Search

'It's too easy to blame remote working for rise in cyber attacks'

In this blog, RDS Global cyber specialist Nigel Humphreys explains why businesses should upgrade their cyber security protections.


Nigel Humphreys is a cyber specialist at RDS Global.

I know you have a lot on your plate right now, so I’ll keep this short. Here are three vital reasons why businesses should upgrade their cyber security protections.


1. Lockdowns and cyber-attacks are like peanut butter and jam.


To some people the connection doesn’t make sense. To others, it makes perfect sense. Whatever your position on the matter, it’s a fact that during the last lockdown, cyber-attacks increased by 31%. In fact, between April and June 2020, a UK business suffered a targeted cyber-attack every 45-seconds.


So, why is this happening? One reason is the move to remote working. In many cases, this move was enforced and unplanned, which meant a collective lack of preparedness, particularly among small businesses. However, it’s too simplistic to blame remote working for the increase in attacks (even the successful attacks).

READ MORE: 7 ways to beef up your cyber security in 2021

I would argue that fear is a greater driver of successful lockdown cyber-attacks than remote working. Cyber-attackers have taken advantage of our collective need for information on the pandemic, by increasingly using fake Covid-19 information to lure people into clicking on links in emails/messages/etc embedded with ransomware (and other nasty surprises). Some of these techniques have been extremely realistic. And when people are desperate for information and comfort, it’s easy to be lured into the trap.


The connection is that a lot of the people clicking on these links are now working from home. The best way to protect your employees against fear-induced cyber-attacks is to ensure that the cyber security protections that they rely on in the office are now extended into their homes. The second-best way is to realise that now…


2. Every employee is responsible for cyber security.


Gone are the days when IT and cyber-security were the purview of one person that quietly went about their day fixing everyone else’s tech problems. Now, the entire team is the first line of cyber-security defence. A recent study by Kaspersky, a leading cyber-security provider, found that 52% of businesses considered employee’s to be their biggest security weakness. A vital, but too often overlooked, element of a strong cyber security strategy is employee awareness. You need to give your employees (especially when working remotely) the right tools to protect themselves and the business. There is no greater tool on the planet than information and knowledge.

Our Trusted Partners are official providers of Cyber Essentials certification - click here for details

The bottom line is this. The greatest threat to the increasingly sophisticated cyber-security tools at your disposal is (and probably always will be) that of human error. Cyber security tools protect your business from external threats. But they will always have one weakness: internal human error.


However, it’s important not to bombard your employees with too much information. They don’t need a degree in cyber-security. A good starting point is to make them aware of the latest remote-working guidance from the National Cyber Security Centre. You can then build on the collective knowledge base with more in-depth cyber awareness training if and when your team needs it.


3. Cyber security is a marketing tool (or nightmare).


Hackers are, perhaps, some of the greatest marketers in history. When a hacker successfully completes a job for a business the campaign goes viral (every customer knows about it). Great for the hackers; they almost-always get more gigs. Not so much for the business (unless they believe in the saying “all publicity is good publicity”).


In our digital, social media fuelled world, everything about your business is marketing. That includes your cyber security (whether it’s successful or not). Ask yourself this question: if a business exposed your personal data to hackers because they failed to invest in the right levels of cyber security, would you continue to be a customer?

Exactly. Follow up question: would you recommend that business to your friends and family? Exactly. Okay, final question: would any form of flashy marketing (read advertising) campaign convince you to return as a customer? Maybe? But it’d be a tough ask, right? And the trust would be broken.


Business is built on trust. As your business collects more and more data about each customer, the importance of trust is amplified. Your investment in cyber security is a marketing tool that can be used to cement that trust and improve the customer experience (or it can go the other way).


* RDS Global are among our Trusted Partners. Click here to find out how they can support your business today.


The contents of this blog provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

The Cyber Resilience Centre for the East Midlands is set up to support and help protect businesses in the five counties against cyber crime. 

Useful Links 

Connect with us

  • LinkedIn
  • Twitter

© 2021 East Midlands Cyber Resilience Centre