With the recent hot weather, we’ve all felt the need to fling open the windows. But you’d never dream of leaving the house with-out closing them first, for fear of attracting an opportunist thief into your home to steal your belongings.
Are you making sure the ‘windows are closed’ in your business as well, though? Or are you inadvertently opening up to a would-be thief?
A report from the government’s Department for Digital, Culture, Media & Sport in March 2022 stated that “almost one in three businesses (31%) and a quarter (26%) of charities suffering attacks said they now experienced breaches or attacks at least once a week”.
Keep a log of the systems and sites you use, and who has access
We’re all fairly used to reading horror stories about data breaches and have images in mind of hackers working away in dark rooms, doing their worst, and that’s not an unfounded thought at all. There are huge threats posed to companies: not only the traditional ‘hackers’ out to cause disruption or to steal your data but now also ransomware attacks, where malware is installed to prevent a user or an organisation having access to files until a ransom payment has been made in exchange for the decryption key.
Data breaches come in all shapes and sizes and from the most unlikely of sources, affecting all sizes of business. We’ve all at some time received a ‘suspect’ email from a contact and got in touch to alert them to the fact they may have a ‘problem’.
Attacks from within
Data breaches can and do come from within. A drop in vigilance by staff can result in so-called phishing emails that dupe them into releasing details and can be massively problematic. In some companies, IT departments send out fake phishing emails to test the response of their employees and help to educate.
It’s the things you put in place ahead of a potential incident that could make the biggest difference
Although this may seem a little harsh and no one likes to think they are being set up, it’s not unjustified given that, according to the government’s survey, 83% of cyber breaches or attacks on businesses in the UK were phishing attacks whereby staff received duplicitous emails or were directed to fraudulent websites.
Of course, malicious attacks can also come from trusted individuals within the business; those who have been given access to data in the course of their role who then decide to pilfer, motivated by revenge or greed. These kinds of breach are difficult to foresee and almost impossible to prevent.
Although it may sound like an issue for your IT department, the security of your systems and data is a problem much closer to home and the consequences of data breaches affect every part of the company. Many smaller companies don’t have the luxury of an IT department, so what then?
Consider your reaction measures for when you encounter a problem. What are your back-up plans?
There are some small but significant measures that anyone can take in a business to get on top of the risks. Keeping a log of the systems and sites you use, and who has access, is a great start. These include things like personal email accounts but could also include generic email accounts such as info@ and support@, and even social media accounts to which numerous people have access.
Protocols
You should consider putting rigid protocols in place to remove or restrict access to these on either the resignation of an individual or, without fail, their last day. Regularly reviewing these logs and removing access where it’s no longer needed are also good practice.
Frequently encouraging your staff to change their passwords seems obvious but, when unprompted, the practice is something that in the busy day-to-day rarely happens. Staff should consider using phrases or even sentences as passwords, which makes them more difficult to guess. A good way of not using the same password for every account is to put a system in place whereby the password is different each time but easy to remember; for example, ££nameofwebsite99!
Many smaller companies don’t have the luxury of an IT department, so what then?
Finally, you should consider your reaction measures for when you encounter a problem. We all accept regular fire drills but it’s more likely that you’ll experience a data breach than it is for your office to catch fire. What are your back-up plans? How will you communicate to customers that there’s been a problem? Are you familiar with the Information Commissioner’s Office’s ‘self-assessment’ procedures for reporting a breach?
These may seem like tiny measures in the grand scheme of the problem, but they could have the biggest impact.
It’s the things you put in place ahead of a potential incident that could make the biggest difference to your resilience and ensure a quick recovery if the worst were to happen.
Nicola Firth is founder and chief executive of Knowledge Bank
This article featured in the July edition of MS.
If you would like to subscribe to the monthly print or digital magazine, please click here.
Original Article
![VA Loan Requirements | Veterans Home Loan Eligibility [Spring 2018]](https://cdn.finopulse.com/wp-content/uploads/2025/07/VA-Loan-Requirements-Veterans-Home-Loan-Eligibility-Spring-2018.jpg)
