How to Survive a Disaster: The Cyber Attack
The first in an ongoing series highlighting threats to business continuity, this article focuses on the cyber attack and why you need a Business Continuity Plan for business.
A cyber attack, the attempt to access, disrupt, or damage your IT network, is a major threat to your business. Without a business continuity plan, it only takes one person opening a phishing email to bring your operations to an indefinite halt.
As simple as a single account breach, or as cataclysmic as an entire system-wide compromise, a cyber attack can vary in severity. But in the current climate, that single account breach can quickly snowball into a major disaster situation, potentially leading to data breaches.
And since the introduction of GDPR, this means severe fines of up to €20,000,000 or 4% of your annual turnover.
Three Steps to Preventing a Cyber Attack
The challenge facing key decision-makers in business, especially IT managers, is ensuring that their business is protected against as many cyber threats as possible.
Whether it’s trojans, ransomware, phishing, or password attacks – the angles of attack a cyber criminal can leverage are vast. Cyber threats spring up regularly across all of these vectors, so it may sometimes feel like you’re plugging holes in a waterlogged boat.
However, taking responsibility for your cyber security is non-negotiable if you wish to remain secure.
How many emails do you receive a day? Probably quite a few.
This is one of the reasons that phishing attacks remain the most popular weapon of choice for cyber criminals.
We all sign up to a variety of services – in fact, a survey in 2015 found that internet users are signed up to an average of 90 online accounts. And with these services often come semi-regular emails.
Email providers typically do their best to filter out spam and potentially dangerous material, but without dedicated Email Security, an email inbox is virtually an open door for criminals.
In short, it’s a direct line to their target – you.
Phishing email campaigns are fairly easy to conduct and often sent out en masse. Think fishing trawlers – the wider net yields a higher chance of success, hence ‘phishing’.
They’re also notoriously successful with a 1/10 chance of success.
This may not seem prolific, but if only 100 phishing emails are sent out, that’s still 10 people who have clicked a link or opened an attachment – unleashing malware and putting their data at risk of being stolen.
And after all, it only takes one click for a business’s data to become compromised.
Network (Specifically WiFi)
Another area of vulnerability is your business network (i.e. the cyber space in which your devices are connected to the internet).
Whether you’re a self-employed homeworker or work within a larger corporate network – your business network is one of the most desirable places for a hacker to gain access to. Access to your network means access to your files, personal information, and potentially accounts.
The vulnerability of your network depends on a few factors – namely, whether your business-grade firewall is configured correctly, or indeed whether you have a firewall at all!
However, the real threat to your network is through WiFi – specifically public WiFi. And this applies to both personal and business use. Public WiFi is inherently insecure. Even if it’s password-protected.
The reason for this is that public WiFi is often situated in heavily populated places. It’s a commodity that many people rely on now, whether it’s in a coffee shop, an airport, or even on public transport now.
A network set up in a busy place, with a heavy density of people, is an unmissable opportunity for a hacker.
Device traffic on a public network (browsing history, transactions, communications e.t.c.) is not automatically secured, which means that your activity is easily viewable if you have failed to implement any sort of encryption.
Another threat to consider with public WiFi is what we call an ‘evil twin’ access point. Simply put, this is a WiFi connection set up by a hacker that mimics a genuine WiFi hotspot. Hackers use this to spy on internet traffic, steal data, and infect devices.
It only takes one person in a business to connect to a public WiFi hotspot, without using a Virtual Private Network (VPN), for your organisation’s IT network to be compromised. Connecting to an unsecure public network without the appropriate defences in place, you’re potentially handing over the keys to your business.
Unfortunately, human error, particularly gaps in basic IT best practices, is one of the major areas of vulnerability in a business.
Everybody makes mistakes, but lack of training and IT awareness is often cited as the main problem. This shortfall in knowledge and awareness can mean poor (or non-existent) adherence to standard security procedures – and in the modern business environment, this can lead to disaster.
It could be as simple as failing to lock your PC when you leave your desk or falling for phishing emails, as discussed.
Even ‘over-sharing’ personal information on social media can lead to a cyber attack either on you or your business. Information is a commodity in the data age and a crucial weapon in the arsenal of the cyber criminal. Starving them of this through setting your profiles to private and thinking before you post, and you’ll go a long way to remaining secure.
The Ultimate Insurance Against a Cyber Attack
In short – you can be back in business within the hour.
The alternative is that you pay the ransom (usually £1000s of pounds), which we do not recommend. Paying makes you more likely to become a target in the future. Otherwise, you could even be looking at going out of business – with all of your business data gone, what can you do?
So, if a Business Continuity Plan for business isn’t something you’ve previously implemented, it’s highly recommended that you consider it now.
For example, what would you do in a scenario where your business suffers a ransomware attack? In this case, the cyber criminal can lock you out of all your devices and often threatens to delete everything, unless you pay a fairly substantial ransom.
The Neuways Business Continuity Plan can back up your data as often as you require it to (even every 15 minutes!). This means that all you need to do is roll back to the version before the cyber attack struck your business.
All three of these vulnerabilities can be mitigated with email security, network security, and IT training respectively. However, nothing is 100% secure, and this is where a Business Continuity Plan for business comes in.
A Business Continuity Plan means that if your organisation does suffer a cyber attack, you can effectively ‘roll back’ your server or device to a state preceding the attack. And this means minimal downtime.
Neuways is a global leader in Business Continuity & Disaster Recovery. If you’d like a chat about how a Business Continuity Plan could work within your business, contact us on 01283 753 333 or via firstname.lastname@example.org.