Cyber security for business
Different types of cyber crime
Cyber attacks range from malware and phishing to hacking and ransomware. Some types of attacks are more effective than others, but all present a significant - and increasingly unavoidable - business risk.
In order to reduce that risk, it helps to understand the different cyber threats you may face and the various ways criminals might try to cause harm to your business.
Common cyber security threats
The most likely threats to your business include:
- cyber fraud - including phishing, spear phishing, vishing and whaling
- malware attacks - including viruses, worms, trojans, spyware and rootkits
- ransomware
- drive-by downloads
- hacking - including distributed denial-of-service attacks (DDoS), keylogging, etc
- password decryption
- out-of-date, unpatched software
Criminals use multiple routes, including web links, email and files, to exploit weaknesses in your business systems, networks or processes.
Human error
Many breaches result from mistakes, not malicious hacks. For example, staff inadvertently sending information to the wrong person, losing paperwork or failing to redact personal data.
What is a cyber attack?
A cyber attack is a deliberate, malicious attempt by a third party to damage, disrupt or alter:
- computer networks
- computer information systems
- computer or network infrastructure
- personal computer devices
There are many reasons behind cyber attacks. Criminals want to steal money, financial data or sensitive information. They may also want to disrupt operations or damage trust in your business. These attacks often lead to crimes such as financial fraud, information or identity theft.
Examples of cyber attacks
Cyber attackers use many tactics to target IT systems. The most common methods are:
- remote access to IT systems or websites
- unauthorised entry to networks or systems, or third-party services (eg hosted services)
- system infiltration or damage through malware
- disruption or denial-of-service to block access to your network or systems
Attacks may be targeted (specific to your business) or un-targeted (mass campaigns directed at as many devices, services and users as possible).
Read the National Cyber Security Centre's (NCSC) guidance to find out how cyber attacks work.
Can you avoid cyber attack?
You can prevent many attacks by following the steps recommended in the UK government's Cyber Essentials scheme. You can also use the NCSC's free tools and resources, including:
- their Cyber Health Check to scan your public-facing IT for common vulnerabilities
- their Cyber Action Plan for personalised steps to improve security
Keep in mind that even strong defences cannot stop every attack. If one happens, learn how to report a cyber crime.