Due to the conflict in Ukraine the government, the ICO and UK cyber experts generally are all urging SMEs to act against increased cybersecurity threats.
The situation in Ukraine poses an increased risk of cyber attacks to businesses and exacerbates the rise in cybercrime seen throughout the COVID-19 pandemic, partly due to cyber criminals exploiting gaps in the cybersecurity of people working at home.
The Information Commissioner’s Office (ICO) states there has been a steady and significant increase in cyber attacks against UK firms over the past two years.
Businesses handling valuable or sensitive data, or monetary transactions, like legal and accountancy firms – and those connecting to critical infrastructure like energy companies and other utilities – are urged particularly to take action as they are at greater risk of being targeted by cyber attacks.
Cybersecurity threats real for SMEs as data watchdog fines firm for ransomware breach
The ICO has said it would penalise those who don’t protect themselves adequately against attacks and fines could run into multiple millions. The watchdog gave a major fine to a London SME firm of solicitors recently because of a data breach resulting from a ransomware attack. The fine was based on the firm not meeting GDPR requirements between 25 May 2018 and 25 August 2020. The ICO report that the firm failed to process data in a manner that ensured appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss.
Between July and December 2021 the ICO recorded over 1300 cybersecurity incidents, including ransomware attacks, where cyber criminals demand payment to decrypt a victim’s computers. The National Cyber Security Centre (NCSC) recognises ransomware as the biggest cyber threat facing the UK today.
This is followed closely by phishing attacks where the victim is fooled, usually via email, into believing a link is genuine, clicking on it and downloading malware or revealing their login details.
Why the conflict in Ukraine poses cybersecurity threats to businesses
The NCSC, which is part of GCHQ, has issued warnings that businesses need to bolster their cybersecurity defences. Experts have said Russian hackers could target Britain, especially now that sanctions have been imposed on Russia.
There is quite a lot you can do to improve your cybersecurity, which doesn’t cost much money – and some of it is free. This includes:
Employee awareness
Your staff are the weakest link in your cybersecurity defences – but also CEOs and other C-suite personnel who don’t implement appropriate cybersecurity measures.
Busy people can get distracted and tricked relatively easily into being attacked by phishing and ransomware. IT IS VITAL that everyone undertakes basic cybersecurity training at least. Staff should be reminded of what to look out for and be alert.
It is easy to become complacent so short but regular cybersecurity training is best. This includes reminding people to report suspicious emails rather than just deleting them. There are various email banner tools you can implement to support your workforce with this too.
Other action you can take can be found in our cybersecurity checklist blog here.
As an IT Support firm we deal with cybersecurity on a daily basis. Do contact us on the form below if you have any questions or issues about cybersecurity threats and how to build resilience.