By 2021, cyber-attacks are expected to cost as much as $6 billion per year. Once focused on government and big companies, they’re now expanding to target small businesses and private individuals. The people behind them are increasingly well resourced, and they can no longer be treated as a minor security risk. What should business owners do to make sure that their companies are safe, or at least as safe as possible?
Why cyber-attacks happen
There are four main reasons for cyber-attacks, raising different levels of concern for business owners:
- Political attacks – attacks with a political motive are not really a concern for most businesses but may affect those working closely with government, especially if they are working with sensitive government data, or those working in controversial areas likely to attract the attention of protest groups. In most cases, the primary aim of such attacks is to cause disruption and temporarily cripple the target.
- Malicious attacks – still the most common form of attack but generally not the most sophisticated, these are carried out because the attacker finds it amusing or wants to see how a security system can be broken. Because they are disorganized, they can be difficult to anticipate or deal with using standard security procedures. They are often responsible for ongoing low-level system problems.
- Attacks for gain – these are all about making a profit. They may aim for something as simple as disrupting the business in order to affect its share price, or they may involve direct theft – for example, by emptying company bank accounts. These are among the more traceable kinds of attack, but thieves are getting increasingly good at covering their tracks.
- Attacks by rivals – these are aimed either at damaging business operations so that the rival can get ahead – especially in association with key opportunities – or at industrial espionage. The latter type of attack can sometimes go on undetected for prolonged periods of time, so it’s important to be alert to the risk of problems becoming established in the system as well as sudden, dramatic attacks.
The risks to business
Businesses have a lot to be concerned about when dealing with cyber-attacks, and some are unlucky enough to go under completely because of them. As well as direct risks to the business and its assets, there is a risk of customer data falling into the wrong hands, providing a rival with an advantage, or being used maliciously and ruining the business’s reputation. Businesses owe it to their customers, trading partners, and staff, as well as themselves, to keep their systems as secure as possible.
Avoiding data loss
Aside from avoiding damage, disruption, and the misuse of stolen data, businesses need to make sure that they don’t lose data that they need in order to function properly. This means that making back-ups is essential. Doing so also provides some protection against the potential consequences of other types of disaster such as fire and flood. Backed-up data should ideally be stored in secure conditions away from the main business site.
There are two main approaches to cyber security: it can be outsourced, or it can be handled in-house. Outsourcing generally means getting access to a better standard of security provision, but it’s one size fits all, and it can be expensive. Bringing in security experts as employees means that they can develop a tailored solution, there’s no need to place trust in outsiders, and there will be people on hand to advise if things go wrong. The demand for cyber security experts is expected to lead to 1.5 million unfilled posts by 2019, so companies should not delay in searching for the staff they need. Connecting with relevant educational institutions, such as Maryville University, can be a good way to identify promising individuals before they are snapped up by other employers.
Ultimately, a business is only as safe as its weakest link, and in most cases, that’s the staff. All too often, weak passwords or carelessness about logging out create the opportunities that hackers need. There are two main things that can be done about this. The first is to restrict access to important parts of the system – and valuable data – to people who are sensible about these risks. The second is to make sure that all staff members receive basic cyber security training so that they understand their responsibilities and why every aspect of cyber security matters.
Though it’s never possible to be 100% secure, most businesses prepared to make the effort can stay out of trouble, if only because hackers look for easy targets. This is not a risk, however, that any business can now afford to ignore.