Q: What Is Cyber Security?

A: It’s how to protect your business from malicious and accidental attacks on internet-connected networks, computers, mobile devices, software, and applications. It defends against attackers trying to access, destroy, or extort sensitive data, including customer information. Key cyber security measures include strong passwords, two-factor authentication, staff training, and disaster recovery plans.

Q: What is a data breach?

A: This is when an intruder gets unauthorized access to your information such as customer records and personal information, intellectual property, or company secrets. It’s often a PR nightmare having to inform the customers and suppliers that their data has potentially been compromised.

Q: What is malware?

A: The name is derived from ‘malicious software,’ where software has been installed on your computer or network without your knowledge, then tries to disrupt your business. It could be executable code, computer viruses, worms, trojans, bots, spyware, ransomware, or other malicious programs. Malware is often picked up when installing or clicking on links you or an employee shouldn’t.

Q: What is a phishing email?

A: It’s an email disguised as a trusted contact or source. Attackers try to get personal data such as passwords or bank/credit card numbers by hoping that you’ll click on fake links to sites or open attachments which install malware or direct you to pay an invoice or amount owed to a fake bank account.

Q: What are business email compromise hacks?

A: It’s when someone gains access to an employee’s business email account so they can pose as the employee, then trick others into fraudulent wire transfers, gift card purchases or other financial transactions. Often, the hack involves the attacker impersonating the business owner but can include pretending to be a supplier requesting you use a new bank account for your latest purchase.

Q: What is ransomware?

A: It occurs when you’ve mistakenly installed a rogue piece of software (from clicking on a link or opening an attachment), giving access and control of your systems to an attacker, who then demands money. If you don’t pay, usually by an untraceable currency such as Bitcoin, the attacker will delete your data, or lock your screens and deny you access.

Q: What is scareware?

A: It’s similar to ransomware, as it aims to overwhelm you with persistent notifications, expose your online behavior (both real and fabricated), or intimidate you with potential consequences, such as a tax audit.

Q: Do I need cyber insurance?

A: This depends on your risk profile. If you have strong cybersecurity measures, staff awareness, and a solid recovery process, you may require less coverage. However, since connecting to the internet always exposes your business to potential hackers, cyber insurance can protect you from financial losses and claims resulting from your online activities.

Q: How do I write a digital disaster plan?

A: Start by listing all internet-connected devices (servers, desktops, laptops, phones) and how you protect them (e.g., passwords, backups). Identify essential data and software, then detail your security measures (e.g., passwords, two-factor authentication, staff training) and your recovery plan if those measures fail. Finally, test the plan to ensure it works effectively.

Q: What is two-factor authentication?

A: It’s an increasingly popular method that adds an extra security step when logging in. Typically, you receive a code via email or text that you must enter to confirm your identity. These codes are randomly generated, often valid for one use only, and usually expire quickly.

Q: What is three-factor authentication?

A: It adds another layer of security by requiring three different types of verification, such as knowledge, like a PIN or password, possession, such as a phone for a one-time password, and inherence, which is biometric data like a fingerprint or voice recognition.

Q: What’s the best way to back up my data?

A: There are several options. While copying files to a USB stick or external hard drive is simple, it may not be practical for large amounts of data. Cloud storage services like Google Drive and Dropbox are more for syncing than pure backups, especially for terabytes of data. Experts recommend the 3-2-1 rule, where you maintain three copies of your data, two local on different devices and one off-site. This typically includes the original data on your computer, a backup on an external hard drive, and another on a cloud service.

Q: Who can help me with practical cyber security advice?

A: If you have internal staff or an external IT provider, discuss your security with them. Otherwise we suggest checking out https://www.fbi.gov/investigate/cyber to access information on potential or real-time cyber-attacks. Use the Two Factor Directory to check what IT services use 2FA, which is a recommended pre-requisite for accessing critical data.

Q: Who do I contact if I’ve been hacked?

A: Step one is to get it immediately fixed. Talk to your in-house or external IT support person. If you don’t have anyone, there are lots of consultants and IT support businesses you can call. Then report it to the FBI’s Internet Crime Complaint Center (or ‘IC3’). Make sure you inform your staff, customers and anyone else that supports your business (bank, accountant, business colleagues).

Q: What is a denial of service?

A: This occurs when your computer or network crashes due to an overload of unwanted traffic or information. This attack denies you access to the internet and your data by consuming your device’s resources. Attackers often demand a ransom to stop their attacks, knowing the cost of downtime may outweigh the payment.

Check out our cyber security videos and blogs for more tips to keep your information safe and secure.