Cyber Attacks – The Latest Cases and How to Avoid Them

According to the latest data, there were 95 separate online security incidents in January 2022, leading to the breach of nearly 66 million records around the world. The attacks include the theft of 39 million patient records from a Bangkok hospital and a breach at Gloucester Council that has been linked to Russian hackers.

The data suggests that public bodies are particularly susceptible to cyber attacks, with all five of the UK breaches affecting schools, hospitals and local authorities. That includes scam emails at a Liverpool comprehensive school, a Covid test data breach at a Worcestershire school and the leaking of sensitive information from an academy in Essex. As well as the Gloucester Council hack, a Black Country hospital trust also suffered ‘significant data loss’.  

The largest breach in January was the 39 million patient records stolen from a Bangkok hospital. Hackers also cracked the passwords of almost 7.5 million users of a popular mixtape hosting service called DatPiff, with those passwords later sold online.

The research shows that poorly protected Covid data is still proving to be a popular target for hackers. Over the last month, a Covid testing appointment scheduling service, the Maryland Department of Health and an Indian hospital have all lost Covid-related data following a breach.

If you are the target of a cyber attack and the hackers are successful, the impact can be devastating for your business and have long-lasting implications for your bottom line.

Suspended trading

As the victim of an attack, your website may not function, payments may not work and you could be locked out of your own files. You might even lose access to payroll or your bank accounts, potentially leaving you, your customers and your employees in limbo until the breach is resolved.

Recovery costs

The initial disruption is infuriating enough but the financial cost of resolving the breach can be even more damaging. Some businesses are lucky and get away relatively unscathed, requiring little more than a change of their IP address and a cyber security upgrade. However, others have to rebuild entire websites and processes and work around the clock to recover. Without insurance, SMEs can even go out of business due to the financial fallout of an attack.

Reputational damage

In industries where reputation is everything, the perception that your business is not secure can be difficult to shake, particularly if your customers’ sensitive data is in the hands of hackers. Overcoming that stigma and persuading customers to buy from you again can be a challenge.

Simple cyber security advice

Cyber attacks are becoming increasingly sophisticated and complex, but there are still some relatively simple steps that you can take to reduce the risks for your business. 

• Keep cyber security up to date – Antivirus software is the simplest way to prevent malicious attacks. You should use antivirus software from a trusted vendor, keep it up to date and make sure you only run one antivirus system on each device.
  
• Be wary of cold emails and learn what to look out for – Phishing emails are more prevalent than ever so it’s important to protect yourself. Never open an email from someone you don’t know and be very wary about clicking links contained in any email. Always hover over the link first to see where it will take you.   
• Make your passwords stronger – You should use strong passwords that contain at least one lowercase letter, one uppercase letter, one number and four symbols. There are free password generators online that can create strong passwords for you, while a password manager will help you remember them all.
• Use two-factor authentication – Two or multi-factor authentication adds extra layers of security to your online identification process. It’s very simple to set up and involves entering an additional authentication method, such as a personal identification code or even a fingerprint, as well as a username and password.
• Protect your personal information – You should take care not to divulge any personal identifiable information online and particularly on social media. Reviewing your privacy settings on the social media platforms and removing details such as your date of birth and home address can help to reduce the risks.
• Take extra care on mobile devices – Mobile malware is on the rise, so you should take mobile device security seriously. Only install apps from trusted sources, keep your device updated and avoid sending sensitive information over text message or email.
• Don’t use public or unsecured Wi-Fi (try a VPN instead) – Using unsecured public Wi-Fi makes it much easier for cybercriminals to gain access to your device. Instead, use a Virtual Private Network (VPN) to encrypt the information and keep your device safe. If you don’t have a VPN, always use your cell network rather than public Wi-Fi. 
• Check your credit records for breaches – In many cases, one of the first signs of a breach is seeing unexpected events, such as loan or credit card applications, on your credit record. Monitor your credit reports regularly and set up a credit freeze to provide an extra layer of protection.   
• Keep backing up data – This often overlooked step lets you restore your data to a time before the attack occurred. You should keep three copies of your data on different types of media (local and external hard drive) and one in the cloud to be safe. 
• Report any breaches, no matter how small – The authorities are fighting a losing battle at the moment when it comes to cyber security threats, but it’s still worth reporting any breaches to Action Fraud to help to anticipate future attacks.