Anything that disrupts your ability to operate effectively is a business continuity issue. A data breach could compromise sensitive customer or company information, while malware or ransomware could paralyse your entire operation. Network security needs to be part of any business continuity strategy.
Cyber security threats were growing before the pandemic. Since Covid struck, the risk has become even greater. In one survey, 47% of IT professionals say the number of genuine cyber security threats has increased since the start of the pandemic.
Cybercrime is potentially catastrophic. According to recent statistics, the average cost of a lost or stolen record that contained a customer’s personable identifiable information was $150 (£107). A data breach can lead to the theft of hundreds or thousands of such records.
And it’s not just about money. Customers lose trust in organisations that are found to operate a less than water-tight cyber security framework.
Regulators can also get involved. Ticketmaster was fined well over £1 million last year for contravening GDPR regulations and failing to ensure the security of customer data. It will ride the fine, but suffer from plummeting customer trust.
Phishing is the most common cyber threat
In terms of business continuity and cyber threats, prevention is certainly better than cure. Phishing attacks are “by far” the most common vector for security breaches, according to a new survey by the Department for Digital, Culture, Media, and Sport (DCMS).
“Among the organisations saying cyber security had become a higher priority under the pandemic, there were those that said that, in their case, the frequency of attacks had increased since March 2020 – especially phishing attacks,” the report says.
Cyber criminals find phishing attacks cheap and easy to deliver, but also highly preventable. In a phishing attack, often delivered by email, employees can endanger their company’s security, and their own personal data, simply by clicking on a fraudulent link. For that reason, education is the first line of defence against cyberthreats.
Every organisation, however small, can and should follow basic cyber security essentials. That should include a written policy on the risks of phishing scams, with information on identifying scam emails. It should also include a warning about the risks of clicking email links.
Personal devices can be a security risk
The DCMS report found that, with staff working from home during the pandemic, organisations were finding it harder to keep hardware, software and systems updated. For instance, nearly one in five businesses (17%) report having out-of-date malware protection.
That situation is magnified when employees are allowed to use personal devices, something that is often seen as a money saving strategy by organisations. But as well as not keeping hardware and software up to date, remote employees may also adopt apps and services that haven’t been approved by IT.
It’s worth putting rules around these practices in writing. Staff should also be educated on the use of strong passwords and two factor authentication.
Operating during cyber attack
While basic education is a simple and effective cyber security essential, it isn’t the only one. Many businesses carry out cyber security risk assessments, while others test staff with mock phishing exercises. Nevertheless, only three in ten businesses (31%) have a business continuity plan that covers cyber security, according to the DCMS.
Of course, any business continuity strategy needs to include the protocol for reporting data breaches to the relevant authorities, and assign responsibility for doing so. After that, keeping your organisation up and running during a cyberattack is the key priority.
Business-grade cloud communications tools can help here, by allowing employees to switch away from compromised devices without sacrificing productivity. In fact, cloud-based communications solutions are a cyber security win win. They also give your employees full unified communications without the need to bolt on third party consumer apps (often in less secure ‘freemium’ versions).
In fact, cloud services are likely to feature highly in any business continuity strategy. Large public cloud providers pour huge amounts of money into both physical and virtual security, because their reputations – and business models – depend on it.
Services hosted on Google Cloud, AWS or Microsoft Azure will benefit from far higher levels of protection than most individual organisations can match. For added peace of mind, look for services hosted in secure ISO 27001 certified data centres.
It’s clear that cyber security is a business continuity issue. But organisations without the resources to employ experts in the field shouldn’t despair. Educating employees is the most effective way to reduce your risk of falling victim to cybercrime. Moving at least some essential services to a secure cloud environment could also be a sensible option.