Business Debtline – December 2017

Cyber Security: How to protect your business online

Cyber security is becoming more of an issue for everyone in our increasingly digitised world, and if you are a business owner then falling victim to cyber-crime can potentially put your business and livelihood at risk. When you consider that Small and Medium businesses make up 81% of Northern Ireland’s business private sector[1], cyber-crime represents a real threat to the Northern Ireland economy and should be a major concern for any modern business. If your business relies on any digital process, data retention or software systems, then your business may be vulnerable to a cyber-attack, such as online fraud, information theft, and malware and virus attacks.

What is a cyber-attack?

A cyber-attack is an attempt by a third party to damage, obtain, destroy or alter information held on any of the following:
  • Computer networks
  • Computer information systems
  • Network Infrastructure
  • On an actual computer device
Once information and data has been compromised, it can result in crimes such as financial fraud, information or identity theft.
Cyber-attacks can be pursued through multiple routes including downloading malicious files from emails and unsecured web browsing. The aim of a cyber-attack is generally to exploit vulnerabilities in your network, system, software or device.

Most common types of Cyber-Attacks

The most common types of cyber-attack are:
  • Unauthorised access to information held on your network
  • Unauthorised access to information held on your computer devices
  • Unauthorised access to information held on third party systems
  • Viruses / Spyware / Malware / Ransomware
  • Attacks on your business website or IT system
  • Spam / Phishing emails

How is my business at risk from a Cyber-Attack?

In today’s digital world it is highly likely that every business has assets that are vulnerable to potential cyber-security risks. These include:
  • Your personal and business identity, sensitive and financial information
  • Your client / customers’ personal, sensitive and financial information
  • Your database information, contacts information and online site login credentials
  • Your IT software and network infrastructure
  • Your intellectual property (for example designs, trading details, secrets, contracts)
Also your business can be at risk from internal cyber vulnerabilities, as anyone with physical or remote access to your systems, network or information can put you at risk. This includes employees, clients, partners, suppliers and contractors with access to your business premises or devices. Vulnerabilities than pose a risk include:
  • Employees accidentally misplacing devices or information
  • Employees being careless with security rules, policies and procedures
  • Ex-employees stealing or sharing information that can damage your business
  • Other insiders with access to your information or computer systems

How could a Cyber-Attack affect my business?

It can affect your business in a number of ways. This includes financial losses arising from:
  • Theft of financial information
  • Theft of money
  • Theft of business trade secrets / inside trading information
  • Disruption to trading
  • Loss of business or contracts
  • Cost involved to remedy the cyber-attack
  • Impact to reputation and client trust which could lead to loss in customers, sales, suppliers, partners, investors and other third parties
Another major issue of a cyber-attack is the legal consequences. The Data Protection Act requires that you have appropriate security measures in place to manage the security of personal data you hold. Therefore if data is compromised and is found that you did not have adequate measures in place, you could face expensive fines and sanctions which could put your business at risk.

Tips to protect your Business from a Cyber Attack

It is important you do not ignore the risks of a cyber-attack and presume that it will not happen to you if you are a small business owner. Therefore you should alleviate the risk and take steps to protect your business and ensure it is less likely to happen. Some tips are:
  • Install the best anti-virus and security software you can afford on your systems and devices
  • Download updates for security software immediately as cyber-attacks spread very fast, it is important you protect your devices as soon as an update becomes available
  • Use different passwords for different devices and different logins. Ensure your passwords are changed on a regular basis and ensure you cannot use the same password more than once.
  • Passwords should be strong with a mixture of characters and avoid and common sequences (like qwerty or 123456)
  • Use two factor authentication for any financial transactions, so they have to be approved via temporary codes sent to a mobile or by using a key card reader that is securely stored
  • Ensure your business and home Wi-Fi is encrypted and regularly change the password
  • Have your system preform a daily or weekly backup of your data and system information. If this backup system can be held off-site this protects against theft, fire or damage which would pose less of a threat to your business in the event of a major problem like this
  • Avoid using public Wi-Fi or an insecure network for any confidential emails or financial transactions
  • Be cautious of clicking on links sent by email or social media or downloading any files sent to you by an unknown source. If unsure check the addressee character by character as fraudsters usually try to mimic real email addresses and use some that look very similar.
  • Don’t be afraid to contact the sender first before opening to ensure it is legitimate if something looks suspicious.
If you have been the victim of cyber-crime and are struggling with debts because of it you should contact Advice NI’s Business Debtline on 0800 0838 018. Opening hours are 9am to 5pm, Monday to Friday.


 [1] Federation of Small Businesses NI Publication, (2016), “The Contribution of Small Businesses to Northern Ireland”