How secure is your business digitally?

At a recent business networking event, Impression Marketing Owner, Angus Long, met with Michelle Pugh of Adept CTS, a communications and technology business, where he discovered just how vulnerable small and large businesses are to the crippling effects of modern cyber threats.

Cyber-crime can affect the smallest company to giant organisations, as recently demonstrated by the NHS, with destructive computer viruses and ransomware causing untold chaos, disruption and substantial costs.

Michelle Pugh set up her first IT communications and technology business, Way-2-Communicate, in 2010.

Speaking of the decision to set up the business, Michelle explained: "For quite some time, almost every organisation relies on some form of IT in the day-to-day running of their commercial activities and we saw a gap in the market for businesses, large and small, to access a range of IT solutions including connectivity, secure document storage and, of course, cybersecurity and disaster recovery planning.”

The company grew rapidly and in 2013 they acquired rival Adept CTS, merging the businesses and ensuring they continued to go from strength to strength.

THIIS readers may be familiar with Michelle’s husband, Phil Pugh, who is the Managing Director of Adventure Mobility, makers and suppliers a range of off-road wheelchairs.

Michelle was keen to stress that key to the company’s success has been the quality and professionalism of its employees, such as Operations Manager Paul Reynolds, a former government cybersecurity expert.

Paul discussed more about the threat of cyber-attacks: "As more and more of our everyday activity, both commercial and social, is becoming technology based, so does the need to ensure that technology is protected from cyber-crime. Just as the level of IT technology improves and advances, so does the quality and sophistication of computer virus and malware. Indeed, the latest attack was seemingly the result of hackers releasing a US cyber weapon and in the case of BA, poor back up and a lack of a robust disaster recovery plan.”

Paul continued: "Many people mistakenly think that cyber crooks, viruses and hackers tend to focus on attacking large organisations such as banks and big corporations. This is a common misconception as small businesses, often with nothing more than a PC and smartphone, are just as much at risk, if not more so. Many small businesses will often just use the free versions of the many anti-virus protection products available, the trouble with these are they only scan and protect about 10% of a computers operating system, leaving them vulnerable to more sophisticated cyber-attacks.

According to the IT and communications’ experts, cyber-crime is the real problem and is only going to get worse over time. Paul stated that last year alone, it was estimated cybercrime cost UK businesses £29 billion.

Importantly, it’s not just about protecting the impact on a company’s IT system either, as insufficient protection against a computer virus or malware attack could render a business in breach of the General Data Protection Regulation (GDPR) he stressed.

"If a business does not have adequate protection and cyber-attacks result in theft of company or client data, they could be liable for fines of up to 4% of turnover, which for some businesses could be hundreds of thousands of pounds,” said Paul.

Adept also claim that many also underestimate the risk their smartphones and tablets pose as well. With phones and tablets increasingly becoming more connected and synchronised to the Internet and other IT systems, the devices can contain large amounts of sensitive data that can be easily attacked or stolen.

"For example, most mobile devices are fitted with Near Field Communication, a technology that allows devices to exchange information simply by placing them next to one another,” explained Paul. "Crooks will often walk slowly past a queue of people scanning mobile phones in pockets and handbags, stealing data.”

With cyber-crime netting crooks billions of pounds, a year, businesses can be assured it will continue to pose a threat for the foreseeable future.

So, what can individuals, companies and organisations do to help reduce the impact of cyber-crime? Michelle provided some helpful tips: "Ask yourself this; what would be the impact on your business and trading position if your entire IT system was hacked, erased, held for ransom or just crashed? For many businesses, it could be catastrophic and extremely commercially damaging. Just look at what happened to BA and the NHS.

"However, there are a number of things a business can do to minimise the threats posed by cyber-crime. The first is to undertake a review of the IT system and identify any areas of weakness and ensure these are adequately addressed. You won’t get this from an online comparison site, it’s far better to get an expert to do it properly. Specialist IT communications and security companies, such as Adept, will generally provide a free comprehensive appraisal of the IT equipment and how it is used, they can then offer an appropriate level of protection based upon the overall operational needs of the business.”

Michelle continued: "Other things to consider are understanding the ways in which cyber-crime works and ensure all staff are aware of any potential threats and how to avoid succumbing to them.”

Michelle also raised the idea of cyber insurance as well.

"It may also be worth considering investing in a cyber insurance policy too; cyber insurance is becoming more and more popular as most standard business insurance policies don’t cover any losses resulting from cybercrime.”

Insurance organisations such as NC Insurance and ICB Group offer policies with cyber cover, addressing a range of issues should the worst happen, including rapid-response in the event of an attack, operational fees if personal information is stolen and legal liability costs.

Lastly, Michelle pointed out that prevention is always a better than a cure after the crippling damage has occurred.

"Cyber-crime is probably one of the greatest threats to businesses today and it makes economic sense to be protected,” she emphasised. "Sadly, too much of our work is in helping people restructure their IT security and back up planning after the event rather than preventing it in the first place. Believe me, it is a far more economical to allocate a proportion of any IT budget to providing a robust and appropriate computer disaster recovery plan than not. Had BA and the NHS done this, then it is highly likely the problems they encountered would have been much quicker and easier to remedy.”

Adept CTS has published a free guide on how to reduce the risk of cyber-crime. To get access to the guide, contact info@adeptcts.co.uk


What is ransomware?

Ransomware is a piece of malicious software that encrypts all of the data on a company’s or private user’s network. The network can only be decrypted after paying cybercriminals a fee, on average between £500 to £1000; essentially holding the victim at ransom.

An IBM report of 600 surveyed companies that had been hit but such software found that half spent more than £8,000 while 20 percent paid over £32,000.

Paying the fees demanded, however, does not guarantee that files will be decrypted, resulting in some business being unable to access vital systems and information.

Recent attacks by Wannacry and Petya highlighted the issue, but it is not a new phenomenon. Businesses that reported being the victims of such attacks rose by 170 percent in 2015, according to reports from Intel Security.

Importantly, some reports suggest that UK companies are some of the hardest hit and regularly targeted in Europe, with the UK receiving nearly 1 in 10 of all ransomware-infected emails globally in 2015 according to Bitdefender.

PIC Caption: Richard Lloyd of NC Insurance and Michelle Pugh of Adept CTS