Technology has changed the way we live our lives — ever since the start of the Digital Revolution in 1947. Although the world is now more connected and people have become more accessible, there are some drawbacks to this greater connectivity, particularly on businesses and their operations.
In fact, being more connected has led to an increase in cyberattacks across the country — highlighting the need for businesses to take a more strategic approach to the problem. Reportedly, more than 50% of companies experienced one or more attacks that compromised their data or entire IT infrastructure — 77% of which utilized exploits or fireless techniques.
Unfortunately, some businesses feel out-of-depth in this area of protection, as the online world is still relatively new and the features it brings are tools that legacy companies struggle to comprehend.
Here at 2020 Vision, we offer advice on how your businesses can better protect itself from common cyberattacks, while also understanding how the newly implemented General Data Protection Regulation (GDPR) impacts the position businesses are in regarding security.
It’s important to understand that, although most conversations around cyber security discuss online avenues, physical devices can also have a profound impact on a business’ security. When looking at physical CCTV systems in particular, these can act as a gateway into a network if not properly installed.
Poorly implemented CCTV systems can be extremely damaging to businesses that fail to integrate their systems correctly — or currently have old DVR devices that haven’t been updated to prevent such occurrences. DVR systems that are traditionally employed in CCTV networks can make organisations very vulnerable, which is something that they should be trying to avoid at all costs.
The relationship between GDPR and cyber security
As a result of GDPR, the Data Protection Act 1998 was updated to become the Data Protection Act 2018 to help unify the data of citizens across Europe.
Many people believe that GDPR only applies to businesses that operate in Europe, but that is not the case. In fact, GDPR also affects businesses outside of Europe that handle the data of European citizens. Penalties have presented themselves as a threat to businesses around the world — with breaches of data potentially costing businesses 4% of their annual global turnover or €20m (depending on which is greater) if not reported within 72 hours.
There are some cases where enforcers may be more lenient. An example of this is when leaked data doesn’t reveal the identity of an individual and the most appropriate procedures were carried out once the unforeseen event occurred.
Businesses have never been more concerned around cyber security and are setting new corporate objectives to combat the problem. Organisations should be looking to implement an effective strategy to help prevent any potential attacks which could see them pay the harsh penalties set out by the European Parliament. After all, these fines could be detrimental to their operations.
Although businesses are becoming more familiar with the legislation, it’s important to look back and understand that it still shouldn’t be taken lightly — with initial reports of non-compliance occurring against Facebook and Google within the first few hours of its introduction. If this legislation is threatening the position of global leaders; it could put your business in jeopardy.
Are cyberattacks common?
With cyber security becoming a core focus for businesses around the world, it’s important for them to understand which types of threats they may encounter.
Malware is one of the most popular types of cyberattacks known and is simply a harmful program or file that can affect a computer (viruses, spyware, etc). Malware attacks have the potential to encrypt, steal and delete sensitive data without the user’s knowledge and permission. It was found that 58% of malware attack victims were small businesses, and this figure is only growing — with 61% of small businesses experiencing a cyberattack in 2017, which was up by 6% on the previous year.
You may have also heard about phishing, where criminals pretend to be someone else in pursuit of your details — often pretending to be a store, bank or even a charity. Emails will often look legitimate; from the address they have to the signature themes and logos used. However, they will include links and files that have the potential to extract personal information from your device, including passwords. According to research, 76% of businesses reported phishing attempts in 2017, which goes to show that cyberattacks are becoming more common.
Mostly known in the corporate world, DoS (denial of service) attacks are also quite common. Essentially, an attacker will direct more traffic to a website that it can actually handle; meaning that the server will be overloaded with visitors. Those who are genuinely trying to access the website will find it difficult, as contents will likely fail to load for them.
Listed above are just some of the common cyberattacks, but there are plenty more. Not only that, but with the advancements in technology and software, cyber criminals are finding alternative routes to ensure they gain access to the personal, digital information you’re holding as a business. Once you know that your data has been breached and that you’ve become victim to a cyberattack, you must report it to the appropriate authorities.
Although you would expect businesses to go to the authorities in the event of a cyberattack, many like to handle the problem internally. One example would be universities, which experience 1,000 attacks each month on average.
What you must consider
If you plan to move forward with any sort of protection strategy, you must understand that technology is changing all of the time, which you must be prepared for. You must constantly monitor and review the procedures you have in place to ensure that you know how to prevent attacks and react to them in the most effective way possible if they occur.
Being vulnerable — new features introduced through technology make us more vulnerable. It’s important that when new technology is adopted into the business, those using it are properly trained and are knowledgeable about the shift to ensure that it is being used properly. This will help prevent any risk from happening.
The amount of data — as 51% of the population now has access to the internet, businesses are seemingly handling more data. This has seen the introduction of the Cloud CCTV storage that helps combat taking up any physical space. The more data that is being handled, the more difficult it is to manage, which could open up a bypass for potential hackers. With this in mind, it is crucial that any Cloud storage that you use is fully protected and only accessible by those who need it. This data should also be regularly backed up.
Reviewing passwords — if you don’t find yourself regularly reviewing and changing your passwords, the likelihood of cyberattacks increases. Passwords within the business must be changed on a regular basis, as this makes it more difficult for outsiders to try and get into your internal operations. Make sure that the passwords you use differentiate with numbers, words, upper-case and lower-case letters, and special characters.
Will you be increasing your focus on cyber security? Complete an audit today and contact our team to find out what changes you need to make across your company to reduce the risk of any fraudulent cyberattacks which could slow down and harm your business operations.