Sloppy security makes businesses an easy target for criminal hackers yet too many are blinkered to the real and constant risk that hardcore hackers pose to their operations.
In today’s ever-changing digital landscape, creating and maintaining a security-conscious culture within an organisation is vital, according to Austen Clark, managing director of Aberdeenshire-based Clark IT.
Practical user training and awareness sessions of the threats and how they can be mitigated against, can help organisations in keeping systems and data safe.
A recent study published by Hiscox insurers revealed that 47% of small businesses – those with less than 50 employees – have been hit by a cyber attack in the last year, with 63% of medium businesses, employing between 50 and 249, also claiming to have fallen victim. In all, 55% of UK firms reported a cyber attack in 2019, up by 40% on the previous year.
Despite the sharp increase in the volume of attacks, the number of firms making preparations against such incidents has fallen in the past year. Nearly three quarters of businesses were considered unprepared for a cyber attack, after failing a cyber readiness test, the report stated.
Businesses must take heed – and take appropriate action – to stay safe online and avoid being a soft touch for hardened hackers, Austen has warned.
Austen said: “Cyber attacks are on the rise and hackers are getting smarter, more sophisticated and more successful but what is particularly concerning is the fact that too many businesses believe that they are not at risk.
“That’s simply not the case. Whether you’re a sole trader or a multinational corporation, cybersecurity is an essential part of modern business life.
“When hackers hit large companies, smaller businesses may have felt less susceptible but there really is no place to hide. Fail to have adequate security guards in place and you could be the next victim, it’s that simple.
“If you are unaware of IT security issues, if you don’t have robust policies, and deliver training and awareness, it could be just a matter of time before your business is compromised. Organisations need to invest to ensure that they stay safe, as failure to do so could prove costly, both financially but also in terms of cost to reputation.
“It may seem ironic, most cyber-attacks aren’t sophisticated at all – they’re opportunistic, with hackers looking for exploitable gaps and vulnerabilities.
“So, the value of the human element in IT security can never be underestimated and anyone that uses a PC, laptop, tablet or phone in connection with their work has a responsibility for security.”
The workplace security culture should start at the very beginning of an employee’s journey and be a core part of any new staff induction checklist.
For an existing workforce, it can be promoted through training, regular updates at team meetings and by carrying out audits and making IT security part of their working responsibilities.
To maintain a healthy security conscious culture in the workplace, training courses raise staff awareness of the type of threats and security issues affecting companies today.
Austen added: “Good training courses are a sound investment as they educate staff on what to look out for in an ever-changing digital landscape, looking at the number and type of threats and security issues affecting companies today, often at modest cost.
“Prevention is better than cure and staff vigilance, found among a well-trained and supported workforce, goes a long way to warding off disaster.
“Technology has a shelf life, it needs updates and maintenance, and failing to do that risks being exposed to hacks, malware infections or ransomware attacks to name but a few.
“Most software has a lifecycle. Software engineers are tasked to manage and maintain this during its lifespan and when it reaches End Of Life (EOL), engineers move onto new versions which in turn leaves older unsupported software vulnerable.
“The growth in applications and data being migrated to cloud-enabled services means that cloud security and protection is big news too. Cloud services, by their very design, are accepted as a reliable means of distributing technology. Cloud Application Security Broker (CASB) services manage and secure applications in the cloud.
“There are opportunities to introduce security and additional protection to cloud-based services securing online applications through backup and encryption, along with Multi Factor Authentication, which adds further layers to security.”
The Hiscox cyber survey published last month showed the size of losses related to attacks has gone up sharply and average losses were given as £283,000.
For more information on Clark IT visit www.clark-it.com