Join the Esme team as we explain what a cyber-attack is and why cyber-security could matter for your business. We’ll also explain some of the steps you could take to help reduce the chances of your business becoming the victim of a cyber-attack.
A cyber-attack is an attack from one or more computers against one of the following:
Cyber-attacks are initiated by cybercriminals; groups of hackers or individuals who instigate an attack against a business or individual. The objective behind these attacks is sometimes political, but against businesses it’s likely that the attackers are looking to gain money or data.
These attacks can take a number of different forms, but here are some popular types of cyber attacks and how to recognize them.
Malware stands for malicious software. This form of attack gives cybercriminals the ability to infiltrate computers or a network to access and control the system remotely - attackers can then demand ransom from you or access your business’ database and any sensitive information.
Tip: Some indicators that your computer might be infected by malware could include seeing a lot of pop-ups that you haven’t asked for, being redirected to unexpected webpages, or seeing icons and browser extensions that you aren’t familiar with.
It’s worth noting that it might be wise to always keep your computer up-to-date, and use antivirus software where possible.
‘Phishing’ is where cybercriminals create and distribute fake emails or webpages intended to mirror a real website or company with the intention of gathering sensitive data. Often thousands of these emails will be sent out at a time, with attackers waiting to catch a few unsuspecting victims (just like fishing).
Tip: Be wary of suspicious emails and avoid clicking suspicious links. Phishing emails often use phrases such as ‘verify your account’, ask you for personal information, and suggest that you have to act urgently.
If your business relies heavily on selling goods online, this particular attack can be very harmful to your business and its future. A Denial of Service attack (also known as a DoS attack) is where a large amount of traffic is sent to your website to intentionally overwhelm its servers, taking the website offline.
Tip: If you experience a DoS attack, you’re may want to call your ISP (Internet Service Provider, such as BT or Virgin), and Hosting Provider (presuming you don’t host your own web server)- it may be wise to keep emergency contacts for these numbers handy in case of an attack.
This is when a hacker secretly interposes themselves between the user and the website or service they are attempting to access. For example, if you were in a hotel and were trying to access the Wi-Fi network, you may be asked to log-in on a website page in order to proceed and access the Wi-Fi. Hackers can mimic the hotel’s log in page and then have access to any information you have on your computer, including bank passwords and sensitive information.
Tip: This type of attack is difficult to detect, so preventative action may be the best defence. You could look to use HTTPS (secure) URLs for your website, make sure you have strong login credentials on your router, and consider using VPN’s for extra security.
For small businesses today, the likelihood is that computers play a key role in your operations. If you have an e-commerce platform that you use to sell goods online, then a cyber attack could potentially affect your entire business model; meaning you’re unable to make sales.
Or, even if you’re not a digitally-led business, if you have an excel spreadsheet on your company computer containing sensitive data like your employee’s information, then there’s a chance this information could be stolen by hackers if basic cyber security measures are not followed. It’s important then, to learn how to protect your small business against a cyber attack – perhaps you could even make it one of your business goals for 2020.
Let’s look at some real-world examples of cyber attacks.
One of the most recognised cyber-attacks that affected the UK in particular was the WannaCry virus in 2017. The virus was initially introduced to computers through phishing emails and then quickly spread using a known Windows vulnerability, shutting down hundreds of thousands of computers around the world with messages demanding ransom payments.
This Malware virus affected over 150 countries and over 100,000 organisations and businesses, including the UK’s NHS. According to the Telegraph, more than 190,000 appointments were cancelled which cost the NHS approximately £20 million in just one week (12th May – 19th May). The NHS were then forced to spend an additional £72 million in cleaning up the incident and upgrading their IT systems.
The WannaCry virus shows exactly how much a cyber-attack can affect a business or organisation - with small businesses at risk just as much as large organisations such as the NHS. A cyber-attack on your business could result in your business losing a large sum of money, damaging your reputation and trust amongst your customers, loss of your database, customer information, or worse - closure of your business.
The following practical steps may shine a light on how to protect your company from cyber attacks. Let’s first look at proactive planning, then some reactive measures.
It’s important to consider the potential consequences of a cyber-attack on your business when creating or updating your business continuity plan. This may help to ensure you are well-prepared, and aware of any possible risks before an attack happens.
It could also be wise to consider upgrading your business insurance so that it covers any losses your business may experience as a result of a cyber-attack. This can then be incorporated into your business continuity plan and form part of a cyber-attack recovery strategy.
Someone in your team could accidentally click on a phishing email that allows malware to infect one of your computers or your network. Educating your staff on these types of risks and giving them some basic training on how to stay safe online could help your business avoid a cyber-attack.
The reason why the WannaCry attack on the NHS was so effective was due to its dated IT infrastructure. Out of date software is especially vulnerable to viruses and malware, so it’s important to keep your computer software and anti-virus software up to date.
If you have a Windows operating system, Windows Update is a great program that you can use to check for updates- and this includes security updates. What’s more, there are plenty of suppliers of anti-virus software you could purchase a package from. Some of the popular names include Norton, Kaspersky and McAfee, but you could look to do your own research to find a solution that works for you and your business.
Finally, we’re sure you’ve heard this before but it may be a good idea to change your passwords from time-to-time. Cyber-security could be a team project you work on, and you could even look to make this part of a wider project about making the most out of your website.