Even the smallest of businesses can further the work of a hacker so never assume you are safe from security breaches.
One of our suppliers recently removed 500 invisible links from a website, illegally placed and designed to take a visitor away to another website selling competing products. The days of underground hackers only targeting the big corporations are long gone, especially as methods and knowledge has become increasingly sophisticated.
Additionally, the vulnerability of many businesses during the Covid-19 pandemic is providing another cyber opportunity for criminal activity that we should be mindful of. As just one example - working from home securely, especially when you might have access to sensitive information, is a widespread issue.
The ICAEW has excellent resources to help us all operate more securely online. It has released a guide relating to the top cyber threats which is well worth reading. Its webpage includes reference material to bear in mind during the pandemic which is timely and useful. Its cyber resources also includes links to webinars covering topics such as: ‘Five questions boards should ask about cyber security” and “Tech essentials – cyber recovery”.
The ICEAW has a list of recommendations for companies to follow in case of a security breach:
Change your passwords, ensuring they are strong
Call your bank and credit card companies
Consider shutting your systems down
Report the incident to ActionFraud
Communicate to all involved, both external and internal. It is important all stakeholders, including customers and clients, understand what has happened.
If appropriate, engage a third party expert to assess the extent of the breach and advise on corrective action
Document everything you do
Consider creating an Incident Response Plan, outlining what you will do in the case of a breach – ideally before you are compromised
We always recommend that you speak to a trusted source in person before acting on any electronic requests to change bank details or make payments. We also know that there is not a reputable company on earth who would ask you for your password details - so never give those out as an absolute minimum measure.
There are many ways in which you are exposed to external intrusions: ransomware, phishing, hacking, data leaks and insider access as well as many more ways in which you might be exposed. It’s vital that any weak areas are secured or closed down to protect you, your reputation, staff, clients and suppliers as well as ensuring you are operating legally and compliantly.
If you have genuine concerns, speak to a business or consultant who specialise in online security. There are lots of things you can do to make life more difficult for the criminals!
Resources:
ICAEW cyber resources
ICAEW top 5 cyber risks
Action Fraud
Free advice from ICAEW
ACCA guide to email policy for employees