It is a small world after all. Thanks to the worldwide web and smart technologies, we’re more connected than ever. But we’re also more exposed to security threats whilst online. For every computer genius designing increasingly intelligent devices, there is an evil genius trying to hack the system and hoodwink others for their personal gain.
The costs of recovering from a data breach can quickly mount up, particularly if affected people decide to sue. You could also be fined by the government for losing sensitive personal information, as this breaches the Data Protection Act. And if your computer systems are hacked, your business or charity may not be able to operate for a while, adding to your financial woes.
Think you’re safe? Think again…
News headlines about cyberattacks are often biased towards big businesses and banks, which can mislead small businesses and charities into thinking they are safe. Cyberattacks are a constant threat to any organisation that uses IT. Your organisation is at risk if it:
- Stores personal information electronically, such as names, addresses or bank details.
- Relies on computers to operate
- Has a company website
- Takes payments online or by card
- Uses email or social media
Spotting the threats
The cyber risks that we all face fall into three main categories:
- The accidental loss or misuse of information. For example, if a laptop holding sensitive data on children and young people is stolen.
- Physical system failures, perhaps caused by a virus spreading through your computer network.
- Direct and malicious cyberattacks. For example, a hacker could close down or corrupt your company website, and demand a ransom to stop their aggravating activities.
Cyberattacks can come from all sides, so we’ve rounded up the usual suspects here:
The inside job – sadly, your own staff or volunteers could have an ulterior motive. Do background checks on new starters and look out for disengaged employees that work odd hours.
The pretenders – emails can pop up from a seemingly legitimate address or known sender, but they are trying to get you to reveal confidential information. Run a Google check on the address or call the person or company being spoofed to check whether it is legitimate.
Gone phishing – Billions of phishing emails are sent each day. These are messages disguised as communications from reputable companies, such as Amazon or PayPal, but are trying to trick you into providing passwords and bank details. Report suspicious emails as spam then delete them.
Over-sharing – filling in online forms, subscriptions and social media posts can give too much information to the wrong people, allowing them to build a profile on you and steal your identity. Check your company’s social media privacy settings, turn off location services and read the terms and conditions on new websites. We’ve gathered some top tips on spotting fake websites here.
Man in the middle – Public networks are prime spots for intercepting data as it uploads onto the shared server. Hackers can set up fake Wi-Fi networks and then see the sites you visit, your passwords and account details. Consider using your mobile data allowance rather than risk public Wi-Fi.
Getting wise on the web
Firewalls, encryption, anti-virus software and data backups are all obvious means to reduce your cyber risks. But all it takes is one lapse by one member of staff and you could find your organisation in the middle of a digital age disaster. Here are some simple steps towards cyber security:
- Make all staff aware of the cyber threats and vigilant against sharing information online.
- Providing regular training to staff on cyber threats and good practices.
- Regularly change your passwords
- Keep all software updated.
- Check the security of your chosen cloud computing and other service providers.
- Include threats of data breaches and disruption of service in your Business Continuity Plan.
- Reduce the financial risks with Cyber Liability Insurance
Insurance for the information age
Traditional policies may not insure against cyberattacks or data breaches. An inclusive Cyber Liability Insurance policy can cover the costs of forensic investigations, legal advice, business disruption, computer repairs or replacements, cyber extortion (and any ransoms paid), crisis containment, reputation recovery and any compensation owed to people whose personal data was leaked.
The best way to arrange appropriate protection is through a specialist insurance broker, and our team of experts at Unity would be happy to talk through your charity’s needs.