Cyber Risks & Working From Home
It is predicted that a large number of businesses will not return to offices following Covid-19 and will continue working from home, as many employers’ suggest home working is much easier than they thought it would be. It is estimated that 25-30% of the workforce will be working-from-home multiple days a week by the end of 2021. In addition, before the crisis, surveys repeatedly showed the demand for flexibility within the workplace, with 80% of employees wanting to work from home at least some of the week.
Rental prices for serviced office spaces in London cost at average £655 per desk per month. So, saving on this amount each month is quite clearly one of the biggest benefits to businesses looking to work from home. However, there are a number of things that need to be considered, one of them being your exposure to cyber-attacks.
£2.3 million – the cost of cyber attacks to businesses around the world every 60 seconds
With increased numbers of companies working from home it also, unfortunately, comes with an elevated number of cyber-attacks and cloud breaches. Additionally, as a result of 5G increasing the bandwidth of connected devices, IOT devices will become more vulnerable.
If you hold personal information or customer data such as names, addresses, contact details or banking information, or if your businesses is dependent on or uses computer systems as part of its’ activities, then it’s important to understand the impact of a data breach, interruption to your systems or a claim for failing to keep customers’ personal data secure.
One of the most frequently seen cyber-attack attempts includes phishing – where you receive an email that pretends to be from a local authority in which you’re asked to give out personal or sensitive information. Other frequent forms include file hijacking, webcam managing, screenshot managing, keylogging and ad clicking.
“Small doesn’t mean safe”: SME’s just as much at risk of cyber-attacks
Cyber losses can be enormous. The media generally focuses on cyber-attacks on large corporations including TalkTalk, Yahoo and Uber. Not to mention the most recent attack on EasyJet which affected over 9 million of their customers. As a result, there is a common misconception among small business owners that they are less at risk of such attacks and simply not worth the hackers’ time. Unfortunately, they are just as much as a target for fraudsters and due to this misconception, it often results in a downfall in security and operating systems, making it easier for hackers to access key information. In addition, SME’s often lack the in-house experience of dealing with cybercrime and find themselves on the receiving end of many email scams.
One small business in the UK is successfully hacked every 19 seconds.
A 2018 study by Hiscox found that there was an estimated 65,000 attempted cyber-attacks on small businesses every day, and that they were successfully hacked every 19 seconds. In addition, 1 in 3 UK Small businesses suffered a breach which in 2020 cost the average small business £25,700.
Furthermore, a 2018 AIG survey showed that two thirds of UK manufacturers lack cyber insurance cover, even though 48% of manufacturers have been victims of cyber-crime.
In comparison to UK enterprise businesses, data breaches cost an average of $3.88 million per breach, according to IBM and Ponemon’s Cost of a Data Breach study. Among small businesses, phishing attacks were successful 29% of the time and malware 20% of the time. However, in large businesses, those numbers jumped to 38% and 31%.
We’re fortunate to have insurers who specialise in this area and also offer free training courses to educate staff on how to prevent cyber-attacks. A breach can be extremely costly and may require the involvement of various experts including lawyers, IT forensics experts, credit and data monitor firms, specialist PR firms, communications/notifications firms. Communication and PR firms will help with indirect financial factors, such as managing damage to reputation and the cost of losing customers.
Hackers target valuable data, including:
- Financial information
- Intellectual property
- Healthcare records
- Employee data
- General private information.
Obtained illegally, all of this information can then be sold in a thriving underground market.
We’ve collated a few tips to prevent cyber-attacks:
- Use two-factor authentication and strong passwords – a million staff members who all use “password123” can make quite the payday for a hacker
- Ensure you are not connected to any unstable or unfamiliar Wi-Fi networks
- Don’t click on any unfamiliar links or download anything unless you are confident in the source
- When prompted to do so, ensure that you update software including iOS or windows
- Ensure your devices have anti-virus security software
- Regularly change passwords
- Limit employee access to data and require individual user accounts for each employee
- Have back-up copies of important business data and information
In the unfortunate event that you do suffer a cyber-attack, it’s crucial to notify your insurer immediately so that they can limit the damage and cost of recovery.
The Government’s Cyber Security: Small Business Guide contains further advice: https://www.ncsc.gov.uk/collection/small-business-guide
Obviously, there’s only so much you can do to prevent cyber-attacks. However, advancements in technology has meant clever businesses like Hack The Box can allow you to test the penetration of your systems on their online platform so you can see where you’re vulnerable to attacks.