The North East's professional services firms and other SMEs are prime targets for cybercrime but they can fight back if they are prepared' says Stephen O'Connell' sales and marketing director of Advantex.
It wouldn’t be stretching the truth too far to say that almost every business has been a victim of a cyber crime at some time. From phishing to ransomware’ most of us will have experienced the disruption and heartache of attacks on IT systems that cause damage’ misery and financial loss. Indeed’ data collated by the National Fraud Intelligence Bureau’ reports individuals and organisations in the UK described losses of £1.3bn to fraud and cybercrime in the first seven months of 2021 alone.
Chief among those in the crosshairs of the digital weapons cyber criminals wield are the region’s professional services companies. But what makes accounting’ legal’ insurance’ creative and other client-focused organisations such appealing targets? One reason is that they hold highly confidential information’ which is extremely desirable for people who inhabit a dark deadly digital world and look to profit from illegal cyber activity and the misfortune of businesses. This includes financial details’ tax records’ ID documents’ investments’ corporate strategies and intellectual property among a wealth of sensitive data’ which if it is leaked or falls into the wrong hands’ could see you facing not only devastating financial loss but also irreparable reputational damage.
Professional services alongside other SMEs often struggle to assign the financial resources and manpower needed to thwart ever more clever criminals plotting either random or coordinated cyber attacks. Recent research indicates 75% of SME leaders would not have sufficient capacity or expertise to deal with an attack – disturbing news’ particularly at a time when the region’s economy continues to remain fragile in a post-pandemic world.
Fraudulent emails asking people to share passwords and banking information (phishing) and virus-riddled software designed to prise open unauthorised access to a computer and cause damage (malware)’ are among the most common types of attack. But organisations must be alert to malicious attacks from staff’ or perhaps disgruntled ex-employees’ who have access to systems or an axe to grind’ or events that can trigger the shut down of a company’s systems so that it is unable to operate (denial-of-service strikes).
It has to be seen as timely that against a backdrop of heightened threats and increasingly sophisticated attacks’ it’s important for you to review current cybersecurity – thoroughly test your security protocols and identify potential vulnerabilities. A good start point to ensure that a robust defence is in place is to examine the data you currently hold and assess the critical risks if there is a breach. Once you identify these’ the next step is to protect the data with appropriate security procedures and processes that are realistic and sustainable. It would also be helpful to undertake regular vulnerability assessments to ensure there are no gaping security holes criminals can target.
Testing your environment is also important if your firm recently implemented new technology or cloud-based tools that could have unknowingly opened a back door. Keep abreast of security threats and make sure you don’t become complacent. Other simple yet effective procedures to protect your business include adding software updates as soon as they become available and backing up your data – if you are a cybercrime victim’ this will help provide business continuity at a difficult time. Businesses that are alert to the threats’ and deploy effective measures’ will feel the benefit of assuring their customers that they take security seriously and that they are dealing with bonafide people and not criminals or hackers.
