Recently published figures have suggested that HMRC has 'saved the public more than £2.4 million' by combating cybercriminals and cybercrime. However, such crime remains a serious problem for businesses, with potentially significant consequences. Here, we take a look at strategies you may wish to utilise to ensure your business and personal finances are adequately protected against malware, phishing attacks and ransomware.
Cybersecurity: getting the basics right
As a fundamental rule, business owners must ensure that their cybersecurity protections are up-to-date and effective. Firms are advised to:
Use strong passwords
It may seem obvious, but making use of strong passwords on your work computer, laptop, smartphone and tablet is crucial. Using a combination of upper-case and lower-case letters, alongside numbers and symbols, will ensure that your password is strong and unique, and therefore difficult for cybercriminals and thieves to guess.
Make sure software updates are downloaded
Ensuring that any available software updates are downloaded and installed onto your work devices is essential: doing so will help protect your gadget against harmful malware. Businesses are also urged to install updates to their anti-virus software, where these are available.
Back up data
Making regular back-ups of critical data is highly advisable. Consider how reliant you are on your data, such as payment details, customer information, quotes and orders. Businesses should aim to identify the essential data they need to back up, and keep their back-ups separate from their main devices: in the event that a business is affected by ransomware, an isolated back-up may prove invaluable. Victims of ransomware attacks often experience their files becoming encrypted, or their computer becoming locked. The criminal will then request payment in return for decrypting or unlocking the victim's files or devices.
Keeping essential data backed up to a separate device, drive or cloud solution may potentially aid firms, should the worst happen.
Identify fraudulent communications before it's too late
Spotting phishing communications before they are opened or responded to is vital. 'Phishing' refers to the practice whereby a criminal poses as a recognisable company or organisation (including major banks, HMRC and telecommunication companies), and contacts an individual or business to request them to supply sensitive information or payment.
Phishing victims are often contacted via email, telephone or text message, and are asked to provide personal data, such as banking and credit card details. Cybercriminals then use the information to their advantage, installing malicious software onto computers or posing as the victim, thereby stealing their identity.
Businesses are urged to exercise caution when it comes to responding to calls, emails or text messages that request that a payment be made. Refrain from clicking on links within unsolicited emails – if in doubt, the safest course of action is to visit the company's website of your own volition.
It is important to note that the government, banking institutions and large organisations will never contact you to request access to your personal account, or to request that you send them personal information.
Train staff members and keep them up to date
All members of staff should receive appropriate training in order to understand and successfully identify the ways in which their firm could be at risk from cyber-attacks and data breaches. A range of programs exist for employers to make use of, including free educational courses and resources, as supplied by the government. These can be found here.
Making sure that you have adequate cybersecurity measures in place is of the utmost importance. Taking appropriate action sooner rather than later could help to safeguard your business and personal finances now and in the future.