Why is it Important to have a Cyber Security Plan in place?

Cyber attacks can be incredibly disruptive to your business. While media attention about cybercrime focuses on larger organisations, it’s important to remember that the vast majority of cybercriminals are indiscriminate – any company that works online or sells online is a potential victim.

We often hold an image in our heads of cybercriminals as using sophisticated and expensive equipment, the reality is often free and simple. Common techniques used by cybercriminals today include:

  • Phishing – where hackers sending emails in an attempt to gain sensitive information or encourage the recipients to visit fake websites to extract data.

  • Ransomware – this is deploying malware that will encrypt and deletes your data. Often used as a tactic to extort money from companies, with a promise of returning your data (which is not always the case).

  • Impersonation – hackers set up a false website or compromising a legitimate website to exploit visitors.

  • Scanning / Social Engineering – searching the web for vulnerabilities of companies or individuals to exploit.

To combat all of these threats, businesses should always consider having a cyber security plan. The most disastrous of these threats is ransomware, this can be truly devastating not only from financially, but have a major impact on your mental health.

Last year Redcar and Cleveland Borough Council's website and computers at the authority were attacked. This attack saw more than 135,000 residents go without online public services for nearly a week, as their council struggled with a cyber-attack.

You may have seen in November, that Manchester United announced they had been subject to a cyberattack that targeted their systems. Cybercriminals launched a sophisticated operation that caused an IT disruption, involving highly sensitive information about the club.

Before launching ransomware attacks, cybercriminals can spend days, weeks or months inside a victim’s network, working to identify their defences and assess what the organisation could be worth, so they can maximise the impact of the attack.

As remote working from home increases, businesses have an increasing reliance on technology.

Planning for a cyber attack should be considered just as – if not more – important than planning for a flood, fire or other disruption. Business continuity plans should be stored offline and regularly updated and tested.

Ransomware attacks typically occur through one of three paths: software vulnerabilities, phishing emails, and remote desktop access. Your business often won’t know the exact route a cybercriminal will take to attack your business, by planning you can help mitigate the fallout by examining your cybersecurity strategy.

Taken from the 2021 Cyber Security Breaches Survey

The Government’s Cyber Security Breaches Survey reported in 2021 that just 31% of businesses have continuity plans that mention cyber security and only 15% have completed an audit of their cyber security vulnerabilities.

Understanding how your business will react to a cyberattack is more important than the scenario being a perfect match to your plan.

Whilst cybercriminals are continuously developing their skills and using more sophisticated tools – especially with new technologies such as AI and the Internet of Things. Remote workers remain a key target, alongside vulnerabilities in unpatched servers.

It is more important than ever for your business to have a cyber security plan in place.

By signing up for Membership with the Cyber Resilience Centre, you can ensure your business has the most recent cyber security policies and procedures in place using our templates. These policies will help you put the right measures in place to ensure your business has clear security strategies and can respond efficiently if an incident occurs.

Membership table of comparison for the Cyber Resilience Centre
Membership with the Cyber Resilience Centre starts from just £250

We understand that every business is unique and your needs may vary from signposting to simple and free government-backed, trusted guidance materials to a full assessment of your online presence and computer network.

Contact us today to talk through your needs and learn more about our affordable memberships and security services.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of Cyber Resilience Centre for Greater Manchester (CRCGM) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. CRCGM provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

CRCGM does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website. CRCGM is not responsible for the content of external internet sites that link to this site or which are linked from it.