Cyber Security Or Cyber Crime: Which Do You Want?
It starts with physical security ...
Cyber security is something that is rather quite important and conversely, cyber crime is really quite frightening. But why is your accountant telling you about it?
How's your cyber security then? Let's hope you never have to find out!
copyright: nomadsoul1 / 123rf stock photo (licensee)
Well, the answer is that failing to get you cyber security right could mean the end of your business! Some bits of cyber security really are that important. The problem could be that criminals damage your business.
Equally, it could be that the fines and penalties for letting criminals damage your business are what puts you out of business!
In the UK, the TalkTalk cyber attack of 2015 cost the phone company around £60m and led to the loss of over 100,000 customers; even though it only affected 4% of their customers. What would it cost you?
The first point to make is that if you would like a copy of a 208 point checklist to help you to manage this yourself then email your request in or call me on 0333 335 0422 and I can send it to you. This list has been prepared for Bedfordshire Police and covers quite a few of the important bases!
Cyber security starts with physical security! You can have all the passwords in the world, but if someone can wander in and get into your filing cabinets, or remove a hard drive then you have still failed!
Do you have access control to your offices and systems, physical access and electronic access? Is this subject to regular review and if it is electronic is it updated as necessary? Does your access control system watch over which employees or contractors have access to your system and its information?
A cyber attack on JD Weatherspoons in 2015 stole over 600,000 customer records, including some bank details. This information was put up for sale before the company even knew they had been attacked!
"The UK Government is taking cyber security very importantly!"
So importantly, that they have worked with the private sector to bring in two certifications for businesses to record how well they are doing ... and you can't do business with the government unless you have the minimum certification.
If you or your organisation are interested in being certified, then contact your local police force's cyber security adviser. Yes, your local police force will have a cyber security adviser!
A report published in May 2016 showed that 2/3rd of large businesses had suffered a cyber-crime attack in the last year with some suffering attacks every month. Bearing in mind that bigger businesses will generally be better equipped to respond to this challenge, it is more than a little surprising to find that only half of these businesses had taken the recommended steps and actions to deal with their security flaws.
"What is the pain of getting it wrong?"
The government's 2014 cyber-crime report showed that the average cost, for big businesses, was between £600,000 and £1.5m. Huge costs that can be minimised by taking reasonable steps.
Some of these costs will be because you need to repair your IT infrastructure and replace various items of hardware, but it is also the digital infrastructure that will need to be repaired. Software that will need to be repaired or replaced. Firewalls and anti-virus or malware that will need to be purchased.
There is also the cost of business interruption, 15% of American businesses who suffered cyber crime also experienced disruption to their business.
"What is a ransom attack?"
Well, the answer is in the question! A 2016 report from one of the online security firms showed a big rise in the number of attacks using ransomware. This is software that locks you out of your own programs or data by encrypting it and demanding a cash ransom before they send you the encryption key!
With the rise of electronic gadgets (the Internet of Things) and the fact that many devices aren't protected with electronic anti-virus, this is going to be more prevalent. One example in the report is of hospitals being targeted and the Bluetooth link between their network and other devices being exploited.
"What do they steal?
A lot of criminals are after data in the form of stuff they can sell on. So they are looking to access records on your employees and customers, but this is also how industrial espionage is conducted so they are looking for your intellectual property as well.
In terms of how criminals get in, a 2015 American report came up with the statistics that:
30% exploit your data
29% exploit your IT system
23% exploit a particular application
21% exploit your network
20% exploit removable storage
This is an issue you can't ignore!
If you run a business then you need to make sure you are aware of this and doing the simple and basic things to keep your business safe. We can help with information and to signpost you to specific advisers so do call me at JVCA on 0333 335 0422 and I'll see how we can help.
Until next time ...
I've been an accountant in and for business since 1987 and have a wide experience of consultancy, audit, accounts, taxation and wealth planning work from individuals and small businesses to multinational corporations and charities.
My eclectic interests in growing and developing business span a number of areas … and can be summarised as strategic business advice and tax saving advice.
I have worked with the Chamber of Commerce to deliver courses for people about starting up in business and have lectured about tax for a major accountancy practice and for Milton Keynes College.
I relax by reading fiction and by getting away from the office in a campervan.