Cyber-attacks are on the rise, and it’s crucial to take measures to protect your business. A recent report from the Governments Cyber Security Breaches Survey shows that 32% of UK businesses identified a cyber breach in the last 12 months, this rises to 59% for medium sized businesses and a very worrying statistic is that 82% of FE colleges suffered a security breach in the last 12 months.
SME’s are a prime target when it comes to cyber-attacks, as most SME’s don’t tend to have a budget for cyber security and therefore still use legacy defences and weak or insecure passwords. Cyber-crime costs UK businesses an average of £15,300 per victim.
In addition to this cost these attacks can cause reputational damage, so ensuring that your business is safe from cyber-attacks is vital.
Ransomware is a type of cyber-attack in which an attacker encrypts a victim’s files and demands a ransom payment in exchange for the decryption key and is becoming more common and the emails that introduce the vulnerability more convincing. In the North West alone, there are on average over 45 reports per week of ransomware attacks according to the North West Cyber Resilience Centre.
Phishing emails are commonly used to spread ransom malware, by tricking a user to click a link or opening a malicious attachment, cyber criminals gain access to the employees computer and then the ability to install and execute the malware software. Often this will lie dormant and undetected for weeks until it is activated, the most common time for activation is a Friday night around midnight.
One of the best things a company can do to protect themselves is to build a cybersecurity culture internally, ingraining the importance of security in the company starting with the weakest link… your people!
Employees need to understand what to report and when something doesn’t look right, especially now with the move to more flexible working from home arrangements.
Cyber training should include elements of the following:
- How to identify a phishing email
- Not to click on malicious links
- Never open unexpected or untrusted attachments
- Avoid revealing personal or sensitive data to phishers
- Verify software legitimacy before downloading it
- Never plug an unknown USB into their computer
- Use a VPN when connecting via untrusted or public Wi-Fi
- Report suspicious emails
A Ransomware attack will render your systems inaccessible and the attackers may look to leak or sell your data, when was the last time your organisation reviewed their Cyber Plan and tested it. More importantly, does your organisation have a Cyber Plan at all?
Currently, only 14% of companies train their staff on cyber security and only 20% have tested security responses.
Why are Employability and Skills Providers at risk?
Cyber attacks are often untargeted with the attackers indiscriminately targeting as many devices, services or users as possible in the hope of finding a vulnerability, like trying lots of door handles in the hope that one is unlocked in order to access your information. Employability and Skills data contains Personable Identifiable Information as well as Special Category data, alongside narrative caseload information. If an attack is successful, the attacker will find valuable information to leak or sell on the dark web marketplace, it is critically important that only those who are authorised to do so can access it. By using an ‘on premise system’ and storing data internally, your systems as with all SME’s, are open to cyber attacks and therefore you need to ensure that you have the organisational and technical measures in place to help minimise the possibility of an occurrence. This includes security training, plan testing as well as the technical know how to protect your environment.
Using a hosted Management Information System (MIS) such as YETI takes away some of those headaches, as the technical responsibility for the data is borne by the supplier, leaving you to concentrate on the organisational measures.
How can CogniSoft help?
At CogniSoft we are proud to be ISO 27001 certified since 2011 and Cyber Essentials and CE Plus compliant since 2014, we have mature processes around security ingrained into the organisation from development through to support.
We host your data in a secure UK based data centre and YETI supports Multi Factor Authentication integration with Google Authenticator and Authy for added security on log in. Additionally, our system is Penetration tested, ensuring that the data can only be accessed by authorised people.Contact us today to see how we can help on 0161 777 2900 or email us at email@example.com