Cyber-crime is now such a major threat to UK businesses that many companies will soon have to prove they are properly protected to avoid losing key contracts.
The cost of cyber fraud to the UK private sector is now estimated to be £21.2bn – with the average security breach costing anywhere between £75,000 and £311,000.
Criminals gain access using a range of techniques including deception to trick you into revealing passwords and spyware that records your log-in details. There are many vulnerable areas in a typical office or factory: USB sticks that aren’t properly protected before being slotted into a hard drive, dangerous web links and infected downloads..
Now the UK government is advising all businesses to prove they have good IT security measures in place by attaining certification from the Cyber Essentials programme. Failure to have this certification could result in the loss of big contracts and you could miss out on future tender opportunities with the public sector.
Get independent advice
A good independent IT consultant can prepare your company for the assessment. You’ll need help because it’s no easy exercise. Many companies fail the assessment because the cyber security measures they use simply aren’t up to scratch.
Gary Jowett from Brighton-based Computer & Network Consultants says: “We’ve helped a number of customers achieve certification with good preparation. To pass the assessment they must demonstrate a number of things: their systems must be up to date with the latest software patches, they should have the latest version of their antivirus software and they also need a robust password policy where complex passwords are used and an effective firewall to stop intruders.”
Another important aspect which will be scrutinised is employee education. How intelligent are your staff when faced with potential threats? The assessors will send spoof emails to your organisation before the main assessment day to see if anyone is foolish enough to open them. So, beware, you may have failed the assessment before the assessor pays a visit!
Employees should also be aware that social media can leak personal information thereby helping cyber criminals worm their way in.
“If you’ve been moaning about your bank on Facebook and a hacker spots this, he can then target you with a spoof email that looks like it’s from your bank,” says Gary.
“It’s so easy for human nature to take over and in a moment of thoughtlessness, you click on a link and the criminal accesses your computer. Mentioning favourite pets or other familiar names on social media can also give a hacker a clue about the passwords you use.”