Cyber security is the protection of computers, networks, programs and data from unintended or unauthorised access, change, theft or destruction. It is a company’s responsibility to protect and keep secure data such as;
- Personal information – names, addresses, NI numbers, ethnicity, bank details
- Customer information – financial data, business data
A breach is cyber security can greatly affect you and your business so it is important to understand what the potential risks are and where they come from to be able to guard against them. Let’s go through some key points to be aware of:
Firstly you need to understand the main things that are at direct risk in the event of a security breach: your money, your information/data and your reputation.
So you know what’s at risk, now you need to know who could pose a risk?
- Negligent employees
- Disgruntled employees that may have malicious intent
- Business competitors for economic advantage
- Criminals for financial gain
A breach in your Cyber Security can be carried out in many different ways including:
- Theft/unauthorised access
- Remote attack / hacking
- Attacks on third party systems i.e. company bank account
- Accessing information from employees
Ok so now you know what is it at risk, who might want to carry out a cyber threat/attack and how they might do it, but do you know what the fundamental impact is on your business? The bottom line, a Cyber attack can result in:
- Financial loss from theft
- Financial loss from disruption to trading
- Loss of business from bad publicity/damage to reputation
- Costs for cleaning up effected systems
- Costs of fines if personal data is lost
- Damage to companies you work closely with
All of the above can truly be the undoing of a business.
There are many different types on Cyber Security attackers:
Opportunists – Usually attack for personal gain, reputation or financial gain. They only target organisations when an easy opportunity presents itself.
Cyber Criminals – Steal information e.g. credit card or bank details for financial gain.
Hackers – Usually attack for financial gain and the breaking of a secure site. Hackers access information or deface websites for political or ideological ends.
Insiders – Usually disgruntled or dishonest employees who destroy or steal information to cause embarrassment. They may damage or steal equipment to disrupt the business. Employees may mistakenly send confidential information to the wrong recipient.
And they have many ways in which they will carry out an attack:
Social media exploitation – Is the act of using sites, such as Facebook, Twitter etc. to attack a computer system
Hacking – A type of remote attack to gain unauthorized access to data in a system or computer, mainly via personal IT equipment
Phishing – Fake emails and/or web links.
Malware – Software with a hidden function to capture data. This software can also encrypt workstations and demand ransom money.
Denial of Service – A type of attack that is designed to bring a network to its knees by flooding it with useless traffic, preventing legitimate users from accessing information or services.
Insider threat – Is a malicious attack perpetrated on a network or computer system by a person/employee with authorized system access.
One of the most common attacks is fake emails, and we have all had them, but if you are unsure if an email is real or not follow these tips:
- Do I recognise the senders email address?
- Do I know this person?
- Is this their usual email address?
Note: Be aware, spammers attempt to send email using your legitimate friends, colleagues or family email addresses. They may have obtained these email addresses from contact lists using malware installed on their computers
Emails should always have meaningful subject lines. Ask yourself these questions:
- Does this email subject look unusual?
- Are there spelling mistakes?
- Is there excessive punctuation?
Out of the ordinary or poorly written subject lines may hint to a fraudulent or spam email.
Lastly be wary of links in emails, they can be easily disguised and may take you to malicious websites.
We hope you enjoyed our tips and advise on Cyber Security and what to look out for, check in tomorrow for the next blog in this series: “Cyber security – what are the responsibilities”…
Get in touch and let HR Revolution run through a GDPR audit to see where and how quickly changes can be implemented.
Call +44 203 538 5311, email: email@example.com or visit www.hrrevolution.co.uk where our expert CIPD HR professionals are waiting to help you with any questions you may have.
HR Revolution; supporting you, your employees AND your business.