Hacking and data theft is a topic that should strike fear into the heart of any well educated business owner due to the potential implications of reduced reputation, financial losses and threat to the business.
Even so, every year we see stories of high profile organisations caught off-guard and exposed in a security breach. It is therefore baffling that more businesses haven't taken adequate steps to protect themselves from this very real threat.
Loss of revenue
Cyber attacks are often financially motivated, with criminals seeking to extort funds from easy targets with inadequate defences. Cyber crime is a fast moving arena, and businesses are often slow to upgrade their own security systems - leaving them wide open to attackers.
Hacking is now a viable business model for criminal organisations. Banks and financial institutions are being targeted in 'hacking for profit' missions. Over £350 million was stolen in 2013 from around 100 banks worldwide, with account holders and banks none the wiser until it was too late.
Talk Talk Loses Customers and Loses Face
The implications of a security breach could also be significant for customers of the affected business, with sensitive personal data at risk. The hack of telecoms company Talk Talk in October 2015 resulted in 157,000 of its customers having their personal details accessed by criminals - including over 15,000 bank account numbers and sort codes. The fact that two of the suspects arrested are teenagers, aged 15 and 16, shows how poor the security systems of many companies are. Hackers often boast that their exploits are "ridiculously easy" - one recent hack drawing the claim that "a four year old could have done it".
The implications for Talk Talk and the terrible way they have handled the issue in the wake of the attack, could see their financial performance take a severe hit from customers jumping ship that not even sponsoring the X Factor can fix.
Sony red-faced, not for the first time
Many hacks are done purely for media attention and publicity. Even when Financial gain is not the motive, these hacks can still be extremely damaging. Sony were taken down by hackers in 2014 for the second time in three years. Whilst no funds were extorted, this was still a very damaging incident for Sony's reputation. Data from was lost from 48% of its computers and 53% of its servers. Sony pictures were sent back into a pre-technological age, using fax machines to communicate, working with pen and paper, and paying employees with paper cheques.
Personal emails between staff were also exposed, resulting in some embarrassing, high profile dismissals.
Loss of Productivity
Sony's transportation back to a pre-technological era was not only damaging to their reputation, it was also damaging to their ability to get work done.
However, it doesn't take a hack to cause a crippling loss of productivity. A simple Phishing email could result in installation of malware that brings computers to a halt. Similarly, email can transfer the notorious CryptoLocker virus - ransomware that will permanently encrypt all data on PCs and servers that it comes into contact with. Only restoring from backup (if you have it and providing the backup is not infected) or paying the criminals for the decryption key can get the data back.
What businesses need to be doing to protect themselves
IT Security should be placed as the highest priority on all business agendas. A high proportion of businesses are heavily reliant on their IT systems and could not function without them. It is therefore paramount that businesses invest the required funds and attention into making their IT infrastructure as secure as possible.
Partnering with a technology specialist who can identify weak points in your infrastructure and recommend the best solutions to mitigate risk is essential.
Applications, devices and operating systems can become major security risks if not kept up to date. Vulnerabilities are discovered all the time, and not patching against these presents a back door into your IT infrastructure for cyber criminals to exploit. These updates can be installed in the background by a proactive IT support company, without disturbing the user from working.
Small businesses that don't partner with IT experts are also unlikely to have standard security features in place like managed firewalls, DNS monitoring, email security and anti-virus - greatly increasing their risk of a security breach.