Jane Clark-Hutchison: On the front line against cyber-crime

According to the Scottish Business Resilience Centre, which helps firms operate more securely, cyber-crime costs Scottish businesses £5 billion per year – almost £160 every second – and approximately 87 per cent of small UK businesses reported a cyber-breach in 2013.

Recent high-profile cyber-attacks to affect businesses and organisations in Scotland including a hairdressing salon, a council website last year and an Aberdeen business, which incurred a £13,000 bill after its telephone systems were hacked.

The UK National Security Council has even named these cyber-criminals a “tier one” risk to national security, on a par with international terrorists.

They range from lone coders on bedroom PCs, hacking into corporate systems purely for the personal challenge, to sophisticated multinational criminal gangs in global conspiracies to steal either valuable data – or even huge quantities of cash.

Whatever the motivation, such attacks can spread quickly, are expensive to resolve, and can cause reputational damage, compromising trust with customers and suppliers.

Meanwhile, the cost of insuring against cyber-crime has also risen, especially for those businesses that are perceived to be high risk, such as those holding confidential data on their customers.

With the issue already costing the UK economy an estimated £27bn a year, it is time for business to step up to the growing challenge posed by the cyber crooks.

Cybersecurity isn’t just about being prudent. For any firm with online operations it must now be viewed as a fundamental part of their day-to-day activities. It is incumbent on any modern business to ensure they have the right processes in place and that there is sufficient oversight within the organisation.

When drawing up a strategy, some of the key questions businesses should be asking themselves are:

• What information would be most valuable to cyber-criminals?

• Do we have a clear procedure in the event of an attack?

• Who monitors our security and what information about threats do they provide?

• Have staff received sufficient training about cyber-crime?

Whatever your business, your bank can help you make sure that the company finances are secure, and for e-commerce businesses, can also advise on what steps to take to ensure payments – whether made online or by using new systems such as contactless cards and Apple Pay – are entirely safe.

But cybersecurity must be a company-wide concern. This starts with training staff to identify risks and help prevent attacks, such as by ensuring all passwords are strong, regularly updated and properly protected.

Seemingly innocuous emails can harbour damaging malware designed to infect a system and steal information or spy on users without their knowledge, while scam emails asking for unusual payments to be made can appear very convincing.

In this ongoing game of cat and mouse between cyber-criminals and companies, businesses must have a robust strategy to mitigate the impact of any successful attack and deal with the fallout.

Fraudsters and cyber-criminals will always be out to exploit any vulnerabilities they can uncover in corporate systems.

Do not let yours be next.

• Jane Clark-Hutchison is area director, mid markets, for Edinburgh and east Scotland at Bank of Scotland