November 12, 2020

What is Cyber Security and why is it important?

Cyber security is the application of technologies, processes and regulations to protect systems, networks, devices, data and ultimately your business from cyber-attacks. In short, cyber security’s core function is to prevent unauthorised access to the vast amounts of confidential information we store, on everything from smartphones and laptops, to servers and cloud networks.

Cyber security is important because smartphones, computers and the internet are a fundamental part of modern life. From online banking and customer data, to email addresses and social media, it's more critical than ever to prevent cyber criminals from hacking our accounts, data and devices.
Thousands of online systems are compromised daily – most commonly in an attempt to steal money or confidential information. Last year alone, over four in ten businesses (46%) experienced a cyber security breach or attack [1].

It’s never been more important to protect your business from the threat of a data breach since the legal introduction of the General Data Protection Regulation (GDPR). Companies who overlook their data protection responsibilities now face the possibility of huge fines, as well as reputational damage.

Did you know the average cost of a data breach in the UK was £2.99M? [2]

In our guide to cyber security, we identify best practices and potential cyber threats to help you protect what matters. It’s also important to identify and know how to confidently handle any physical threats, both in the office and with remote workforces.

Safeguarding the sensitive information of your customers, clients and staff ensures your business doesn’t fall victim to the crippling fines – and reputational damage – handed out by the Information Commissioner’s Office (ICO).
 

Cyber Security Best Practices
  1. Our 8 Steps to Cyber Security includes a comprehensive rundown of the best practices your business should adhere to. By following these simple steps, you are well on your way to minimising the risk of your company’s confidential data being compromised.

    1. Set up a Risk Management Regime
    2. Install or Improve Network Security
    3. Use Strong Passwords
    4. Avoid Public Wi-Fi
    5. Stay Safe on Social Media
    6. Improve User Education and Awareness
    7. Use Hard Drive & Media Destruction Services
    8. Protect Smartphones & Other Devices
     
Cyber Security Threats & How to Combat Them

In 2019, malicious or criminal attacks accounted for 51% of all data breaches in the UK [3]. Cyber criminals are constantly on the look out for new ways to steal your confidential data. However, there are key cyber security threats you must be able to identify, to protect your customers, clients and company.

1. Phishing

The most common tactic used by cyber criminals is phishing. By using social sites or email, scammers will convince users to click on misleading links or provide confidential information. If an offer looks too good to be true, it probably is. So, check the senders email address and don’t trust anything that looks even slightly suspicious.

2. Malware

If a victim of phishing does end up initiating a download, there is a good chance the program received is harmful. Malware comes in many forms, tasked with anything from spying on systems to manipulating code. Antivirus and antimalware software are essential to protecting your devices from malicious malware.

3. Distributed Denial of Service (DDoS)

A distributed denial-of-service attack is a malicious attempt to disrupt the normal traffic of a targeted server or network by overwhelming the target with a flood of internet traffic. To combat DDoS attacks, you need an action plan, as well as DDoS prevention and mitigation solutions and software.

4. Brute Force or Password Attacks

Password attacks involve hackers attempting to gain access to a network by using a program to find a working password. Therefore, it’s vitally important to use strong, unique passwords on all of your systems and devices. An example of insecure passwords? 123456 was the most common password used in 2019 [4].

Threats to Remote Workforces

Since the start of the global pandemic, there has been a sharp rise in Covid-19-related phishing and fraud scams. Our guide to remote working scams will help your business identify threats, prioritise data security and ensure remote employees are following best practices.
 

Physical Data Threats & How to Combat Them

Since the introduction of the EU’s GDPR, there are signs UK companies are complying with the legislation. However, a common mistake for businesses is to overlook the threat of physical data.
Human error still accounted for 24% of all data breaches in the UK in 2019 [5] – which equates to potentially millions of pounds in fines distributed by the ICO. Ensure your workforce knows how to deal with data effectively and confidently, especially with the increase in remote working.

Desks overflowing with documents, boxes piling up in storage and filing cabinets that haven’t been organised in years don’t only make your office look untidy, they also represent a very real risk to your business.
 
Does your business:

1. Use locked filing cabinets for financial data and other sensitive material?
2. Have secure, off-site storage for documents that you are legally required to retain?
3. Prohibit the use of unsecure recycling bins at employees’ workstations?
4. Have secure shredding containers for safely disposing of documents?
5. Securely destroy old hard drives once they are no longer needed?
6. Have a secure remote working policy in place?

If you answered no to any of these questions, your business is at risk of a data breach. Shred-it has a range of services, such as secure paper disposal and hard drive destruction, to meet your needs to safely dispose of confidential information and avoid the risk of a fine and reputational damage.
 

The Cost of a Data Breach

In 2019, a record-breaking number of fines were handing out by the ICO, because of cyber-attacks, paper-based breaches and data thefts, enabled by weak security, cover-ups and avoidable mistakes. From Marriott International’s £96m fine, to the £179m blow delivered to British Airways – even some of the UK’s biggest brands have fallen victim to the long arm of the ICO.

In 2019, industries most at risk included healthcare, financial, energy and industrial, with the average total cost of a data breach exceeding £4m. See below for a comprehensive list of the most affected industries and the average total cost of a data breach.
 

IndustryAverage Total Cost (Global)Cost Per Record
Healthcare£4.98M£331
Financial£4.52M£162
Energy£4.32M£127
Industrial£4.02M£124
Pharmaceutical£4.02M£137
Technology£3.90M£141
Education£3.68M£110
Services£3.57M£137
Entertainment£3.34M£107
Transportation£2.91M£100
Communication£2.66M£102
Consumer£2.00M£101
Media£1.73M£95
Hospitality£1.54M£95
Retail£1.42M£92
Research£1.27M£90
Public£1.00M£60

 
Regardless of your industry, the impact of a data breach can fare far worse than fines. Did you know 44% of UK consumers claim they will stop spending with a business temporarily after a breach? Or that 41% of UK consumers claim they will never return to a business post-breach? [5]
 

Protect Your Business with Shred-it

Shred-it protects what matters and what matters to us is the security of your business. By following these cyber security best practices, combined with our specialty shredding services, you can give your company every chance to avoid a cyber attack, the resulting fines and reputational damage.

To learn more about how we can protect the confidential information of your customers and clients, contact us for a no obligation Data Security Survey. Our Data Security Survey is a crucial first step to ensuring vulnerable areas of your organisation are identified. Our team can provide efficient, expert recommendations on how to reduce the risk of a data breach and to help keep your business compliant with the GDPR.
 
[1] – Gov.UK Cyber Security Survey 2020
[2] – 2019 Cost of a Data Breach – Ponemon Institute
[3] – 2019 Cost of a Data Breach – Ponemon Institute
[4] – Wikipedia – Most Common Passwords
[5] – Business Wire