You might be forgiven for thinking that ‘cyber attacks’ only happen to governments and security services. However, the fact is that an estimated 81% of large companies and 60% of small businesses had a security breach of some sort last year, putting cyber protection very much in the spotlight.

We spoke to cyber security expert Michael Ranaldo of Dephrisk to ask him what sort of threat cyber-criminals pose to UK businesses, and what can be done to reduce the risks. He told us:

“First and foremost, businesses need to understand that regardless of how good a firewall they have in place, if a hacker really wants to breach it, they will. So while getting the right hardware and software in place is important, intelligent risk management is also essential in order to maintain the security of your digital assets.”

How can you manage the risks posed by cyber-criminals?

“Well, it’s important to understand that for every ‘bad’ hacker, there are many hundreds of ‘good’ ones, working for companies like Dephrisk and software providers like Microsoft and Adobe. We’re all here to help you reduce the risks, but it’s important for businesses to take those risks seriously, and put the right Cyber Security and Data Protection policies in place. After all, you are unlikely to fall prey to a massive denial of service attack, but quite likely to suffer problems caused by bad practices within the organisation.”

What sort of practices do you recommend?

“We analyse risk on a case-by-case basis. But, broadly speaking, organisations need to think about the four Ps: Policies, Passwords, Personnel and Patching. No reputable organisation would be without a Health & Safety policy. But cyber security is just as important. Businesses need a Cyber Policy that covers areas like Data Protection, backups, file sharing and business continuity. Passwords need to be at least 16 mixed characters, and they also need to be changed every six months. Personnel are also crucial. Staff need to be trained to a proper level of computer literacy, so they don’t download unsafe files, fall for phishing scams, or use unsafe practices such as sharing files with colleagues via social media platforms.”

That’s three of the four Ps. What about Patching?

“Do-good hackers are constantly identifying online threats and creating ‘patches’ to neutralise them. So when you get a pop-up on your PC or Mac to say that there is a software update available from the likes of Microsoft or Adobe, the chances are that it’s a security update with an essential Patch. So you really have to take a minute or two to install those updates when they appear, in order to keep your digital assets safe.”

Do you recommend Cyber Liability Insurance to your clients?

“Absolutely, the costs associated with your systems or website going down, or data getting into the wrong hands, can be enormous. Average costs for a small business are around £4,000 per incident, but that can run to over a million pounds for larger organisations. You can also receive punitive fines from the Information Commissioner’s Office of up to £500k, even where customer data was lost due to a criminal attack. And not only can you suffer massive financial losses, the reputational damage can be just as hard to recover from. A good cyber liability policy means that should the worst happen, you can rely on immediate technical, legal and PR support to help you get your systems up and running, as well as managing the fallout from bad publicity and any fines levied under the Data Protection Act.”

To find out more about managing cyber risk, you can talk to Dephrisk; and if you would like to know more about the protection offered by Jelf’s Cyber Liability Insurance, please contact us today.

Print PDF