top of page

This year I'll... do the minimum?

Make a business New Year resolution - to do at least the minimum to increase your businesses cyber resilience.

Diary with text "New Year's Resolution. This year I will" with pen overlaying.

2021 saw cyber crime continue to increase with Small and Medium businesses being particularly affected along with the global attacks which have made the news.


In the East of England in 2021 the top three cyber crime types for businesses have been:

  • Hacking - social media and email

  • Computer virus / Malware / Spyware

  • Hacking - server

Together with reported fraud, businesses have reported losses of £47.1 million over the past 12 months in our region alone and we know that people do not report cyber crime to Police as a rule so this is probably an underrepresentation.


And it is highly likely that most of these could have been prevented by having good fundamental cyber controls. So when you are making your personal New Year's Resolution, why not also make a Business New Year resolution to increase your businesses cyber resilience and don't be part of the 2022 crime statistics, unless its in a good way.


Must do's this year

Screenshot of haveibeenpwned website

- Check haveibeenpwned.com for your email and phone numbers - and get all of your staff to do it as well. Password compromise means that criminals don't have to "hack in" they can use your credentials to log into your systems, so if you have a compromised password, change it!


- Get a password manager. Stop reusing passwords and take the time to set up a password manager. Remember one strong unique password and then the password manager remembers the rest. Have a look at our quick video for more information about password managers.

diagram to explain 2FA showing "something you know (passwords)" plus "something you have (biometrics)" = 2FA

- Enable 2 Factor Authentication on all your important accounts, but especially your email, social media and any account where your financial details are stored. Then, even if you get a compromised password, criminals shouldn't be able to get into your accounts.


- Install anti-malware on all your devices, even your phones.


- Backup your data and know how to recover it. Although essential for cyber attacks, being able to retrieve photos from a lost phone might be just as important, so ensure that all of the important data for you and your business can be recovered.

Image with update button with green overlay

- Update your devices and applications. Did you know that criminals actively look for systems with known vulnerabilities? A study by Ponemon found that 57 percent of cyberattack victims stated that applying a patch would have prevented the attack. 34% say they knew about the vulnerability before the attack.


- Have an incident response plan and test it - if the worst happens you want your business to be up and running as quickly as possible. Having an incident response plan means that you and your staff know what to do when it all goes wrong and testing it means that your plan will actually work. We have a free incident response plan to download and get you started.


- Invest in Staff Awareness Training for you, your staff, even your clients if they send you emails. Phishing is the biggest attack vector and it doesn't look like this will change anytime soon. The more awareness your staff have about how to identify and respond to a phish, whether by text, phone or email, the better protection you are giving your business. Did you know that your local Protect Officer can deliver awareness training for free or the ECRC can provide affordable training through our Student Services.


- If you haven't already, sign up to the ECRC for guidance, free tools, support and affordable student services.


Have a great 2022 and remember, cyber resilience is a journey, you just need to take the first step.


Comments


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page