Increasing the cyber resilience of your company

Cyberattacks are constantly evolving, becoming ever more sophisticated and frequent. Here, we look at emerging and common digital threats currently facing SMEs in 2023 and offer guidance on protecting your business from cyber criminals and scammers.

Latest statistics reveal that more than 80% of UK businesses experienced at least one cyber attack in 2022, so it’s important to be aware of the latest threats and how to increase the cyber resilience of your business against malicious or accidental risks.
 
Phishing, smishing and vishing
Phishing, smishing and vishing are three ways that a scammer may contact you in an attempt to gather personal information about you and carry out identity fraud. They then use your personal data or financial accounts to steal money, receive loans or services in your name, or commit other crimes. According to the Federal Trade Commission, in 2021, there were more than 1.4 million reports of identity theft!
 
Most people are aware of phishing attacks. This is where someone receives an email from someone masquerading as a legitimate business or reputable person, encouraging them to click on a link urgently and then malware is downloaded onto their system. Alternatively, they may be deceived into revealing sensitive information, such as a bank account number or pin number.
 
Then there are smishing attacks, where an SMS/text message is sent containing a fraudulent link enabling criminals to steal information or download malware, such as viruses, ransomware, spyware or adware, onto the victim’s device. Last year, there was a huge increase in smishing attacks encouraging people to click on the link and claim the £400 energy credit offered to everyone. This was to gather information about you that could be used for other means or purposes.
 
Vishing is where a phone call, voicemail or Voice over Internet Protocol (VoIP) is received, often using a pre-recorded robocall, pretending to be a legitimate company to solicit personal information from a victim. For example, you may receive a call about a warranty for your car or electrical item, such as a washing machine, and be asked to provide information such as address and bank or credit card information. Some can even ask you a question, to which the answer is ‘yes’ – this is recorded and used to authorise charges or access financial accounts.
 
Increasingly, there is a trend for scammers to get into dialogue with you via email about climate change, gaining your trust and building a relationship with you, so that, at some point, you will click on a link in a message or email.
 
Protecting yourself and your business
To avoid falling victim to any of the above, there are a few basic rules to follow:

  • Don’t click on links from someone you don’t know. Ask yourself if you need to click on it, if you know the person, who the email is from, does it have the right email address? Always check the content and structure of the email address before responding or clicking a link. If you want to check on them, you could go to the real website of the company they purport to be from and check to see if the info they’ve provided in the message is real.
     
  • Don’t give out personal information to someone who phones you out of the blue, saying they’re from your bank, government organisation or a company you do business with. Hang up and go to the official website, then call them using their official phone number to find out what’s going on.
     
  • Don’t answer calls or texts from a number you don’t recognise. This applies even if you’re phoning to ask if you can be taken off their list – you’re interacting with their call, which will lead to more calls from scammers

In addition, keep your devices up to date with the latest patches, don’t share USB sticks or external data drives and don’t back up all your information on one server – if that is compromised, you could lose everything. Instead, isolate essential services and back them up separately. Also, have strong passwords (use a Password Manager, if you wish), have good antivirus software installed on your system and use multi-factor authentication.
 
Case study
A typical case study could involve a small company that suffers a phishing attack, in which the receptionist is duped into clicking on a link, malware is downloaded, and some data is stolen. The company reports the situation to the Information Commissioner’s Office and informs customers. The ICO takes no further action, but the breach impacts some customers and they decide to claim against the company for compensation. Unfortunately, this situation is increasing due to phishing emails and data breaches.
 
Cyber insurance
We’re all guilty of assuming a cyberattack won’t happen to us. But it’s that complacency that makes us vulnerable. Here at TMD, we recommend protecting yourself and your business with cyber insurance, providing protection, should you be the victim of a cyberattack, against the financial and reputational damage you may suffer, and giving you access to specialist expertise to help restore your lost data.
 
We’ll be happy to explain in further detail how a cyber policy will protect you and give you the peace of mind that, in the event you are under attack, you have the resources and support in place to minimise the disruption to your business. Our advice is - don’t leave it too late; let us get you protected as soon as possible. To find out more about cyber insurance, please call TMD on 01992 703 000 or email insurance@mcdonaghs.co.uk


 

Sources
Experian.com: What’s the Difference Between Phishing, Smishing and Vishing?
fsb.org.uk: How to protect your small business against a cyber attack