Coronavirus (COVID-19)

If you are concerned about your business being impacted financially due to coronavirus, we are here to support you.
Guidance and support

Please note, we are not an Accredited Lender for The Coronavirus Business Interruption Loan Scheme (CBILS). Visit The British Bank for more information on the scheme.

How to Protect your Business from a Cyber Attack

Learn more about the risks associated with cyber attacks- and find out what steps you could take to protect your systems from malware.
How to Protect your Business from a Cyber Attack

Join the Esme team as we explain what a cyber-attack is and why cyber-security could matter for your business. We’ll also explain some of the steps you could take to help reduce the chances of your business becoming the victim of a cyber-attack.

What is a cyber-attack?

Link

A cyber-attack is an attack from one or more computers against one of the following:

  • Another computer
  • Multiple computers
  • A network

Cyber-attacks are initiated by cybercriminals; groups of hackers or individuals who instigate an attack against a business or individual. The objective behind these attacks is sometimes political, but against businesses it’s likely that the attackers are looking to gain money or data.

These attacks can take a number of different forms, but here are some popular types of cyber attacks and how to recognize them.

Malware attack

Link

Malware stands for malicious software. This form of attack gives cybercriminals the ability to infiltrate computers or a network to access and control the system remotely - attackers can then demand ransom from you or access your business’ database and any sensitive information.

Tip: Some indicators that your computer might be infected by malware could include seeing a lot of pop-ups that you haven’t asked for, being redirected to unexpected webpages, or seeing icons and browser extensions that you aren’t familiar with.

It’s worth noting that it might be wise to always keep your computer up-to-date, and use antivirus software where possible.

Phishing attack

Link

‘Phishing’ is where cybercriminals create and distribute fake emails or webpages intended to mirror a real website or company with the intention of gathering sensitive data. Often thousands of these emails will be sent out at a time, with attackers waiting to catch a few unsuspecting victims (just like fishing).

Tip: Be wary of suspicious emails and avoid clicking suspicious links. Phishing emails often use phrases such as ‘verify your account’, ask you for personal information, and suggest that you have to act urgently.

Denial of Service attack

Link

If your business relies heavily on selling goods online, this particular attack can be very harmful to your business and its future. A Denial of Service attack (also known as a DoS attack) is where a large amount of traffic is sent to your website to intentionally overwhelm its servers, taking the website offline.

Tip: If you experience a DoS attack, you’re may want to call your ISP (Internet Service Provider, such as BT or Virgin), and Hosting Provider (presuming you don’t host your own web server)- it may be wise to keep emergency contacts for these numbers handy in case of an attack.

Man in the middle attack

Link

This is when a hacker secretly interposes themselves between the user and the website or service they are attempting to access. For example, if you were in a hotel and were trying to access the Wi-Fi network, you may be asked to log-in on a website page in order to proceed and access the Wi-Fi. Hackers can mimic the hotel’s log in page and then have access to any information you have on your computer, including bank passwords and sensitive information.

Tip: This type of attack is difficult to detect, so preventative action may be the best defence. You could look to use HTTPS (secure) URLs for your website, make sure you have strong login credentials on your router, and consider using VPN’s for extra security.

Why cyber security is important

Link

For small businesses today, the likelihood is that computers play a key role in your operations. If you have an e-commerce platform that you use to sell goods online, then a cyber attack could potentially affect your entire business model; meaning you’re unable to make sales.

Or, even if you’re not a digitally-led business, if you have an excel spreadsheet on your company computer containing sensitive data like your employee’s information, then there’s a chance this information could be stolen by hackers if basic cyber security measures are not followed. It’s important then, to learn how to protect your small business against a cyber attack – perhaps you could even make it one of your business goals for 2020.

Let’s look at some real-world examples of cyber attacks.

Effects of cyber-attacks on businesses

Link

One of the most recognised cyber-attacks that affected the UK in particular was the WannaCry virus in 2017. The virus was initially introduced to computers through phishing emails and then quickly spread using a known Windows vulnerability, shutting down hundreds of thousands of computers around the world with messages demanding ransom payments.

This Malware virus affected over 150 countries and over 100,000 organisations and businesses, including the UK’s NHS. According to the Telegraph, more than 190,000 appointments were cancelled which cost the NHS approximately £20 million in just one week (12th May – 19th May). The NHS were then forced to spend an additional £72 million in cleaning up the incident and upgrading their IT systems.

The WannaCry virus shows exactly how much a cyber-attack can affect a business or organisation - with small businesses at risk just as much as large organisations such as the NHS. A cyber-attack on your business could result in your business losing a large sum of money, damaging your reputation and trust amongst your customers, loss of your database, customer information, or worse - closure of your business.

How to prevent a cyber-attack on your business

Link

The following practical steps may shine a light on how to protect your company from cyber attacks. Let’s first look at proactive planning, then some reactive measures.

1. Incorporate cyber-attacks into your business continuity plan

Link

It’s important to consider the potential consequences of a cyber-attack on your business when creating or updating your business continuity plan. This may help to ensure you are well-prepared, and aware of any possible risks before an attack happens.

It could also be wise to consider upgrading your business insurance so that it covers any losses your business may experience as a result of a cyber-attack. This can then be incorporated into your business continuity plan and form part of a cyber-attack recovery strategy.

2. Inform your staff of the potential dangers of malware

Link

Someone in your team could accidentally click on a phishing email that allows malware to infect one of your computers or your network. Educating your staff on these types of risks and giving them some basic training on how to stay safe online could help your business avoid a cyber-attack.

3. Update your computer and anti-virus software – and keep them up to date

Link

The reason why the WannaCry attack on the NHS was so effective was due to its dated IT infrastructure. Out of date software is especially vulnerable to viruses and malware, so it’s important to keep your computer software and anti-virus software up to date.

If you have a Windows operating system, Windows Update is a great program that you can use to check for updates- and this includes security updates. What’s more, there are plenty of suppliers of anti-virus software you could purchase a package from. Some of the popular names include Norton, Kaspersky and McAfee, but you could look to do your own research to find a solution that works for you and your business.

Finally, we’re sure you’ve heard this before but it may be a good idea to change your passwords from time-to-time. Cyber-security could be a team project you work on, and you could even look to make this part of a wider project about making the most out of your website.

How could Esme help?

These are difficult times for many businesses, so it’s important now more than ever, to take good care of yourself and your team. If you’re concerned about your business being impacted financially due to coronavirus and want to understand the support available to you, please visit our advice page for information.