Category: cyber security

The Impact of Cyber Attacks on Business

The impact of cyber-attacks can be bruising for a business with both short and long term effects to consider.

A survey of 428 businesses that have suffered cyber-attacks in the previous months.

 

You can see from the statistics above  that the biggest impact reported by businesses that have suffered from cyber-attacks is the provision of new measures to prevent further attacks. This can be costly but is essential to protect against further attacks.

There are the short term issues:-

  • Bringing in expert technical staff to find out how the attack happened
  • Technical expertise needed to start to build defences against further such attacks
  • Extra staff to deal with recovery, communications with customers, legal ramifications etc.
  • Disruption to staff and service to customers

Then there are the long term effects:-

  • Reputation damage
  • Steps needed to restore reputation and customer confidence
  • Share price

It is better to build strong defences against cyber-attacks than simply trust to luck.

It is prudent to have plans in place for how to deal with such attacks as the FBI now say that it’s not a question of whether any organisation will be attacked, but simply when.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

 

Scale of Cyber Crime UK

The City of London Police Commissioner Ian Dyson was a victim of credit card fraud some years ago when criminals used his credit card to pay for a hotel stay and tried to pay for their car insurance with his card.

It is estimated that 5.6 million fraud and cyber-crimes are committed each year, of which only about 10% are reported to the Police.   This does include virus attacks etc. and some things that many people would not expect to report to the Police but that still leaves a lot of crimes that are unreported, but should be reported.

Recent statistics show that of the fraud and cyber-crimes reported, only about 10% are investigated by Police.

A lot of online crime is effectively anonymous and there is little anyone can do to track down and stop the perpetrators.

Prevention can be the most practical method for getting to grips with such crimes – warning and educating  people to have proper security for their online accounts and  to behave with common sense in all dealings online.

However, the Police do have a great deal of success in restricting the actions of the criminals.

Each year, the Police are shutting down several hundred thousand websites, bank accounts and phone lines connected to cyber criminals.

The banks and other financial institutions and payment services have a huge role to play in keeping us safe online and paying recompense to victims when necessary.

The authorities are progressively clamping down on online crime, but are always several steps behind the criminals.

Be careful

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Cyber Sprinters

An exciting new interactive online security resource for 7-11 year olds.

https://www.ncsc.gov.uk/collection/cybersprinters

This is a new government initiative and aims to interest 7 to 11 years olds using a game.

CyberSprinters say the game empowers them to make smart decisions about staying secure online.

The digital game can be played on phone, tablet and desktop, and is supported by a suite of activities to be led by educational practitioners working with 7-11 year olds. Parents and carers can also try the CyberSprinter puzzles with their children at home!

There is also a toolkit of educational resources developed by the NCSC for practitioners that work with children aged 7-11. All of the resources, and the CyberSprinters game, focus around conveying key messages to children and will help them to develop their knowledge, skills and understanding in crucial areas covering passwords, devices and messages.

The game and these resources can be used to support each other or separately. They are designed for use in both formal and non-formal education

If you have children between 7 and 11 , give it a go.

If you have tried the game, let us know what you think.

 

Cyber First

CyberFirst is a programme of opportunities to help young people explore their passion for tech by introducing them to the fast paced world of cyber security.

https://www.ncsc.gov.uk/cyberfirst/overview

CyberFirst covers a broad range of activities: a comprehensive bursary scheme to financially support undergraduates through university and a degree apprenticeship scheme; a girls’ only competition, thousands of free places on CyberFirst courses at UK universities and colleges and our new initiative CyberFirst Schools and Colleges. Each activity is designed to seek out diverse people with potential, offering the support, skills, experience and exposure needed to be the future first line of defence in our CyberFirst world.

CyberFirst say they were setup by the National Cyber Security Centre (NCSC), part of GCHQ to find diverse young– not just programmers but entrepreneurs, public speakers, analysts and more – who’ll become the next generation of cyber security specialists.

Cyberfirst say that their bursary and degree apprenticeship programmes are designed for a new generation of future cyber security professionals. Even if you don’t know how to code yet, these programmes are open to you. The key thing they look for in applicants isn’t genius programming skills – it’s curiosity.

Is this going to be successful?

Nobody knows but it is likely to help some people, but probably not as many as they hope it will reach.

If you’ve signed up for CyberFirst, let us know, by email.

Cybersecurity Best Practice for Entrepreneurs

A post by Lindsey Weiss

At Fightback Ninja Blog, we know that cyber threats are more common than most people think. While many aspiring entrepreneurs think they don’t have to worry about cybersecurity until their businesses really take off, no one is immune to these threats. In fact, hackers often single out small companies because they’re easier to infiltrate. Small businesses tend to lack the sophisticated cybersecurity systems employed by large companies, and cyber criminals have a better shot at success by targeting weak systems. To ensure your new business is safe from cyber threats, we’re here to share a few essential tips!

Understand Your Vulnerability

Why should you care about cybersecurity? A cyber-attack or data breach at your business can lead to significant losses. A cyber-attack can destroy your reputation and erode your customers’ trust in your brand, leading to loss of customers and loss of sales. Beyond this, a cyber-attack can directly result in financial losses arising from theft of financial information, ransomware demands, and website downtime. Not to mention the costs associated with repairing systems and devices as well as the legal consequences that follow a data breach.

Clearly, there’s a lot at stake. Let’s discuss some ways to prevent these losses and ensure your business is safe from threats.

Save Sensitive Email Information in PDFs

Businesses all over the world send countless emails every day, many of which contain sensitive information like financial data that cybercriminals would love to get their hands on. Email security is essential. To reduce the risk that a criminal can exploit information shared in a business email, try to convert emails to PDF files. Keeping sensitive information in your inbox leaves it vulnerable and prone to data loss. By converting emails to PDFs, you can save important information on your local computer and protect documents with passwords to ensure an additional level of security.

Follow Password Best Practices

We all know that it’s important to create strong passwords, but what does this really mean? Small Business Trends explains that password best practices go beyond the creation of strong passwords through a mix of letters, numbers, symbols, and upper and lowercase characters. While this is an important first line of defence against hackers, there’s more you can do. Use two-factor authentication to ensure you have to verify long-in attempts involving your username and password. This will keep criminals out of your accounts, even if they gain access to your log-in information.

Use Reliable Cybersecurity Software

Antivirus software is crucial for protecting your business from threats. TechForce recommends strongly against relying on the software that came with your computer as this is likely designed to protect consumers rather than businesses. Invest in an antivirus solution that offers the level of protection required for your business. Do your research and read online reviews from other entrepreneurs to make sure the software you choose will meet your needs.

Establish a Recovery Plan

Even if you implement strong safeguards to shield your business from cyber attacks, it’s important to establish a recovery plan so you know what to do in a worst-case scenario. The faster you act after an attack, the more you’ll be able to minimize your losses. First and foremost, be sure to maintain regular backups of your business data so you can get back up and running as soon as possible after a data loss event.

Once you establish a reliable backup and data recovery plan, make note of all the other steps you’ll need to take in the event of an attack. For example, plan how you’re going to identify those affected by the breach and notify your customers. You may also want to consider investing in cyber liability insurance to help you recover from a cyber security attack.

If you plan on launching your own business in the near future, take the time to learn about cybersecurity. Implementing good cybersecurity practices like using two-factor authentication, converting emails to password-protected PDF files, and purchasing robust anti-virus software will ensure your business will withstand anything cyber criminals throw at it!

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

4 Common Mistakes – Safeguard Your Business From Cyber Attacks

A post by Carla Lopez

Small and mid-size businesses are primary targets of cyber-attacks as unlike large corporations, they often do not have sophisticated security systems in place. Additionally, by attacking a small/midsize business, hackers can gain access to a large network of data which includes personal information, bank details, and passwords of suppliers, clients, and partners of the business. As reported by GOV.UK, two out of five businesses in the country were impacted by a cyberattack in the last 12 months. To tackle the increased risk of cyberattacks, this post by Fight Back Ninja explores four common security mistakes to avoid and the best practices to safeguard your business.

Mistake 1: Not Having Trained Cybersecurity Professionals

Cybersecurity for your personal device is entirely different compared to a business. While an antivirus plus malware protection software will suffice for your laptop, business machines and servers need multiple layers of security. This can include a firewall, anti-malware software, backup services, data encryption, system monitoring, and more.

As with any important business function, the responsibility of cybersecurity should be delegated to professionals. You can either hire professionals in-house or outsource it to an agency. Hiring multiple professionals can be costly compared to an agency but will make supervision easier. Regardless of your choice, the business will be in much safer hands with the involvement of professionals.

Mistake 2: Not Keeping Software Up To Date

Whether it be third-party software used for marketing, finance, sales-related activities, or the operating system, developers periodically release new versions that should be installed promptly. Updates are often released to patch security bugs and include new features. Using older versions of software exposes you to the risk of cyberattacks. By exploiting security bugs hackers can gain easy access to your data and reduce the chances of detection by the security system.

While hacking a third-party software may not compromise your entire system, hackers can still steal valuable customer and supplier data. To avoid this predicament, enable the option of auto-update for all software. Additionally, periodically check for newer versions of your operating system and ensure it is applied to all machines in the office.

Mistake 3: Not Password Protecting Documents

Daily, various stakeholders of your business will share documents through email, messaging applications, or other online mediums. As mentioned in the previous point, hackers can steal your data by targeting third-party software (including email as well). However, you can safeguard documents with sensitive information by converting them into password-protected documents.

For instance, if you’ve created a PowerPoint regarding the company’s financials, performance, and supplier partnerships, before sharing it digitally, convert your PPT to a PDF that can be password protected. This way only individuals who know the password can view the document.

Oftentimes, only the owner retains the right to make alterations to the PDF, reducing the risk of important documents being tampered with. As a best practice, instruct all employees to always convert documents into password-protected PDFs before sharing.

Mistake 4: Not Having Data Back-Ups

As reported by Data Bacisx, the average remediation cost of a cyberattack in the UK is $840,000. This can include the ransom companies deciding to pay hackers and the costs of rebuilding the business. However, paying the ransom never guarantees that you’ll get your data back. Hackers do not work on goodwill and use ransomware attacks to trap businesses in a vicious system of extorting money. One of the reasons businesses may agree to pay a ransom is because they do not have a backup.

Not having a backup puts your business at grave risk. Along with cyberattacks, natural disasters, server malfunctions, human error, and other foreseen events can lead to data loss, causing major financial damage to a business. Hence, it is important to create a data backup policy on priority. This can include creating a secure server not connected to primary servers used by the business, having a weekly automatic backup schedule, periodically running recovery exercises to check data integrity, and having a recovery plan for cyber attacks.

Avoiding these four mistakes will significantly reduce the threat of cyberattacks, and safeguard the long-term health of your business.

Fightback Ninja Signature