Cyber security and its importance to your business might not be something you have ever considered, or even invested money in.
But, right now it could be more important than ever and if your business is in any way connected to a network then it might be worth considering even if the main day-to-day operations of the company aren’t in front of a computer. A cyber attack could be enough to devastate your business despite the simple steps you can take to prevent one.
It is likely that electricians and installers will be at some point, a part of a wider supply chain. If so, this means that the cyber security of your business is just as important to the rest of the companies in the chain and visa versa. If one business experiences a breach, any company connected to that firm could also be at risk.
Putting cyber attacks into perspective
Almost half of all UK businesses have experienced a cyber attack or breach in the last year alone, according to data taken from the Cyber Security Breaches Survey: 2020, which details phishing attacks as one of the biggest threats.
Knowledge is key in preventing a major impact from a phishing attack and not just from IT teams or those that work in the security of the business. Every single person that is connected to the business network should have knowledge of the basics in order to combat against any potential attacks – everyone is a target.
The attacks can be seen in the image below, taken from the report
Phishing attacks, what are they?
Phishing attacks are socially engineered and threat actors will approach you as a seemingly trusted source.
This can be by email, SMS or telephone, and the aim is to mislead the recipient into providing sensitive information allowing access to the network by following a link. All it takes is for the recipient to trust the sender and follow the instructions.
This false sense of security and consequently the action taken can cause the installation of malware or trigger a ransomware attack, it could even be a cause to reveal sensitive data or confidential info like banking details and passwords – all from the simple click of a link.
Some of the most recent and sophisticated phishing campaigns have come from those acting as the US Centres for Disease Control and the World Health Organization (WHO), targeting victims with malicious links.
What you should be implementing right now
- Good passwords. Unique and long (more than 12 characters).
- If you can, implement two-factor authentication wherever possible when logging in.
- Educate the team on the telltale signs of phishing – suspicious emails, messages etc, and ensure they know who to report suspicious activity to.
- Never ever share sensitive information with someone that rings you unexpectedly. Be sure to check who they are, find a contact number from some other source (e.g., invoice, web site) and ring them back.
- Double-check anything that seems unusual, especially when being asked to do something outside of the normal process. Remember how easy it can be to fall into that false sense of security.
You could save your business by taking small steps
If you and all of your employees follow the five steps listed above, as well as implement more education around phishing attacks you will spot the signs of a breach sooner. Be sure to follow good practices in cyber security and remain vigilant, with all of the team taking responsibility for their own equipment and their own access to the network. If all of this is adhered to, the likelihood of a successful cyber attack could be reduced by up to 70 per cent.
The key to protection is making sure your business as a whole puts cyber security on its list of priorities and educates staff around the dangers of a cyber attack. Every business is a target, whether concerned solely with IT or only very little, and it’s likely we will have to prevent the attacks, and education and prevention are the only ways to do so.
Vicki Partridge, Head of ICT at ERF Electrical. Vicki has worked at ERF for 23 years and is now helping to lead the business through a period of digital transformation. Her focus is on streamlining processes, systems and ensuring the digital security of all the ERF team and customers.