The experts at Azur share their tips on protecting your business from cyber criminals.
Though you may assume that your business is too small to be targeted by cyber criminals, you would be wrong. We have heard reports of small independent florists being the victims of Distributed Denial of Service attacks on 13th February – just before their busiest day of the year – effectively disabling their websites in a bid to extract ransom money. According to a report by Appstractor, small businesses in the UK face an average of five cyber attacks over the course of 2018.
One thing is certain: this is a threat which is only going to increase. With the exponential growth of the internet of things and smart home technology, criminals have an ever-expanding number of devices to target in order to extract sensitive information. They use a variety of methods including SmiShing , Vishing , phishing , social engineering and ransomware, which is far and away the most common form of cyber attack. Deliberate attacks may be carried out by blackmailers, disgruntled family members, (ex) employees and business or political rivals.
Sensitive information which falls into the wrong hands can be used to damage reputation and/or privacy in many ways including identity theft, extortion, blackmail, cyber stalking and fake news or smear campaigns which can spread like wildfire across the internet and cause untold damage in a very short space of time. Nevertheless, while 98% of those questioned for the report believe that reputation is of huge importance to their family’s success, a surprising 38% of them did not have any kind of cybersecurity policy in place. That suggests a substantial disconnect between the risks posed by the misuse of leaked private and confidential information and the impact it could have on their reputation, privacy and future business dealings.
This is something which family offices need to address urgently. Strong defences are no longer optional and cyber security is a problem which needs to be addressed proactively at board level. A comprehensive policy will tackle three main areas which are outlined below along with some concrete protection measures that can be put in place against the most common threats.
· Commission an audit of cyber security requirements by a third-party speciailist
· Establish formal governance structures and guidelines relating to information and regularly review these to ensure ongoing relevance
· Monitor systems to detect a current or historic cyber attack
· Install a firewall and carry out an independent penetration test to determine how effective it is
· Back up all data off-site
· Put in place a secure authentication process for instructions concerning wire transfers and banking procedures
· Encrypt all emails containing sensitive information such as bank details and credit card information
· Regularly carry out IT upgrades and updates on all devices
· Carry out an audit of information in the public domain
· Correct inaccuracies in the public domain
· Remove information that does not need to be there
· Secure and Encrypt all Cloud based application passwords with the like of 1 Password, LastPass and Dashlane
· Use a unique password for each application or service you subscribe to
· Using password managers makes it easy to generate strong and encrypted passwords
· Use different passwords all Home Applications and Business Applications
In addition to the above, it is a good idea to have an action plan in place in the event of an incident so that swift steps can be taken to minimise the impact of a data breach. This should include what measures need to be carried out and by whom. Azur do not currently offer Family Office Cyber cover, but may be able to assist with your other cyber insurance requirements.