In a modern society in which many of our daily actives involve being connected online, from social media to e-commerce shopping, having reliable and functioning internet technology is essential. Many businesses need to have a strong and reliable internet connection, especially when many of the day-to-day tasks required to run a business involve the use of internet-accessible infrastructures and cloud-based platforms. However, when a business is so reliant on technology used to connect computers, tablets, smartphones and other devices to the internet, it’s important to make sure you have effective cyber security in place as a way of stopping cyberattacks on your business.
What is a cyberattack?
A cyberattack is an attempt by hackers, either an individual or part of an organization to maliciously damage or destroy a computer network or internal system to disrupt, disable or destroy a businesses or organisations computing infrastructure.
Many types of cyberattacks can be attempted by hackers with the most common being in the form of malware software which can encompass various types of attacks including spyware and viruses.
According to statistics by DataProt, there are 560,000 new pieces of malware detected every day on computing infrastructures with four companies falling victim to a malware virus attack every minute. Malware is specifically designed software installed by hackers with the intent to damage or gain unauthorized access to a computer system, with the results being potentially catastrophic for businesses.
How do cyberattacks affect businesses?
A cyberattack can be devastating for a business and can have a lasting impact on the reputation of that company and how it is managed. Some of the ways a cyberattack could affect your business range from financial loss from theft of money or demands for ransom payments, disruption to daily business and even private information such as customer financial details being extracted and sold by hackers.
In May 2021, the United States’ critical infrastructure was shown to be unacceptably vulnerable to cyberattacks. Early in the month, Colonial Pipeline, responsible for delivering refined gasoline to much of the East Coast, was shut down by a ransomware attack, leading to lines at filling stations which were eerily reminiscent of the 1970s oil crisis. Later in the month, JBS, one of the United States’ largest meat suppliers, was also attacked by ransomware, causing disruption to national an international food supply chains.
Part of the problem in dealing with the situation, according to CNN, is that around 85 percent of America’s critical infrastructure is privately owned, limiting the federal government’s ability both to identify attacks and to assist the private enterprises that own and operate the networks the country depends on.
The 2019 National Defense Authorization Act tasked the Cyberspace Solarium Commission with answering two fundamental questions. First, what strategic approach will best defend the United States against cyberattacks of significant consequences? Second, what policies and legislation are required to implement that strategy? In its March 2020 report, the Commission advocated for a new strategic approach to cybersecurity—layered cyber deterrence—and produced 82 policy and legislative recommendations to support that strategy.
Last year , 25 of the Commission’s proposals passed into law. This is a significant step forward, but clearly only a first step. This year, Congress has the ability to enact further proposals to close the gap between critical infrastructure providers and the federal government in addressing cyberattacks. Of these proposals, the concept of “systemically important critical infrastructure,” (SICI) is the most important.
Under this law, the Department of Homeland Security would designate a system or asset as “systemically important critical infrastructure” if its disruption is likely to cause widespread damage to the national security, economic security, or public health and safety of the United States. This could include the interruption of critical services, such as water or power, or the disruption of hospitals or financial systems.
In December 2020, the European Commission and the European External Action Service (EEAS) presented a new EU cybersecurity strategy. The aim of this strategy is to strengthen Europe’s resilience against cyber threats and ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools. The new strategy contains concrete proposals for deploying regulatory, investment and policy instruments.
On 22 March 2021, the Council adopted conclusions on the cybersecurity strategy, underlining that cybersecurity is essential for building a resilient, green and digital Europe. EU ministers set as a key objective achieving strategic autonomy while preserving an open economy. This includes reinforcing the ability to make autonomous choices in the area of cybersecurity, with the aim to strengthen the EU’s digital leadership and strategic capacities.
The results of a UK Government survey released in March 2020 found that 46% of UK businesses reported a cyberattack during the year.
According to Insurance company Hiscox, the average loss accrued in a cyberattack can amount to £11,000. This figure can include hardware replacements and ransom payments as a result of online security breaches.
The different kinds of malware viruses
But what exactly are the different kinds of malware viruses, and how could a cyberattack affect your business? From Trojan horses, viruses and spyware, there are now more than 1 billion malware programs out there, says research by Comparitech.
The most common types of malware viruses that you should be cautious of are:
Viruses –A computer virus caninfect applications and code in the computer system of your business causing your systems to slow down and even have the potential to lose all your work documents and files.
Worms – Worms are often installed through email attachments and can spread from device to device which can result in an overload of your email server. A worm also has the ability to copy itself hundreds of times resulting in a copy of the worm virus being sent directly to all of your email contacts. This could be particularly harmful to your business if your clients and customers are negatively effected as a result.
Trojans – Named after the Trojan horse derived from the Ancient Greek story of the attack on Troy, a Trojan pretends to be an app or software that you may use regularly but is in actual fact a malicious program hiding inside another program that can be exploited by hackers to gain access to your businesses computing systems.
According to Statista, Trojans account for 58% of all computer malware and remain the most common malware program globally.
Spyware – As the name suggests, spyware has the ability to monitor your actions on your computer without you even realizing it. This can result in personal information about the user being extracted, like passwords, email addresses, browsing habits and other important information and can later be used for blackmailing purposes or fraudulent activities. Certain spyware even can take control of your webcam and record you without your knowledge.
Ransomware – This type of malicious malware blocks access to the affected individual’s computer until a sum of money is paid. Internet security company SonicWall reported over 700 million attempted ransomware attacks throughout 2021 which was a 134 per cent increase in comparison to the previous year.
According to safetydetectives.com, it is estimated that organizations and individuals could pay up to 11.5 billion yearly as a result of having their systems compromised by ransomware software.
Phishing – Phishing is the fraudulent practice of deceptive emails being sent from what appears to be reputable companies with the intention of gaining access to personal information, such as passwords and credit card numbers. Phishing is particularly damaging to those businesses whose brand and identity is fraudulently used to trick individuals into revealing personal information.
Almost 65 per cent of US organizations experienced a successful phishing attack in 2020 according to Comparitech which saw a global average of 55 per cent in phishing campaigns for the whole of the year.
Another way in which phishing hackers can gain personal information from individuals is by phishing sites that are designed to look identical to the websites that they are proposing to be. Social media sites and banking platforms like PayPal are fairly common phishing sites targets.
How to prevent a cyberattack
Ensuring you have the most current and up to date online security software and putting the right safeguards in place not only prevent your business from experiencing a cyberattack, but you may also prevent your business from occurring potential financial loss as a consequence of an online security breach.
Stay protected and keep your business safe by following these simple steps:
The easiest way that you can prevent a cyberattack breach is by installing antivirus software on your computers. Norton, McAfee and AVG are some of the more popular antivirus softwares that can keep you and your business protected online. You should also ensure that you keep your antivirus software up to date and install the latest updates when required. Make sure that you run regularly scheduled scans on your computers with your antivirus software to ensure that you are fully protected.
Use firewalls for your internet connection
Ensure that your business private internal network is secure by installing a firewall network security device. A firewall can block malicious traffic like viruses and cyberhackers and can keep you safe from encountering potential phishing sites when browsing online.
WIFI network security
Make sure that your WIFI network is private and that only authorized individuals have access to the passport. It is recommended that WIFI passwords be at least eight characters long and include an assorted mix of uppercase and lowercase letters, numbers, and special characters for extra security.
Cyber security training
Whether it is only yourself or for a team of staff, undergoing security training is a key way in keeping your business safe while ensuring that those within the company follow cybersecurity safeguarding. There are many free and paid cybersecurity certification programs available online that can teach you the dos and don’ts of keeping safe online.
We recommend these top online courses featured in top technology publication TechRadar.
Control access to your systems
Keeping access to computers and network limited is an essential way of keeping your business safe from a cyberattack. You can do this by proving employees with their own password-protected user accounts and by having a perimeter security system installed. It is also important to ensure that software downloaded and access to sensitive data is kept to a minimum at all times.
Remain diligent when online
Always be on the lookout for deceitful emails and phishing web pages. Be particularly diligent when it comes to emails and be cautious when opening emails from unknown senders. Remember, clicking on a phishing link from a fraudulent email can compromise your personal information and can inadvertently download a virus onto your computer.
Protect your phone
It isn’t just your computer that could be at risk of malware viruses. With daily reliance on our phones now a way of life, hackers are looking at ways to compromise our mobile devices. According to safetydetectives.com, it is estimated that approximately 24,000 malicious apps are blocked every day on mobile devices globally with malicious malware apps now populating both the Apple and Android app stores.
Be careful of what you install onto your phone and remember to run daily security scans. Be extra vigilant by avoiding unsecured public WIFI and also ensuring you regularly delete your browsing history, cookies, and cache on your mobile device. If you have a BYOD (Bring Your Own Device) policy in your company, think carefully about the security implications.
Backup your data
In the event of a serious breach of online security, data must be backed up to avoid loss of sensitive information and potential financial loss.
The internet has changed the way we do business and as many companies shift digitally our reliance on computers and phones have become essential in how we run our enterprises.
Michael Kaiser, executive director of the NCSA (The National Cyber Security Alliance), a nonprofit organization that was founded in part by the Department of Homeland Security in order to help Americans become more cyber-secure, says that the major tips for ensuring your cyber security are:
- Know that you play a critical role in both your own cybersecurity and the cybersecurity of others.
- Protect your email account even more that you do your bank account.
- Every device you use needs to be secure.
- Think of your personal information as if it were money.
- Consider your reputation and the reputation of others when sharing online.
- When it comes to sharing information, “If you have doubt, throw it out,” and don’t share.
- Teach children about cybersecurity.
Remember, keeping your business safe and secure against cyberattacks requires expert diligence and active safeguarding. By changing your online behaviour and how you operate using your computer or phone, you are ensuring that you are one step ahead in stopping cyberattacks on your business.
SEE ALSO: Cybersecurity in 2022