‘It’ll never happen to me.’ ‘My business is too small.’ ‘They only go after big companies.’ All statements we’ve heard freelancers say in the recent past and all, unfortunately, incorrect. But what exactly were they talking about? We’ll tell you. The prospect of a cyber hack.
Cyber security breaches have become big news in recent years. There seems to be a report of a major breach in the news once every few months – from the WannaCry ransomware attack to the accessing of 145.5m consumers’ personal data in the 2017 Equifax data breach. As you might expect, it’s the sheer volume of data illegally procured or the amount of chaos caused in these attacks that makes them newsworthy. The repercussions – financially and reputationally – are wide-ranging, and many businesses take months or even years to get themselves back on level footing.
But what reports of those breaches generally don’t discuss is the high number of attacks that hackers carry out on small businesses and self-employed individuals. A recent Verizon report found that 43% of all cyber-attacks target small businesses – the single largest share of all the hacks discussed in their study. The numbers alone highlight two fundamental flaws which leave freelancers, contractors, and SMEs vulnerable – a lack of resources and a lack of knowledge. And that’s where this blog comes in. Consider it your very own cyber security small business guide.
We live in a world where almost everything we do – from our money to our relationships to our shopping habits – is recorded online in one way or another. The same goes for our professional lives. For freelancers in the UK and beyond, a cyber hack can have a particularly detrimental impact on your work.
Aside from the obvious interruption to your business, there’s a chance that any projects you may have been working on were irrevocably compromised or just simply lost. Depending on your work, you could be looking at significant financial loss – and that’s irrespective of any fines or sanctions you might incur under the new GDPR rules (which don’t include any exemption for small businesses or sole traders).
You may have been trusted with intellectual property or sensitive commercial information as part of your role. Beyond the evident costs associated with any breach of that data (incident response, outside technical expertise and so on) your reputation is also likely to take a hit. The loss of trust that will arise in the aftermath of a breach could lead to indirect financial costs (i.e. a significant decrease in income) that will have much more of an impact on you in the long term.
Being unprepared against the possibility of a cyber hack could also result in you losing work before you even get the chance to start. Numerous organisations outsource projects to a network of agile SMEs and self-employed workers. However, as we mentioned earlier in this blog, most breaches occur as a result of a lack of awareness on behalf of those exact people. Many freelancers working with sensitive data are now being asked to prove their security credentials before signing on the dotted line. Making sure you have the right cyber risk insurance or hacker cover in place is always a good start.
Scary? Yes. But it’s a worst-case scenario than can be avoided with a few relatively simple steps.
A recent government survey, conducted as part of the National Cyber Security Programme, showed that 46% of businesses in the UK had suffered at least one cybersecurity breach in the preceding year. So what can you do to minimise your safety risk online? How do you protect your business against the prospect of a real cyber hack?
Although cyber criminals and hackers are becoming ever more sophisticated in their attacks, there are still a number of steps freelancers can take to make themselves a lot less vulnerable:
Back it up:
Backing up your data is a smart move. Backing it up regularly is even smarter. By doing so, you and the organisation you’re working for will still be able to function and continue to work even as you fight to regain control. Take steps to identify the most important data and, once you’ve got that sorted, make sure any backups are stored separately from your computer. ‘Consider the cloud’ is a phrase we’ve heard more than once. You should also make backing up a part of your day-to-day routine. Cup of tea? Check. Mornings with Lorraine? Check. 5pm storage check? Check!
Remember WannaCry? Imagine if that happened on your watch. It only takes a few minutes to get the right antivirus software in place, and it can make a big difference. Just don’t forget to turn it on. It’s also worth avoiding downloading any apps or plug-ins that you’re not familiar with, as well as making sure that your IT equipment is all kept up-to-date.
We work as much on the move as we do at a desk these days. There’s a good chance that any data you’ll be working with is on your tablet and your phone too. For that reason, you should take the same precautions on-the-go as you would at home. Make sure any devices are password protected. Turn on your tracking app in case your phone or tablet gets lost or stolen. Keep your device and any apps up-to-date. And don’t connect to any Wi-Fi hotspots you don’t know (even if the name is really funny).
Seems obvious, but you’d be surprised at how many people don’t implement passwords correctly. And no, ‘123456’ isn’t correct. A password is a free, easy and extremely effective way of keeping your information safe. Firstly, make sure password protection is actually switched on. Once it is, consider using two-factor authentication for important stuff. And please don’t use something predictable or just keep the default password the device came with.
A phishing email is likely to come from a scammer or hacker seeking sensitive information like bank details, or will include links to bad websites. Although these emails can sometimes be hard to spot, there are still a few things you can do to increase your safety. Think about how your business operates. Received an invoice for a service you don’t recognise? Probably a phishing email. Being asked for money you don’t owe? Check and check again. Many phishing emails will also contain poor grammar, vague salutations (‘friend’, ‘colleague’ etc.), and will originate from an email address similar to but not exactly the same as the correct one.
Essentially, what we’re saying is simple. Be careful. Be observant. Ask questions. Educate yourself. Exercising caution might seem like a bore in the short term, but you’ll thank yourself should anything go wrong later. Oh, and don’t forget to protect yourself with cyber insurance. Even the most attentive of us can still slip up sometimes. With the right cyber liability insurance in place, you’ll always have something to fall back on should you make a mistake. Why not get the ball rolling with a quote from Dinghy? You can get started right here.