An Introduction to Cyber Security Risks and Responsibilities
Cyber security is a hugely important concern for businesses of all sizes. In 2016, the National Crime Agency recorded over 2.46 million cyber attacks, and official government sources indicate that approximately one in four large companies have suffered from a major breach over the past 13 months.
The average cost of these attacks is thought to be around £65,000 - £115,000 per breach, but the cost in overall consumer confidence is almost impossible to measure, and it’s important to point out that a great many companies also see slowed growth in the aftermath of a cyber security attack. Data stolen during breaches also robs small, and medium sized businesses of the assets that they need to compete with their rivals, and in extreme cases, supply hardened criminals with a steady stream of credit card information.
As a result, it is essential that businesses of all sizes do everything they can to protect important data from harm, irrespective of whether the danger is posed by malicious hackers, automated spyware, phishing scammers or accident-prone employees.
What is Cyber Security?
The core function of almost all cyber security measures is to guard hardware, software and data against everything from unauthorized access to malicious attacks and even accidental damage. Most cyber security measures are preventative, and work to discourage attackers by closing off commonly-exploited loopholes. Others seek to help members of staff safeguard valuable resources, or mitigate the chances of information being accidently leaked to hackers/scammers.
As such, the majority of cyber security measures need to be implemented long before an attack occurs, and often function best if rolled out as part of a comprehensive cyber security plan, designed to insulate your business from a range of common dangers at once.
Implementing a company-wide cyber security plan is the government's top recommendation for all businesses, and official statistics suggest that up to 97% of last year’s attacks could have been avoided if current best practices were observed by all businesses.
What are Your Cyber Security Responsibilities?
Effective cyber security is more than just a benefit to your business; it’s also a responsibility. Data breaches can put customer and company information in the hands of malicious hackers, or provide the data needed for credit card fraud and other, more costly crimes that damage the economy as a whole.
Over the past three years, an increasingly large number of cyber security experts have come forward to publically stress the importance of safeguarding the data that customers give to businesses of all sizes. The National Crime Agency have also been keen to point out that CEOs must help security organisations to tackle cyber crime of all shapes and sizes, otherwise law enforcement agencies will be unable to keep up with increasingly sophisticated cyber criminals.
What Basic Cyber Security Measures Can You Take?
Depending on the nature of your enterprise, cyber security can become extremely complex, and larger organisations will have wide ranging methods to ensure that their entire information system is protected as best as possible. That said, there are a variety of basic measures that virtually all businesses should take, including:
- Controlling access to sensitive data, and vital resources
- Creating secure passwords that cannot be guessed, or hacked via common brute-force methods
- Preventing malicious viruses, including Trojans and key loggers, from infecting critical systems
- Identifying fraudulent phishing emails, and removing them before they can do damage
- Preventing unauthorised access to business premises
- Ensuring that all information passed to printers and other devices is properly encrypted, and fully secure
- Ensuring that a proper mobile working policy is in place, so that data is not exposed by remote workers
- Ensuring that sensitive and important information, including business plans, confidential strategy documents and important documents are properly backed up
It’s important to note that it is almost impossible to prevent all risks from happening. Cyber crime is something that even the most effective cyber security departments will struggle with. Your task is simply to reduce that risk as much as possible.
Cyber security training is available from Virtual College. Our Introduction to Cyber Security course is designed to help SMEs become knowledgeable about the risks, responsibilities and actions surrounding cyber security. Click here to find out more.