This is the time of year when businesses commit to goals for the coming year. These are often about turnover, profitability, head count or exploring a new market.
But for businesses that suffer a cyber attack, all of this could go straight out of the window. For example, at the start of 2022, two accountancy firms, SJD Accountancy and Nixon Williams confirmed that they had been hacked in ransomware attacks. They spent the start of the year dealing with the hack, discovering if client data had been compromised, working out if they needed to inform the Information Commissioner’s Office.
The firms, both part of the Optionis umbrella company, lost the confidence of some of their clients, who complained on social media sites about communications around the hack and a lack of openness about what was happening. Later, Optionis itself said that its internal data had been copied and leaked online.
A fresh way to defend against hackers
Most businesses – particularly professional services firms – don’t want to admit that they’ve been hacked. After all, it can seriously damage your reputation and incur large fines. So it’s probably fair to say that, for each attack we hear about, there are several more that we don’t.
And while it’s understandable that businesses don’t want to confess to an attack, it also means that business owners can become complacent about the risks. After all, if you don’t hear that much about actual cyber attacks, how common can they be?
Sadly, that’s exactly the thinking that helps cyber criminals, and it’s probably the attitude that the hacked companies took before they were attacked. As ex-hacker turned cyber consultant Daniel Kelley says: “Businesses only care after they are attacked”.
In fact, now’s the perfect time to review your cyber security approach, and make any changes needed to help protect your business – and your employees’ and clients’ data – against increasingly sophisticated attacks.
Ask yourself the following:
- Are all your systems and devices updated and password protected?
- Is a cyber attack in your risk register, and are the mitigations still relevant to any updated forms of attack?
- Do you have cyber insurance?
- Do you train your staff properly? Around 90% of successful attacks are down to employee error.
- Does your organisation have a good cyber security culture?
- Have you got a cyber security policy for people working from home, or hybrid workers?
- Does your IT department or support company prioritise cyber risks?
- Have you reviewed and updated your cyber security policies in the last 6 months?
If the answer to any of these questions is ‘no’, you need to push this up your priority list for 2023. As commentators noted about the attacks on SJD Accountancy and Nixon Williams, simple things like requiring multi-factor authentication, or ensuring that your employees can recognise the danger signs of a phishing email, are fundamental to protecting your business from serious financial and reputational damage.
A fresh start can happen anytime
Just like any New Year resolution, an improved approach to cyber security requires a change in our behaviour. Building new habits takes a bit of time, a bit of effort and frequent prompting and reminding. Sustained behaviour change requires sustained intervention, after all. Fortunately, Psybersafe’s online training is designed to meet all those challenges without feeling like you’re learning at all. Quick, easy and interactive, it drives better cyber behaviours that could be the difference between a hacker’s success and complete failure. Don’t wait for something to happen to you.
Sign up to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.