Is your Business at Risk of a Cyber Security Breach?

Many businesses today, from law firms to recruitment consultancies, are entrusted with highly sensitive data on a daily basis, – from financial information to highly personal and private details that may have severe consequences if they fall into the wrong hands.

Therefore, it’s mandatory that your business invests in the very best cyber-security approaches to keep yourselves – and your clients – as safe as possible.

So what are some of the main risks?

Email fraud and phishing

Email remains the most common attack vector, used to extract information like bank details and identity-related data.

Some attacks can be as sophisticated as a message sent to a customer or client by fraudsters claiming to be acting on behalf of your business to directly defraud them. Other examples could be cyber-criminals gaining the trust of someone in the business to extract information about the client.

Therefore, for particularly sensitive correspondence, it could prove critical that clients are informed of the email addresses that will be used to contact them, and of the information for which they will or will not be asked via email.

Ensure your staff also receive the correct training to recognise fraudulent or “phishing” emails and report them directly.

While the threat may come from organised crime groups anywhere in the world, there is also the risk that individuals within your business or ex-employees may utilise insider knowledge of the company systems to access sensitive data or funds.

Access control systems will reduce the likelihood of an insider breach, but for external threats increasing password security, installing a powerful antivirus, and heavily cracking down on the rules surrounding the sharing of sensitive information are ultimately the most effective ways to mitigate against the risk of attack.

Social Engineering

This represents a broad range of malicious activities achieved through human interactions. It uses psychological manipulation to trick users into making mistakes, breaking security protocol or giving away sensitive information.

There have been many examples of criminals impersonating directors or other senior figures within a business, choosing to strike at a perceived time of lower focus like late Friday afternoon or on a public holiday, to demand a payment. This payment could be for a fictitious supplier, for example.

Again, extensive staff training and proper protective systems should always be put in place to counteract this threat. Sophisticated online criminals will always try to find methods of impersonating individuals – or, indeed, whole businesses – to fraudulently access information and funds, so being vigilant is key.

Compromised supply chain

Often, hackers are aware that some businesses are likely to have robust cyber-security systems in place to prevent direct attacks, so their approach is to try and extract data and valuable information by compromising the weaker security of one of the business’ suppliers.

This type of attack is more difficult to prevent, as it often comes via a totally separate organisation from your own, but taking steps such as vetting the cyber-security of any potential supplier or partner company before using them can help to reduce any risk.

By way of best practice, but also bearing in mind the recent introduction of more stringent forms of legislation, it is vital that you are able to ensure the security of your clients’ details – along with those of your own organisation.

Malware and ransomware

Whether by tricking employees into downloading spyware or by forcing encryption of certain sensitive files and demanding money for their restoration, these types of viruses can be used to devastating effect by hackers. Probably, the best-known example is WannaCry, where in May 2017 this ransomware strand spread worldwide and caused havoc in parts of the NHS.

To guard against this, your business should be protected with powerful antivirus software that is updated regularly.

You can find out more about our cyber security services here.

By Matthew O’Donnell