Everything SMEs should know about cyber-crime and cybersecurity

28 September 2018

• cyber security
• cyber crime
• cyber and data breach claims solicitors liverpool
• cyber and data breach claims law wirral
• cyber and data breach claims law merseyside
• data breach
• cyber criminals
• cyber attack
• cyber law blog
• SMEs
• Business Fraud Prevention Partnership
• two factor authentication
• IT policies and procedures
• phishing

As cybercrime continues to rise affecting several large organisations who have had their personal data accessed or stolen, it is now vital that everyone considers and evaluates the best cybersecurity solutions to protect their business.

Recently, both small and medium organisations have been urged by the Business Fraud Prevention Partnership (BFPP) to seriously consider protection against cyber-crime. The founder of the BFPP, Edward Whittingham discussed misconceptions regarding cyber-crime, stating:

“Historically, there have been a perception that cyber-attacks are conducted by teenagers or rogue individuals, but this just isn’t the case.”

“They’re now conducted on a large scale by serious and organised crime gangs.”

He also urged organisations to educate their staff on cybercrime and cybersecurity, stating:

“Staff training, paired with simulated phishing tests, is not only a way of educating employees; it can also identify high-risk areas within the business.”

Organisations should also consider the following aspects to prevent cyber-crime and improve cybersecurity:

Phishers

Phishers or phishing emails are known to be one of the biggest threats to small and medium-sized enterprises (SMEs), with up to 95% of cyber-attacks occurring due to a phishing email.

A phisher usually poses as a trustworthy source, either a fellow colleague or supplier who asks for personal information via email.

It is vital that staff are educated on what a phishing email, and how to spot the warning signs. This can be achieved by checking sender details, as with some phishing emails the address is a give-away.  Whereas, other email addresses may be almost identical to those they are pretending to be, therefore staff should always check for extra characters or misspellings.

Two-factor authentication

Organisations should ensure that all their staff members create strong passwords for emails or any other software used by the company, and if possible utilise a two-factor authentication such as a password and a pin number, or a security question.

Applications such as Gmail and Dropbox use two-factor authentication in order to fully protect personal data.

IT policies and procedures

In order to prevent cyber-crime, organisations should implement an easy to read IT/Infosec policy for all employees. Instead of a long-winded inaccessible document, organisations should create a document that staff members will actually read, to ensure all employees are prepared when a cyber-attack occurs.

The IT/Infosec policy should include: communications, password policy, social media guidelines, acceptable usage network security, physical security, data protection, disaster recover and incident response.

Testing systems

It is vital that organisations check their systems regularly, in order to evaluate how strong they are against hackers.

Organisations should remain proactive rather reactive, in order to stay one step ahead of cyber criminals.

Backing-up data

Organisations must ensure that any crucial data is backed up regularly, as in an event of a data breach this data could be lost and if there is no back up in place then the data will be erased completely. This is a mandated requirement under Article 32 GDPR.

Costs and expenses

Although the costs of a cyber-attack result in mass amounts, implementing protection against an attack can actually be inexpensive for SMEs.

Essential cybersecurity for SMEs should include anti-virus and firewall software, with some software systems ensuring consistent updates.

Before implementing any cybersecurity measures, organisations should do proper research in order to utilise the right software individual to their business.

For advice on cybersecurity, organisations can reach out to local authorities and chambers of commerce to find out further information on cyber-crime prevention.

Here at Three Graces legal we can assist you with all aspects of cyber-crime and cybersecurity.

Please contact us at 0151 659 1070