Last month, large scale cyber attacks took down NHS servers across the UK, as well as disrupting an estimated 200,000 individuals and businesses across 150 countries.
Cyber security, from encryption to passwords to defences against ransomware, has once again become a headline issue for businesses.
Almost all of The Leap 100 firms are taking steps to improve cyber security and protect their companies from future attacks.
Some of these are technical. Two-factor authentication, for example, is an easy way to add a second layer of defence when it comes to passwords, requiring employees to use both a password and a code (either sent via text or stored on another device), to prevent hackers accessing their accounts.
Another is the use of cloud technologies, which store data safely and securely online, mitigating the risk of a ransomware attack (where hackers seize files and demand payment in exchange for returning them). Rishi Khosla, the CEO and co-founder of OakNorth, recommends: “we are fully-hosted on the cloud with Amazon Web Services (AWS), a business that invests more in cyber security than almost any other business in the world.”
But technology is only as effective as the people using it, which is why firms were also keen to stress the importance of offering employees proper cyber security training and investing in dedicated IT personnel.
Khosla also said “we remind staff on an almost daily basis to be vigilant and wary of phishing attacks”, while Alexander Schey, CEO of Vantage Power, pointed to hiring “an in-house IT professional specifically to manage and protect our network”.
Processes and protocols can also help. One Leap 100 firm has taken the prudent step of making sure “all machines are protected with admin passwords so no one is able to install anything without IT approval”. And password management is key. Chieu Cao, CMO and co-founder of Perkbox, stressed the need for “implementing strong information system controls, including authentication controls that require complex passwords. Passwords expire on a set frequency and are restricted after a set number of invalid login attempts”. Another respondent explained the need for strict protocols regarding customer data, including where it can be stored and who can access it.
Fundamentally, when it comes to the boring but crucial task of ensuring systems are updated regularly, the challenges of maintaining robust cyber defences become clear.
We might all know this is critical to keep data secure, but various respondents brought up the issue that, all too often, investment in IT infrastructure upgrades are postponed, as they are expensive and seem to have no immediate benefits – you only notice it when something goes wrong. It was this oversight which caused the NHS servers to be so badly affected.
The lesson is clear: invest in cyber security now, or risk a catastrophe for your business in the future.