Since the start of the global Covid-19 pandemic, cyber-crime has increased by a staggering 600%. That’s around 65,000 cyber-attacks against Small and Medium-sized Enterprises (SMEs) in the UK every single day, or, one every 19 seconds.
The impact of the pandemic has been significant, pushing cyber security down the priority list for many businesses as they focus their efforts on survival. However, criminals have been quick to exploit weaknesses in security as a result of sudden changes in work practices, making many more businesses at risk of a cyber-attack or breach. If the past year is anything to go by, cyber-criminals have shown themselves to be highly adaptable, well organised and quick in identifying new opportunities to target victims.
Investing in cyber-security should therefore be a top priority for businesses in 2021. But the business community needs help. A lack of understanding about the scale and nature of the threat means that most businesses are poorly prepared for a cyber-attack or breach. The good news however, is that the overwhelming majority of cyber-crime can be easily prevented by implementing a few basic control measures. That’s where the insurance industry can really help us make the UK one of the safest places in the world to do business online. From helping SMEs understand their risk profile and supporting them implement those basic security controls, insurers and brokers are in a unique position to improve the security posture of businesses and deliver a sustainable change in behaviour towards cyber-crime.
At the Police Digital Security Centre (PDSC), we firmly believe that education and awareness is the most effective way of reducing the vulnerability of small businesses to the most common types of cyber-crime. By making simple changes and regularly reviewing them, businesses become better informed about how they can protect themselves and their customers from a cyber-attack or breach. Simple changes such as a strong password policy, regular training for staff on how to spot phishing emails and rewarding positive behaviour can make a huge difference.
We’re also of the view that good cyber security will not only reduce vulnerability, but will help strengthen a business’s ability to respond and recover if they are attacked.
Our four top tips for every small business to follow are set out below. Most of these solutions can be implemented for free or at a low cost, providing a solid line of defence against the most common types of cyber-attack. They should form the basis of every conversation between insurers and customers.
- Strong password policy – To prevent unauthorised access to devices and social media accounts, we suggest using a strong password. Current Government advice is to use a passphrase as opposed to a password. Using three random words makes it far harder for a criminal to hack. We also strongly recommend everyone changes default passwords on every device they install and consider using password managers.
- 2FA/MFA – Turning on ‘Two Factor’ or ‘Multi-Factor’ Authentication is a really simple way of protecting valuable data. 2FA or MFA simply means that even if a criminal is able to gain access to one method of entry, they still have another barrier to overcome.
- Software update – Another simple solution is to ensure that all devices and Apps are configured to install updates automatically. This ensures any crucial software fixes aren’t missed, which significantly reduces the risk of devices being infected with malware.
- Backing-Up Data – To safeguard the most important and sensitive data, we suggest using a back-up service so that data can be recovered in the event of an attack. Consider both hard storage and cloud storage.
For more easy and free cyber security tips, please visit our ‘Advice hub’ on the PDSC website www.policedsc.com.
Finally, in 2020, we began to rollout a simple self-assessment tool to help SMEs understand their risk of a cyber-attack or breach. Developed in collaboration with the British Standards Institution (BSI) and based on the National Cyber Security Centre’s (NCSC) Small Business Guide, we’ve been shocked at just how many businesses have failed to put in place adequate security measures. We’re passionate about helping SMEs reduce their vulnerability to cyber-crime, but the law enforcement community can’t do it alone. This is where we need your help in achieving the Government’s ambition of making the UK one of the safest places in the world to do business online.
Michelle Kradolfer - Cyber Development Officer at Police Digital Security Centre.
A multicultural, enthusiastic, positive and highly motivated cyber professional and Master of Cybercrime and Digital Investigation graduate with extensive knowledge in the criminological, cybercrime and cybersecurity landscape. The experience gathered throughout my time at university and at INTERPOL, have prepared me to perform effectively in high-pressure environments, working autonomously or in a team setting, and has strengthened my research and analytical skills significantly. My international background allows me to successfully adapt and thrive in any new environment.