Tim Lane Manager
What is cybersecurity?
Cybersecurity for businesses encompasses a set of practices, technologies, and policies designed to protect a company’s digital assets, data, and operations from a range of cyber threats including:
Phishing attacks – Cybercriminals use fake emails, messages or websites designed to look like they are from a trusted company or person to trick employees into divulging sensitive information such as passwords or downloading malware. These attacks will often pose as urgent, needing immediate attention to stop the recipient questioning the authenticity before acting.
Ransomware – A type of malicious software that encrypts the victim’s files and data rendering them inaccessible. The cybercriminal then demands a random, usually of cryptocurrency, in exchange for a decryption key to unlock the files.
Data breaches – Unauthorised access or disclosure of sensitive customer or employee data. This usually results in financial and reputational damage for both the business and individuals involved.
Insider threats – Employees or former employees may intentionally or unintentionally compromise data security. This can be the cause of other cyber threats.
Strategies for improving cyber security
Training – Employees should be trained in cybersecurity including how to recognise phishing attempts, use strong passwords and what to do if they suspect a breach.
Regular updates – All software should be kept as up to date as possible. The holes in security that are used by cybercriminals often occur due to outdated software.
Access control – Limit access to sensitive data to only those employees who require it for their roles and use multi-factor authentication to help secure that access.
Back up data – Regularly take back ups of critical data and systems to avoid loss due to malfunction or ransomware.
Cyber insurance – Insurance can be taken out to mitigate the financial losses in the case of a breach. However, the cost of this insurance is often too much for small businesses to afford.
Exit procedures – Have clear exit procedures in place to ensure an employee’s access is revoked immediately to all systems when they leave the business.
Cybersecurity regulations
In the UK the General Data Protection Regulation (GDPR) requires personal data to be processed and stored securely and for a company to take appropriate measures to ensure it is kept safe. Specific measures are not listed, but rather a company is required to do whatever is necessary to comply given it’s specific situation. GDPR grants individuals rights over their personal data, including the right to access or have any data on them stored by a company deleted. There must be a legal basis for the holding and processing of personal data, which can include consent (clear and explicit consent from the individual), legal obligation, or contractual necessity.
There are also many industry specific regulations and standards around areas such as payment card details, telecommunication, CCTV and employee rights.
-
An introduction to Cloud Based Accounting
In the rapidly evolving landscape of business, staying ahead requires adapting to new technologies and trends.
-
How will accountancy firms manage limited productivity bandwidth and widening technical challenges in 2024?
Most small accountancy firms will experience productivity bandwidth and technical capability issues from time to time.
-
Cybersecurity and data protection
In an increasingly digitised world, businesses of all sizes are becoming more reliant on technology to manage their operations and store sensitive data.
-
Automation and Artificial Intelligence (AI) Integration
There is currently a global change happening in relation to the improvement of Artificial Intelligence (AI).