Cyber breaches are, unfortunately, becoming more and more frequent. We hear about them on the news but never think that something like that will happen to us. Have you ever thought about how much a cyber breach could cost your business? If you hold data on your customers/clients, it won’t take much for a hacker to get hold of this if your IT systems aren’t secure. In this blog, we’ll explain the damage a cyber breach could cause to your business, what the real cost of a cyber breach is, and how to ensure you are best placed to avoid ever having to experience one.
So, what is a cyber breach?
A breach is when a person or an application gains access to your organisations protected data and systems. The breaches can come in many forms, but two of the most common ones – and perhaps ones you may have heard of already – are malware and phishing.
Malware can be viruses, ransomware or trojans and phishing can be malicious emails, websites or text messages used to trick a victim into providing information or downloading a compromised file. It’s imperative that you have as much information as possible on the different types of breaches so you can put measures in place to ensure you don’t become a victim.
If your company has a breach and your customer’s data lands in a hacker’s hands, the ICO can fine your organisation 4% of annual global turnover or €20 million, whichever is greater, under GDPR. In 2019, the ICO released the intention to fine Marriott international, Inc more than £99 million under GDPR for a data breach that could have been prevented. This is why it is imperative that business owners know how to minimise the risk of these attacks.
What is the real cost to your business?
If you are unfortunate enough to encounter a cyber breach, your reputation could be tarnished. Having to tell your customers that their data has been stolen isn’t an easy conversation to have. This can have a detrimental effect on how you do business in the future. This may then result in loss of revenue due to customers opting to go elsewhere for the services you offer, thus giving your competitors the upper hand.
“Studies show that 29% of businesses that face a data breach end up losing revenue. Of those that lost revenue, 38% experienced a loss of 20% revenue or more.”
Potentially losing a good reputation and over 20% of revenue is surely a good enough reason to put appropriate measures in place to lower the risk of you being affected.
What can you do to minimise the risk of a breach?
- Update software as soon as options are available
- Upgrade when the software is no longer supported by the manufacturer
- Enforce strong credentials and multi-factor authentication
- Educate employees on the best security practices
- Have a firewall protecting your devices
- Use a secure email software
- Book annual Penetration tests
- Run quarterly vulnerability assessments and endpoint protection
When creating passwords for your business logins, make sure your password contains characters from three of the following categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters (for example, !, $, #, %)
When enabling multi-factor authentication, try to keep the authenticator apps used to a minimum so staff members don’t have to download multiple different apps. We use Microsoft’s Authenticator App for our staff.
Try not to ignore the pop-up reminders you will get asking you to update your software. There are updates for a reason, and more often than not, these updates include security patches.
Schedule regular reviews with your Managed Service, or IT Security Provider. They will run tests inside and externally to your IT infrastructure to offer preventive measures.
Research from IBM found, ‘the average time to identify a breach in 2019 was 206 days’. Your MSP could prevent this if they have the relevant skill sets.
Ultimately, cybercriminals are becoming more intelligent, and the tools used more sophisticated. Businesses can never be 100% safe from an attack. The goal is to keep an attempt to access your network from turning into a breach of any kind. Following the steps we have outlined in this blog will ensure you are in a good position to block an attack.