Cyber security attacks What we can learn from recent incidents

With high-profile cyber security attacks and data breaches hitting the headlines, what can businesses and organisations learn from recent incidents? From applying cyber and data best practice, to software updates and insurance, there are several ways that you can protect your business from cyber threats.

A recent IoD survey, in collaboration with Hiscox, highlighted that cyber insurance was not one of the top three insurance policies held by survey participants. However, according to the Cyber Security Breaches Survey, 43% of businesses and 30% of charities reported a cyber security breach or attack in the past year. This figure equates to around 612,000 businesses and 61,000 charities being affected in the UK.

UK retailer, M&S, recently suffered a major cyber security incident that prevented customers from using their online platform. They issued a statement to say that although some personal customer data was taken, there was no evidence that this has been shared. However, they warned customers to be wary of any emails, calls or texts claiming to be from M&S in case these were cyber phishing scams.

Similarly, the Co-op and Harrods have also been forced to stop their online operations because of cyber incidents. Such high-profile cyber security attacks prove that no-one is immune from these types of threats. So, what can be done to protect your business and your customer data?

Common cyber security weaknesses in businesses

The most common cyber security weaknesses in businesses include:

• Out-of-date software. Cyber criminals look for vulnerabilities and they could access your website, systems or online store through out-of-date software.
• Leaked passwords due to a data breach. If you’re made aware of a breach, change your password immediately. Never use the same password on multiple platforms. Follow any guidance offered by systems when they give you an indication of whether a password is strong enough.
• Ransomware phishing emails. Criminal gangs are sending increasingly sophisticated phishing emails that can appear to be from within your organisation. Accidentally clicking on a link could give cyber criminals access to your systems.

Once cyber criminals have access to your systems, this could result in ransomware being installed. You could be asked to pay a ransom to either unlock your systems or to prevent data being deleted or stolen.

6 practical cyber security steps for businesses

• Stay up to date with any software updates
• Use strong passwords and change these regularly
• Move to two-factor or multi-factor authentication (2FA)
• Back-up data and keep devices secure with encryption and cyber security software
• Defend your business against phishing attacks by strengthening email firewalls
• Report any cyber attacks and data breaches, and alert affected customers

How cyber insurance can help

In addition to taking measures to improve your company’s cyber security, businesses should consider cyber insurance. Cyber and data risks insurance may help you protect your business in the event of a cyber incident by covering the cost of investigations and/or losses.

Hiscox wants to help your small business thrive. Their blog articles will contain lots of useful information relevant to your growing business. But these articles do not constitute professional advice and must not be construed nor relied upon as such. To find out more on a subject we cover here, please seek professional assistance, specific to your circumstances.

*Any discount is only applicable to policies introduced via the Institute of Directors, whether existing or new, but could not be applied to policies that are being managed by an alternative third party such as an insurance broker.

Discount available for the lifetime of your policy applies on renewals while the Institute of Directors remains an Introducer Appointed Representative of Hiscox Underwriting Ltd.

Terms and conditions apply. Subject to underwriting criteria. For full terms and conditions see hiscox.co.uk/IoD/business-insurance.

For details about how Hiscox treat your personal information please refer to Hiscox’s privacy policy.

The Institute of Directors is an Introducer Appointed Representative of Hiscox Underwriting Ltd. who is authorised and regulated by the Financial Conduct Authority. For UK businesses only.