Since 2012, cyber attacks have caused havoc for many organisations, from businesses big and small to government bodies and civic authorities around the UK and beyond.
So, if you’re trying to find out how to protect your business from cyber attacks, read on because in this blog we take a detailed look at cyber attacks, especially ransomware, and how you can protect and insure yourself against both.
What is ransomware?
Ransomware is a type of malware that threatens to permanently block access to a victim’s data – or publish it – unless a ransom is paid. The most advanced versions use cryptoviral extortion. This encrypts the victim’s files, making them inaccessible, unless a payment is made to decrypt them.
Perpetrators usually want payment in difficult to trace digital currencies such as Ukash or Bitcoin, so tracking down and prosecuting cyber criminals is difficult.
Ransomware attacks are usually, but not always, via simple ‘phishing’ e-mails or links to apparently genuine websites that your staff are tricked into downloading or opening.
How big is the problem
Research based on interviews with 400 IT decision makers, found that over a quarter of UK firms had suffered a ransomware attack in 2019. Leading insurer, Hiscox, claims that a UK business is nine times more likely to be a victim of cyber crime than a burglary.
Another survey conducted by cyber security firm Trend Micro found that although two thirds of UK companies ended up paying the ransom and received a key or password, only 45% of those got their data back.
The bottom line is this: a successful attack doesn’t just adversely affect your bottom line, it can cause you significant reputational and operational damage, too.
So how do you protect your company from cyber attacks in general and ransomware in particular?
Introducing cyber insurance?
It didn’t take long for insurers to see a new business opportunity emerging as executives asked, ‘How can companies protect themselves against hackers.’
A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organisation mitigate their risk of exposure by offsetting the costs of recovery after a cyber-related security breach or similar event. Most leading insurers in the UK now provide these policies.
Prevention is always better than cure
Whether you opt to insure against such attacks or not, there’s much you can do to protect your organisation, its data and its systems.
The UK’s National Cyber Security Centre (NCSC), along with other data security specialists, recommend taking the following steps:
Even with the most sophisticated IT security defence systems in place, it’s still possible for poorly trained staff to give access to a ransomware attack.
Your busy people can’t possibly bring themselves up to speed on the latest and every-evolving digital security threats. Not can you simply ask them to read, revise and retain the information in your acceptable use policy (AUP) on the organisation’s intranet.
That’s why every business should be training their staff effectively in digital and data security practices.
Do it regularly, make it part of your organisation’s routine, test the resilience of your process and use what’s known as the ‘3-2-1 Rule.’
That means having three copies of your data (on a workstation, in the cloud and on an external drive array, for example) and on two different forms of media (hard drive and the cloud, for example) with one complete copy held offsite. The latter’s important: cyber crime isn’t the only threat to your data – your offices could flood or burn down!
Most of the software your organisation uses is regularly updated by its creator. These updates include patches to fix glitches and make their product more secure against known threats.
So make these updates part of your regular and routine IT operations and consider designating one of your team to manage this.
You have to be ruthless to be safe and that means placing limitations on employees and contractors who use your devices, programs, files and records. And be particularly careful about third-party or temporary workers who might not be familiar with your usual security protocols.
This is especially important if they use removable media (such as USB drives or DVDs) and can connect to your network.
Track the credentials of all employees, contractors and third parties who have access to your systems, to ensure their identity, expertise and experience are as claimed. They are all potential vulnerability points for ransomware attacks.
Prevent the running of unauthorised code that’s been delivered to your users’ devices. People are, for example, often duped into running macros, so simply prevent all macros from executing.
It’s also good practice to ensure your team cannot install software on their devices without proper authorisation.
Filter your organisation’s web browsing traffic via a URL filtering tool. That way, you can prevent connections to certain sites based on their categorisation or reputation.
What price peace of mind?
As the cyber threats grow, so does the popularity of cyber insurance policies.
The total value of premiums for this cover is forecast to reach $7.5 billion worldwide by 2020. And don’t believe your business is too small for such a policy. The UK’s Federation of Small Businesses reports that two-thirds of their members were victims of cyber crime between 2014 and 2016.
What’s more, you need protection against the financial loss if your customers’ personal identifiable information (PII) is lost, stolen or leaked. The General Data Protection Regulation (GDPR) means you can be fined up to €20 million or 4% of turnover for such losses.
And even with the most robust security systems and processes in place, the threats are advancing so rapidly that a new one is effectively old hat after a month. This is a war of attrition you cannot afford to lose.
How we can help
Some experts argue that 100% preventative security cannot be achieved on today’s complex, integrated and distributed IT infrastructures.
However, there are some incredibly smart and effective security solutions available to protect your business from cyber attacks. Trouble is, many don’t even realise they exist or don’t understand how to use them.
Fortunately, here at Totality Services, where we deliver unrivaled IT support for London, we do. So please just call us for a confidential, no obligation chat about your cyber security requirements.