News in the Channel - issue #26

CYBERSECURITY

valuable intellectual property, such as proprietary designs or trade secrets, which can undermine a company’s competitive edge. r Employee productivity: When systems are down, employees can’t work effectively. The disruption impacts current projects and can also delay future business opportunities. Real world case: The cost of complacency In 2021, a small law firm in Manchester fell victim to a phishing attack that compromised sensitive client data. The attackers demanded £25,000 in ransom. While the firm initially refused to pay, the cost of recovering and rebuilding their systems, coupled with GDPR fines and lost clients, added up to more than £120,000. For a firm with an annual turnover of £1 million, the financial blow was almost insurmountable. Why investing in cybersecurity can be the smarter choice For many businesses, the perceived high cost of cybersecurity is a barrier to action. However, the investment pales in comparison to the potential financial and reputational fallout of a breach. Here’s why proactive measures are more affordable: q Preventive costs vs reactive costs Investing in cybersecurity tools and practices can significantly reduce the likelihood of an attack. For example: l Cyber essentials certification: For less than £1,000, businesses can gain a basic level of cybersecurity certification through the NCSC’s Cyber Essentials scheme. This not only enhances security but also reassures clients – and can be essential in some sectors, for example it’s often required when bidding for public sector contracts l Multi-factor authentication (MFA): Implementing MFA can cost as little as £5 per user per month and prevents

99.9% of account compromise attacks. Resellers and MSPs can assist by enabling MFA for applications like Salesforce, Microsoft 365 and other cloud services. l Employee training: Cybersecurity awareness training costs a fraction of the potential losses from phishing attacks. Regular training sessions can teach staff to recognise and avoid common scams. w Minimising downtime Investing in robust backup solutions ensures that businesses can quickly recover from an attack without prolonged downtime. Automated daily backups to the cloud, costing around £50 per month for small businesses, can save tens of thousands of pounds in lost revenue during a cyber incident. MSPs can offer managed backup services to ensure reliability and accessibility. e Insurance coverage Cyber insurance policies, which start at about £500 annually for SMEs, can cover some of the costs associated with an attack, including incident response and legal fees. However, insurers often require evidence of proactive security measures before issuing a policy.

“

The attackers demanded £25,000 in ransom. While the firm initially

refused to pay, the cost of recovering and rebuilding their systems, coupled with GDPR fines and lost clients, added up to more than £120,000.

”

Practical steps to reduce risk Here are some cost-effective measures businesses can implement, with support from resellers and MSPs: q Enable MFA: Thwart most attempts to access accounts using stolen credentials by applying MFA to cloud applications

CONTINUED