienced a cyber security incident, with the average damages for large enterprises reaching roughly £20,000 – and for particular businesses, amounting to millions.
Why training employees against phishing matters
The government’s same Cyber Security Breaches Survey 2017 further found that companies storing their clients’ electronic personal data saw an increased likelihood of being targeted by hackers than businesses that do not hold such data – in fact, the respective figures were 51% in contrast to 37%.
The Survey also stresses that the most common tools employed by hackers were scam emails, leaving malware and viruses behind. Phishing is a very common type of social engineering attack that tricks the victim into opening an email or text message, or instant message, containing a malicious link. After the user clicks on the link, the attacker is able to access and steal personal data, including login credentials and financial information such as credit card numbers.
Companies looking to improve their employees’ reflexes against phishing attacks should implement two-factor authentication (2FA) strategies, which include an extra verification layer when logging in to sensitive applications, as well as raising awareness with training sessions and making sure that employees use secure passwords and change them frequently.
Action Fraud, the National Fraud and Cyber Crime Reporting Centre, reported that 23% of people will open phishing emails that they receive – and from then on, it can take less than 90 seconds for a hacker to gain access to what they need.
A sound cyber security policy and incident response plan should be among top priorities for all types of businesses, as cyber crime soars – and could help protect your company from devastating financial losses in case of a breach.