27th June 2024

Trudy Morris, Chief Executive, Caithness Chamber of Commerce:

The latest Cyber Security Breaches Survey by the UK government paints a troubling picture for businesses, revealing a significant uptick in cyber-attacks over the past year. The survey highlighted half of businesses had fallen prey to these attacks, an alarming 18% increase compared to the previous year. In small and medium businesses, the impact is expected to be much higher and could be as much as 80%. What’s more concerning is that only three in ten businesses have taken the crucial step of conducting cyber security risk assessments.

The financial impact of cyber-crime is significant. However, costs are just one aspect of the problem and the disruption caused can be devastating. National news reports are continually highlighting how major organisations such as the NHS are plagued by attacks. Only earlier this month several London hospitals declared a critical incident after an attack which is expected to cause several weeks’ worth of disruption. It’s safe to say, cyber-crime has cast its net over every aspect of society.

The evolution of communication methods over the last two decades has made us more susceptible to phishing, a deceptive tactic where scammers attempt to trick individuals into revealing personal information or clicking on malicious links. Our devices constantly notify us, updating us about everything from package deliveries to bank updates.

I think back several years ago when I received an email which I thought was from the bank.  It had their logo and all the things you would expect. I wasn’t interested in what the email was about, but it reminded me I needed to check the bank. So, I absentmindedly clicked on the link in the email as I was in the middle of something else thinking it would save time. I got to the bank page and started to input the login details and thankfully stopped as I realised this page wasn’t genuine. Scammers take advantage of sensitive timings and create urgency to act, urging users to update passwords, follow malicious links or as in my case trigger a response because of something else going on or needing attention.

Furthermore, with the assistance of artificial intelligence, phishing attacks are becoming more severe, and we can anticipate an increase in both the quality, sophistication, and quantity of phishing in the future.

There is a saying “by failing to prepare, you are preparing to fail” and we are fortunate to welcome Dr Keith Nicholson, founder of Cyber Security Scotland to our upcoming Members’ Insight session on July 17th. Cyber Security Scotland is a non-profit organisation providing advice, assurance, and risk assessments along with cyber security training. Keith will share practical insights on how to safeguard your business from cyber-attacks and will also discuss common cyber threats, vulnerable times for firms, and how to handle such situations. Keith will also walk through essential planning steps to prepare businesses before a cyber-attack occurs.

Business Insight, Dr Keith Nicholson, Founder of Cyber Security Scotland.

As we become increasingly dependent on the internet for doing business, it is essential that firms know how to protect themselves from cyber-attacks and the loss of crucial data. Rarely a week passes without news of a ransomware attack on a company or public body. Usually, these make the news because they are large organisations, but don’t be misled into thinking “I’m OK, we’re too small to be targeted by cyber criminals”. Even micro and small businesses can fall victim to a cyber-attack. All it takes is a click on a link in an email, paying a bogus invoice or completing an online form to “update your banking details”.

And it is so easy to be fooled. Some emails (and increasingly text messages) can mimic the appearance of genuine organisations, such as your bank, HMRC, DVLA or a parcel delivery company and trick you into giving the criminals financial information to enable them to rob you or take out credit cards in your name. Or they simply encourage you to click on a link and then the virus downloads into your computer system and locks up your critical business data. These emails or texts may not be specifically targeted to your businesses but randomly sent out to tens of thousands of email addresses or phone numbers hoping someone will be fooled.

National Cyber Security Centre (NCSC) research shows that 85% of cyber-attacks occur like this; they also indicate that only 15% of businesses across the UK have any plans or know what to do if they fall victim to these attacks.

So, what can you do to protect your business? The good news is that the basic protection is easy and inexpensive.

Through delivering cyber assurance checks and compliance reviews, we have helped organisations of all sizes from large public bodies and multinational firms to small businesses to improve their cyber security and resilience from cyber-attacks. Through this work we have produced a 5-Step guide for firms of any size that covers the common risk areas:

  1. Have quality security software installed on all PCs, laptops, tablets and mobile phones.
  2. Make staff aware of common cyber-attack methods and what to look out for.
  3. Decide what data is critical to keeping your business running.
  4. Check this data backed up regularly and can be recovered.
  5. Have a plan on what to do if you are attacked and practice this plan.

These basic prevention measures will reduce the risk of cyber threats.

Staff training and awareness is especially important as we are all vulnerable to making mistakes. We deliver non-technical training and awareness sessions in plain-English to help company staff and directors, but before commissioning sessions such as these, you should look at the free material available on the NCSC website. This offers a useful starting point.

If you are unfortunate to fall victim to an attack, don’t be embarrassed. Contact the NCSC first, they are world-class specialists and can help, then call the police to have the crime recorded, they may be able to help too.

It’s often said that it’s a matter of “When not If” a business will have a cyber-attack – be prepared!

Dr Keith Nicholson is founder of Cyber Security Scotland, a non-profit business offering advice, assurance and risk assessments with training in cyber security. Register for the upcomming Members Insight Session Members the 17th July, where Keith will share more insights to help ensure your business is prepared. Register Now on Eventbrite or Contact the Chamber Team to find out more! 

Got a good news story you’d like to share? Get in touch with the Chamber today!

E: info@caithnesschamber.com
T: 01847 890076