How to defend your business against cyber attack

Printers should not be complacent about the systemic threats to their business from cyber criminals.

It’s a matter of when not if your print business will have to defend itself against cyber attack. Cyber crime is becoming more widespread as well as more sophisticated and harder to detect.

COVID-19 forced millions of employees to work from home, causing a wider and shallower front of attack for cyber criminals to aim at. In 2021, nearly 1 billion emails were exposed, affecting one in five internet users. 

And the Russian invasion of Ukraine in 2022 has seen a surge in phishing attacks against European and US-based businesses.

In 2021, there were an average of 97 data breach victims every hour worldwide, and 2021 saw an average of $787,671 lost every hour due to data breaches, says AAG. One small business in the UK is hacked every 19 seconds, according to Hiscox. Around 65,000 attempts to hack small to medium-sized enterprises (SMEs) occur in the UK every day, around 4,500 of which are successful. That equates to around 1.6 million of the 5.7 million SMBs in the UK per year. 

In the UK, cyber security incidents cost the average small business £25,700 last year in direct costs (ransoms paid and infected computers repaired or replaced) but indirect costs, such as reputational damage and a fall in future takings, are likely to exceed this.

The print industry is not immune to deliberate attack. As money-making enterprises, printers are as vulnerable to targeting as any other business, and may appear an easy target compared with blue-chip financial targets. 

The UK’s National Cyber Security Centre gives five quick and easy recommendations for safeguarding your business from cyber criminals.

1. Back up your data
2. Protect yourself from malware
3. Keep smartphones and tablets safe
4. Use passwords to protect yourself
5. Avoid phishing attacks

Back up your data

Identify the data your business can’t do without (client lists, addresses, financial records) and back up separately, on a USB, external drive, or other computer so you can continue functioning if your main computer is compromised or stolen. Automated, regular cloud storage is a good, cheap option too, and consider handing over security responsibilities to a dedicated IT services provider. 

Protect yourself from malware

Antivirus software is often included as standard, so don’t ignore it – use it. Operating systems, software and firmware should be set to automatically update so you have the most up-to-date protection. Education of employees is key to ensure they can recognise and report malware or phishing attempts. They should use the cloud to transfer files rather than USBs, which are hard to monitor and can easily become infected.

Keep smartphones and tablets safe

Many people now combine both work and home lives on a single smartphone or tablet, and it is important to ensure that these hybrid devices are just as well protected as work-only hardware. Use complex passwords and PINs, track the location of all devices, and ensure you can remotely lock and disable them. Keep your apps and operating systems up to date and avoid logging in to unknown wi-fi hotspots in hotels and coffee shops. It is more secure to tether to the 3G or 4G network on your phone, or use virtual private networks (VPNs).

Use passwords to protect yourself

Password protection is not just for smartphones. Change all default passwords, configure encryption on all devices, and enable two-step verification (2SV), which adds lots of extra security for little effort. Those in charge of IT at your business should be given information on choosing non-predictable passwords. Password managers can help employees who are struggling to remember long, complex or multiple passwords. 

Avoid phishing attacks

Phishing emails are becoming more sophisticated and harder to spot. They will penetrate IT security systems. Common tricks include invoices for services never delivered, or emails that look like they have originated from people you know at work (a boss for example, asking for immediate action on an attachment that will secretly install malware).

Many phishing attacks are carried out from abroad, so look for bad grammar and spelling, or poor design quality. Staff should be trained to look out for more sophisticated attacks, and a clear road map for what to do if they encounter one should be distributed, starting with reporting the attack. Finally, check online for the size of your digital footprint – are you, or your clients, giving away too much information about your business to outsiders?

Cyber Essentials 

Cyber Essentials, which is developed by the NCSC, is a certification scheme that supports organisations of all sizes to guard against online threats and demonstrate a commitment to cyber security to customers and stakeholders.

It has been updated to face an evolving threat landscape as the world of work changes, including greater use of cloud services, home working, multi-factor authentication and password management.