While many businesses are aware of the risks of cyber crime, the rapid pace of technological change makes keeping up to speed increasingly complex and challenging, says Feargal McCormack.
A mistake some businesses make is thinking that they are too small to be of interest to cyber criminals. However, as we heard at the FPM cyber crime seminar last year, two-thirds of businesses have been hit by cyber crime. Given that so many businesses increasingly rely on technology, not just in the workplace but also when employees are on the move, it is worrying that only 10 percent of breached companies have a cyber security plan in place.
Government research shows that the most common breaches or attacks are carried out via fraudulent emails. ’The Cyber Security Breaches Survey 2017’ highlights that businesses can do more to protect themselves, for example by enforcing strong passwords, implementing formal risk management policies, increasing their focus on security training, and developing appropriate responses in the event that they suffer an attack.
A point that we stress to FPM clients is that people can be your weakest link. Cyber criminals may impersonate you or use phishing techniques to gain access to sensitive information by tricking your employees into revealing passwords or financial information or opening dangerous attachments. To combat this type of attack, it is vital to implement robust verification checks and remind your staff about the importance of data security on a regular basis.
Your website may also be also vulnerable to attack. Basic protective measures to implement include using firewalls, scanning for malware, adopting strong passwords, limiting access, keeping systems up to date, and creating backups.
Increasingly, business owners and their employees use smartphones to access email and various apps and services containing work related contacts and data. While these devices provide 24/7 access to data, they also present IT risks that need to be managed. We see many instances where businesses have excellent security for their main systems but little or no security to cover employees’ use of personal mobile devices. This is worrying because businesses may have legal obligations in respect of data held on these smartphones, tablets and other devices.
Plans and Procedures
Developing an awareness of the risks is a critical first step in protecting your business from cyber crime. FPM runs regular client seminars and events to help in this regard. Our experience shows that implementing robust plans and procedures can minimise the cost and disruption of cyber incidents.
To get started on your plan, you will need to review your information systems, identify risks and decide on the best ways to mitigate them.
In addition, in the event that your business suffers a cyber breach, it is advisable to have an incident response plan which sets out roles, responsibilities and recovery procedures. This will help to minimise the cost and impact of the incident.
Remember, however, that policies and procedures can only protect you if they are properly designed, implemented, monitored and updated.
Be vigilant and ensure caution at all times when responding to any requests for your bank details. There is an increasing threat of criminals intercepting emails and fraudulently changing legitimate bank account details with the objective of stealing your money. FPM will never change our bank account details during the course of a transaction and we will not email you our bank details as emails are not secure. If in doubt, phone your FPM contact directly. We will not accept responsibility if you transfer money into an incorrect bank account.
For information on FPM’s risk management and IT advisory services please contact us.
Feargal McCormack l Managing Director