At present many businesses are completely underestimating the threat of cyber-attacks as research has found that two thirds of SMEs don’t consider themselves to be under threat and only 16 percent deem cyber security to be a top priority in 2015. This apparent lack of understanding around cyber threats is leaving UK businesses vulnerable to attacks which can potentially cause devastating financial and reputational damage.
The Government’s Information Security Breaches Survey found that the average cost of a major cyber security breach costs between £65,000 and £115,000 and can result in a business being put out of action for up to ten days. These worrying statistics clearly highlight a serious gap in knowledge when it comes to cyber security and so businesses need to wise up if they are going to safeguard against future attacks.
Hackers are evolving
The need for businesses to ramp up their security measures is great; hackers are evolving quickly and coming up with new and sophisticated techniques to breach firewalls and steal data. Types of cyber-attacks that businesses are susceptible include theft of customer bank details and the lifting of personnel’s personal information.
According to the Online Trust Alliance, nearly a third all data breaches in the first half of 2014 came from an internal source. It also found however that 90 per cent of attacks were completely preventable and so businesses need to take stock and implement strict security procedures to adequately protect themselves against attacks. In order to do so businesses must identify the specific risks they are susceptible too as it will vary from business to business. For example threats to small businesses will be significantly different to threats to larger corporations.
Threats to SMEs
Whilst small businesses usually hold much less data and are, statistically speaking, less exposed to attacks compared to big corporations they tend to have less sophisticated security systems in place. This can leave SMEs defences weak meaning hackers will have no problems accessing information.
While large corporations can hire specialist I.T. security professionals and implement expensive security measures, small businesses simply do not have the budget. Unfortunately most cyber attackers will take the path of least resistance and so this leaves small businesses with second-rate security at a high risk.
Threats to big business
Larger organisations generally have a tendency to hold much more data than is necessary, for example staff blood groups and ethnicity. Whilst many think that cyber-theft only involves money in actual fact thieves are also after personal data which can then be sold on. So one way to improve security for these type of breaches is to cut down the data held to just the necessities.
Employee access to customer data should also be restricted and only those with clearance should have access to any sensitive information, for example customer bank details. Limiting access to just a select few means that the communication chain can be much more easily traced meaning employees are less likely to take part in malevolent practices.
How businesses can protect against risks
There are a number of straightforward and easy to implement steps that HR professionals can take to protect businesses from future attacks:
- Back-up data: Backups should be performed regularly in order to protect a site in case of a problem. A good hosting provider should be able to provide a full, regular backup of any account.
- Enforce strong passwords: Weak passwords are still one of the easiest ways for a hacker to access a website. Hackers prey on weakness and bank on fact that businesses will have weak passwords. With this in mind make sure all passwords are at least 15 characters long with a variety of upper and lowercase letters, symbols and numbers. Common passwords make life easy for hackers, especially if you do the cardinal sin and use the same password for multiple sites.
- Make protecting data part of the culture: to ensure everyone in the company is on the same page, organisations need a simple, non-technical policy document that highlights every individual’s responsibility in protecting sensitive information about customers, colleagues and others.
- Invest in a sophisticated workforce management system: There is cutting edge technology available that can help to prevent against cyber threats by managing all personnel data in a secure and organised system. For example, timeware’s personnel system allows businesses to store, update and view personnel information in a secure environment based strictly on company’s pre-defined permissions. The system helps to keep all data in one place, from copies of driving licenses to previous employee references and bank account details. Investing in workforce management technology can help to prevent data theft by ensuring all personal information is held in a completely secure and standardised system.
- Develop and refine a response strategy: Businesses should put in place an action plan for if a major security breach occurs. Take the time to learn from any minor data breaches and ensure security measure are continually evolving to correspond with any changes in legislation or relevant news.
To protect against the ever-growing threat of cyber-theft, HR professionals must ramp up their online and offline security measures. HR’s should take every precautionary measure to restrict access to both personnel and customer data and to inhibit anyone without permission from gaining access.