Government figures show that cyber attacks continue to pose a serious threat to all types of UK businesses, with one in five of those affected reporting a denial of service, malware or ransomware attack.
Commenting on the situation, Stephen Whelan, from Integrity IT Solutions in Annan, said: “Every business, no matter how large or small, should have in place measures to prevent online criminals accessing their information and potentially damaging their business.
“Cyber criminals often see the human factor as the weakest link in any security measure, so it’s vital that every member of your team who has access to the internet or an email account receives cyber security training and understands the serious damage these sorts of attacks can cause.”
The Cyber Security Breaches Survey 2022 found the average estimated cost of cyber attacks to businesses was £4200, with phishing attempts the most common form of breach, accounting for 83 per cent.
Stephen said: “Online criminals create phishing emails which look realistic, such as fake invoices or receipts, to make it more likely someone will click on them.
“It’s important your team understands how to identify a phishing email, and reports anything suspicious to their line manager. It’s the responsibility of everyone in the organisation to be vigilant.”
Furthermore, businesses can also be targeted by ransomware attacks where files are encrypted to prevent access.
Using strong passwords made up of three random words and regularly vetting who has access to systems can improve a company’s security, he said, adding: “Weak passwords can be hacked in seconds, so choose longer and more unusual passwords and use different passwords for different accounts. It’s good practice to use a password manager to store and create strong, unique passwords.
“Two-Factor Authentication reduces the risk of being hacked by asking you to provide a second factor of information, such as getting a text or code when you log in. It’s a practice commonly used by credit card companies and one which can be easily enabled on software such as Microsoft 365.”
In addition, businesses should regularly remove access which is no longer required, ensure that users’ desktops, laptops and mobile devices are all patched, and that defences such as firewalls and anti-virus software are up-to-date, as well as having a plan to identify critical data and key systems in case a cyber security breach occurs.
