What is Cyber Security? What You Need to Know to Protect Your Business

In broad terms, cyber security refers to all the actions and precautions we take to protect ourselves from a cyber-attack.

But what is cyber security exactly? Cyber security covers all the technology and procedures we use to stop unauthorised, malicious third parties from accessing our data. It protects our devices, like laptops, desktop computers, mobile phones and tablets. It also makes sure the services we use online are safe.

You might think your cyber security practices are acceptable because you’ve never been targeted by hackers. We’re sorry to say you’re probably more vulnerable than you think.

Any business or individual can be the victim of a cyber-attack. Almost half of all UK small to medium enterprises experienced a cyber-attack within the last year, according to a report from security firm McAfee. Other statistics show that companies based in the UK are 84% more at risk of a cyber-attack than any other country. The UK government states there were 2.39 million instances of cybercrime between 2023 and 2024. Small businesses lost an average of £1,100 for every cyber-attack. In contrast, medium and large enterprises lost up to £4,960 per attack.

These exact figures show that only three in every 10 businesses bother to perform cyber security risk assessments. And they point to even more worrying news: 76% of UK businesses don’t have adequate anti-malware or virus protection software. 21% of companies reported they faced weekly cyber-attacks.

Repairing the damage caused by a cyber-attack can be five times as much as the loss suffered by the incident. A recent malware attack on a UK financial firm resulted in the company having to pay £25 million in recovery and remediation costs after the attack.

A study by internet company Beaming estimated that cybercrime cost the UK economy approximately £30.5 billion in 2023. The UK government’s figures say that the average cost per cybercrime victim is £15,300.

If you’re not paying enough attention to cyber security, it could cost you dearly. Avoiding a cyber-attack means knowing what types of cyber threats to look for.

Cybercrime can be defined as any act that uses technology to steal or commit fraud. Many methods used by cybercriminals aren’t sophisticated. Mostly, cybercriminals rely on our innate sense of trust and prey on our gullibility and greed. Technology allows them to commit their nefarious deeds on a larger scale and much more effectively. The information stolen by attackers can be used to steal and sell your data, steal your money or use your personal details to steal your identity to commit fraud.

The most common types of cyber threats come from:

• Phishing
• Viruses
• Trojans
• Spyware
• Ransomware
• Adware
• Botnets

All these odd words don’t mean much to most people, though. Let’s take a look at each one in more detail.

Phishing is one of the most common forms of cyber-attack. In a phishing scam, the attacker will send the victim an email, text or an instant message that looks like it’s from a legitimate company. Such as your bank. The message asks the victim to click a link to a website where they’re asked to input their personal details. For instance, their bank account details.

The problem is that the website they went to is fake, even though the message they received looks legitimate. Setting up a fake website is known as website spoofing or domain spoofing.

Once you’ve put your details into the spoofed website, the scammer scoops them up, goes to the legitimate banking site, logs into your bank account and helps themselves to the funds. Phishing can also result in a person’s computer being infected with viruses or malware.

There are three main types of phishing scams:

• Spear phishing: Where attackers target a specific company or individual. 90% of phishing are personalised spear phishing
• Clone phishing: This is where the scammers send you a message that mimics a legitimate message you’ve already received. They take an email you’ve gotten once and replace the links within it with links to malicious sites.
• Whaling: This can refer to a phishing attack that directly targets a high-level businessperson or the owner of a successful business. It can also refer to a scam message that looks like it comes from such a person. For instance, an email from your boss asking you to help them transfer funds to a supplier.

Malware is a catchall term for software designed to cause damage or steal information. Malware inserts malicious code like a virus or a trojan into a computer. Computer viruses are self-replicating codes that attach to regular files and spread through a computer system. Once one computer on a network has a virus, it quickly passes it to the other computers. Hence, the term ‘virus’. A trojan is a piece of software that looks legitimate but is just a vehicle for a virus.

Malware can take the form of a spoofed website that mimics a legitimate site, a fake website (for instance, a site that says it will sell you goods, but just takes your money), a program you’ve downloaded or a message you’ve received.

Ransomware is a particularly scurrilous bit of malware that is unfortunately becoming more common. Once a link or program containing ransomware has been opened, the attacker can shut down a program, the victim’s computer or their entire network. Until the ransom is paid, the victim cannot use their program, computer or network other than to communicate with the attacker. There’s no guarantee, of course, that if you pay the ransom, your computer will be set free.

Spyware often has no discernible impact on a computer. It’s the sneakiest type of malware. Spyware can look completely legitimate and may even perform a function. Or it may just sit quietly in the background. However, malicious pieces of code are infecting your computer, stealing your information and sending it back to the attacker.

Adware takes the form of legitimate-looking advertisements, often from well-known companies. But if you click on an adware link hoping for a great deal, you’ll pay more than you bargained for.

Rather than being a piece of malware or a scam, a Distributed Denial of Service (DDoS) is a brute attack against a company. A DDoS uses a massive array of captured computers known as a botnet to flood a particular website or server with requests, forcing it to overload and go offline.

Sometimes DDoS attacks are accompanied by demands for money, other times they are used to get access to a system or identify vulnerabilities. Sometimes, DDoS attacks are done for no financial gain at all. DDoS attacks can be done in the name of social justice or for purely malicious reasons.

As the name suggests, this type of attack isn’t a direct attack but one in which the criminal inserts themselves in the middle of an operation to steal data. Cybercriminals may exploit a weakly protected or insecure Wi-Fi network to intercept messages between legitimate users. Like spyware, a man-in-the-middle attack can be challenging to detect.

Despite the worrying figures and the various nefarious methods cybercriminals use to hack your systems, protecting yourself from cyber-attacks is surprisingly simple. The best way to keep yourself and your data safe is to use common sense and be cautious online. Follow the below tips to improve your cyber security:

Never use simple passwords. Use lower and upper-case letters, numbers and symbols. Make your passwords at least eight characters long. Never share your passwords. Don’t keep your passwords stored in your browser, either. You can use a password generator program to help you create and keep track of your passwords. Just make sure it’s legitimate!

Regularly updating your software ensures you’ll use the newest version protected from hackers.

Make regular backups of all your data and store them in a different place. Keep your backed-up data in a secure cloud server or a physically separate hard drive.

Research the best antivirus and firewall programs and have them installed on your system. If necessary, speak to an IT expert for advice.

If you feel like a website or a message isn’t legitimate, don’t click on links within it. Never give out information if you’re unsure who you’re communicating with. It’s always an option to verify the source of information before acting. As a rule of thumb, if it’s too good to be true or doesn’t feel or look right, it’s probably a scam.

Often, scam messages or websites will have odd phrasing, logos and graphics that aren’t quite right or have minor mistakes in the address (www.c0mpany.com, for instance. The ‘o’ is actually a zero. But if you’re not looking for it, you might not spot it!)

Make sure your Wi-Fi network is protected by an ultra-strong password. Never transmit sensitive information on a public or unsecured Wi-Fi network.

Providing people with clear guidelines and practices will help protect them against cyber criminals. Draft a cyber security policy for your business and ensure all your staff read and abide by it.

There’s no way you’ll be able to stop phishing emails or your employees from coming across spoofed websites or encountering malware. What you can do, however, is teach them the best cyber security practices.

The internet is a fantastic tool, but it is also rife with security risks. Scammers and hackers prey on the chain’s weakest link to access systems. Educating your people on cyber security is the best way to avoid falling victim to a cyber-attack.

Our Cyber Security Awareness Training will teach your team to recognise and avoid cyber security threats.

This course can be taken at your convenience. It will help you develop a robust cybersecurity-focused culture at your place of business.