No one wants to hear the words “You’ve been hacked”. A feeling of dread fills the pit of your stomach, and you wonder what the extent of the damage will be. You ask yourself questions like; Is it just the website? Have they hacked my email too? Has my website been blacklisted? Have they stolen any data? Why has this happened to me? Chances are it probably wasn’t that you were ‘targeted’ exactly, but more that you have left yourself open to cyber-attacks due to less robust security measures than a larger organisation would have. In today’s digital age, cyber security is not just a concern for large corporations and government entities. Small and Medium Enterprises (SMEs) are increasingly becoming targets for cybercriminals.
Exactly this happened to us at Statius last week and our website was hacked and redirected, you may have noticed that our website is currently not available. We asked ourselves all of the above questions and more. The most important question we asked ourselves was “How do we fix this and make sure it doesn’t happen again?”
We were fortunate enough to enlist the help of the cyber security experts at ACME UC who were able to swiftly implement some measures that have allowed us to identify the malicious code in our website and remove it. We also now have additional security measures in place and a plan moving forward to ensure that we are less vulnerable to cyber-attacks in the future.
So, what does this mean for us? Thankfully, Statius store no individual’s personal data within our website, we do not have an online shop and we do not have a client portal, and so for us, whilst the hack was disruptive and we will have to rebuild the site, the damage caused is minimal. However, this could have been much worse and for many businesses cyber security is critical to ensure business continuity.
What have we learnt? There are various things you can do to mitigate the risks to your business of a cyber-attack.
- Understand why cyber security matters to your business. These includes such things as data protection, regulatory compliance, customer trust and operational continuity.
- Understand common cyber threats. These include phishing attacks, ransomware, malware and insider threats.
- Implement company policies around cyber security such as; employee training, policies and processes for safe software usage such as use of Multi-factor authentication, regular changing of passwords and access rights, and data encryption.
- Seek professional help for implementing technology to give you enhanced security. Cyber Essentials Certification can help to protect your company against common cyber threats.
And most importantly…
Don’t think it won’t happen to you – it is likely just a matter of time before it does. But, by prioritising cyber security, you can protect your business and limit the risk.
