Cyber security is still a major ongoing issue.
In the wake of the recent high profile cyber attacks on UK retailers M&S, Co-op and Harrods, businesses across the North West are being warned to be even more vigilant. The social engineering cyber attack on M&S showed just how easy it can be for a bad actor to gain access to a business’s IT systems – and just how bad the ongoing recovery can be. These events have also demonstrated just how much a cyber attack can affect a business both from a financial perspective and also from a trust and reputation perspective.

For many small businesses the huge cost of recovering from a cyber breach means that a number of them will never recover financially. To lose access to all of your IT data, customer data, social media accounts and other assets required to run the business, is very serious and is hugely stressful to deal with. Small and medium businesses tend to be more vulnerable to cyber attacks because they’re more unlikely to have cyber security experts on their staff, or perhaps they’ve not put all of their employees through regular cyber security training to help them spot red flags.

New cyber crime figures released
Recently, the Government released its latest cyber crime statistics, which estimated that UK businesses experienced a huge 8.58 million cyber breaches or crimes over the past 12 months – up from 7.8 million in the previous 12 months. Phishing attacks remain the most prevalent and disruptive type of cyber breach, with 85% of businesses and 86% of charities experiencing a phishing attempt in the previous 12 months. This is a vast number of businesses, and we are likely to see these figures increase as phishing attempts become more sophisticated.

Frequency of cyber breaches and attacks
From the new statistics, there was positive news – 43% of all businesses reported a cyber security breach or attack in the past 12 months, which is less than last year’s 50%. For microbusinesses, the figures were 35% down from 40% last year and for small businesses it’s 42%, down from 49%. However, for larger businesses, the prevalence of cyber breaches remains high – 67% of medium-sized businesses reported experiencing a cyber breach (70% last year) and 74% of large businesses (75% last year). However, of those businesses who did report an initial cyber breach, around half of those (46%) ended up being victims of a cyber crime. This shows how important good cyber hygiene is because something so simple as clicking on a phishing link by mistake can lead to a much more harmful cyber attack.

Cyber hygiene measures
The report goes on to state that overall there has been a small but positive uptake in cyber hygiene measures from small businesses: 48% undertake cyber security assessments, up from 41% last year. On top of this, 62% of small businesses now have cyber insurance, up from 49% last year. In terms of basic cyber protection, the stats were on the whole positive, with 77% of businesses having updated malware protection; 73% of businesses having password policies; 72% of businesses had network firewalls; 71% of businesses had cloud back-up services and 68% had restricted admin rights. However, worryingly, only 40% of businesses had multi-factor authentication (MFA) enabled and only 31% had a VPN for employees working remotely.

DI Dan Giannasi, head of cyber and innovation at the NWCRC, said: “As a police-backed organisation, we work closely with small businesses, charities, education and the public sector across the North West in order to give them the tools and the knowledge to build cyber resilience. It can take just one cyber breach to lead to a wider cyber or ransomware attack, which in turn could wipe out a small business financially.

“While it’s excellent that just over two-thirds of overall businesses have good basic cyber hygiene – it’s still very concerning that less than half of businesses have MFA set up, or further measures like a VPN. We strongly advise all businesses and organisations across the North West to sign up to our free membership, with regular updates and guidance on staying safe against fraudsters and cyber breaches.”

Key cyber security advice from the NWCRC:

– Good password hygiene
Cyber security starts with having strong and secure passwords. Ensure all of your employees know how to create a secure password, use a password manager, especially for shared business accounts, and how to keep it secure (ie. not written down anywhere).

– Update all devices
All internet-enabled devices, such as laptops, mobile phones and tablets, need to be kept up to date in terms of security updates for optimum security.

– Enable multi-factor authentication
It’s really important in the workplace to enable multi-authentication for every account, where possible. This will provide another layer of security, should the password ever be compromised.

– Control admin accounts
Ensure that all admin accounts are kept up to date and have every layer of security required. It’s also important to ensure that admin rights for each individual are kept up to date, especially when they move roles or leave the organisation.

About the NWCRC
The NWCRC was set up in 2019 as a police-backed not-for-profit organisation, and works to help North West businesses stay safe against the increasing dangers of cyber crime and cyber fraud. The organisation runs free membership for businesses across the North West, as well as funded training programmes with Police & Crime Commissioners and regional police forces. The team also works closely with the cyber student community to offer high quality paid work experience, which in turn allows them to run affordable security training sessions to businesses, charities and the public sector.

Sign up for free membership to the NWCRC:
nwcrc.co.uk/signup

To learn more visit www.nwcrc.co.uk

Contact us on 0161 706 0940
Email: info@nwcrc.co.uk