Cyber Security for Business

## Overview Cyber security is the practice of protecting digital systems, networks, and data from unauthorised access, attacks, and damage. For any business connected to the internet — regardless of size or industry — cyber threats pose a serious risk to operations, finances, and reputation. Understanding the types of attacks and implementing protective measures is essential for business continuity. --- ## Key Concepts - **Cyber Security** – protection of internet-connected systems, data, and networks from digital attacks - **Attack Surface** – every point where a business interacts with the internet (banking, email, downloads, Wi-Fi) is a potential vulnerability - **Security Policy** – a formal set of rules and guidelines governing how a business and its employees handle digital threats --- ## Detailed Notes ### Why Cyber Security Matters for Every Business - Any business using the internet — even for basic email, e-commerce, or online banking — is exposed to cyber risk - A single attack can result in: - **Financial loss** (stolen funds, ransom payments) - **Data destruction** (loss of critical business information) - **Business shutdown** (operational disruption, reputational damage) - Cyber attacks can occur in seconds, making proactive protection essential - Hundreds of thousands of cyber-attack cases are reported annually worldwide ### Common Types of Cyber Attacks #### a. Malicious Attacks (Malware) - A known or unknown contact shares a file containing a hidden virus - Opening or downloading the infected file spreads the virus across the system and network - Can lead to complete system failure and business closure #### b. Phishing Attacks - Attackers create fake websites that closely mimic legitimate ones (e.g., a bank's website) - The fake site lacks the **lock icon** or **"https"** in the URL, indicating the connection is not secure - Users who enter credentials or transact on these sites have their data stolen - **Rule:** Never transact on a website without `https` or a visible lock icon #### c. Identity Theft - **Unauthorised use** of someone's personal information, identity, or data - Attackers may impersonate a business owner or employee to access systems or deceive customers - Social media platforms often offer profile-locking tools to reduce this risk #### d. Spoofing - An attacker **pretends to be someone else** (e.g., a trusted contact) to gain access to systems or spread malware - Caller ID or email addresses can be faked to appear legitimate - If someone contacts your customers pretending to be you, it can severely damage your business reputation #### e. Attacks on Wireless Networks - Public and poorly secured Wi-Fi networks are highly vulnerable to attacks - **Never** use public Wi-Fi for financial transactions or transferring sensitive data - Always secure business and personal Wi-Fi with **strong passwords** - An attacker who gains access to your network can steal data or cause significant harm ### 7 Steps to Protect Your Business 1. **Train Your Team** - Educate employees on safe email and download practices - Define what types of files are safe to download - Establish clear guidelines for internet and network usage 2. **Perform a Risk Audit** - Engage a qualified cyber security team to audit your systems - Identify vulnerabilities before attackers exploit them 3. **Avoid Pirated Software** - Pirated software lacks **security patches**, leaving systems exposed - Using unpatched software on public or wireless networks increases data leakage risk - Licensed software includes regular security updates that protect against known threats 4. **Deploy Anti-Virus Software** - Install anti-virus software on **every** system in the organisation - Ensure the software is regularly updated - Verify that licence keys are valid and active 5. **Back Up Data to the Cloud** - Maintain regular cloud backups to prevent data loss - Cloud storage providers offer built-in security, virus protection, and scalable storage - Benefits include reduced hardware costs and accessibility from anywhere 6. **Avoid Cheap or Unreliable Technology** - Low-cost software carries higher failure risk - Software failures in critical systems can lead to catastrophic outcomes - Invest in reliable, well-supported technology appropriate to your business needs 7. **Create a Cyber Security Policy** - Collaborate with your team to draft and implement a formal cyber security policy - Ensure all employees are trained on and comply with the policy --- ## Tables ### Types of Cyber Attacks | Attack Type | Description | Key Indicator / Risk | |---|---|---| | **Malware** | Virus hidden in files spreads through the system on download | Unexpected files from known or unknown contacts | | **Phishing** | Fake websites mimic legitimate ones to steal credentials | Missing `https` or lock icon in URL | | **Identity Theft** | Unauthorised use of personal data or identity | Impersonation on social media or communications | | **Spoofing** | Attacker impersonates a trusted contact via call or email | Unexpected communications from "known" contacts | | **Wireless Attack** | Exploiting unsecured Wi-Fi to access data | Use of public or weakly-passworded Wi-Fi | ### Protection Measures Summary | Step | Action | Key Benefit | |---|---|---| | 1 | Train your team | Reduces human error — the most common vulnerability | | 2 | Perform a risk audit | Identifies and addresses system weaknesses | | 3 | Use licensed software | Ensures access to security patches | | 4 | Deploy anti-virus | Detects and blocks known threats | | 5 | Cloud backups | Prevents permanent data loss | | 6 | Invest in quality tech | Reduces risk of software failure | | 7 | Cyber security policy | Provides a formal framework for consistent protection | --- ## Diagrams ### Cyber Attack Risk Flow ```mermaid flowchart TD A[Business Connected to Internet] --> B[Email / Downloads] A --> C[Online Banking] A --> D[Wi-Fi / Network Access] B --> E{Is Source Verified?} C --> F{Is Site Secure - HTTPS?} D --> G{Is Network Secured?} E -- No --> H[Risk: Malware / Phishing] F -- No --> H G -- No --> H E -- Yes --> I[Lower Risk] F -- Yes --> I G -- Yes --> I H --> J[Data Loss / Financial Theft / Business Shutdown] I --> K[Continue Operations Safely] ``` ### 7-Step Cyber Protection Framework ```mermaid flowchart TD A[Train Your Team] --> B[Perform Risk Audit] B --> C[Use Licensed Software] C --> D[Deploy Anti-Virus] D --> E[Back Up Data to Cloud] E --> F[Invest in Reliable Tech] F --> G[Create Cyber Security Policy] G --> H[Protected Business] ``` ### Types of Cyber Attacks ```mermaid graph TD A[Cyber Attacks] --> B[Malware] A --> C[Phishing] A --> D[Identity Theft] A --> E[Spoofing] A --> F[Wireless Network Attacks] B --> B1[Virus via infected files] C --> C1[Fake websites steal credentials] D --> D1[Unauthorised use of identity] E --> E1[Impersonation of trusted contacts] F --> F1[Exploiting unsecured Wi-Fi] ``` --- ## Key Terms - **Cyber Security** – the practice of protecting systems, networks, and data from digital attacks - **Malware** – malicious software (viruses, worms, trojans) designed to damage or gain unauthorised access to systems - **Phishing** – a fraudulent attempt to obtain sensitive information by impersonating a trustworthy entity, typically via fake websites or emails - **HTTPS** – Hypertext Transfer Protocol Secure; indicates that the communication between browser and website is encrypted - **Identity Theft** – the fraudulent acquisition and use of another person's private data - **Spoofing** – disguising a communication (call, email, website) to appear as if it comes from a trusted source - **Security Patch** – a software update that fixes vulnerabilities and protects against known threats - **Risk Audit** – a systematic evaluation of an organisation's systems to identify cyber vulnerabilities - **Cloud Backup** – storing copies of data on remote servers accessible via the internet, providing redundancy against local data loss - **Cyber Security Policy** – a formal document outlining rules, guidelines, and procedures for protecting digital assets within an organisation --- ## Quick Revision 1. **Cyber security** protects internet-connected systems, networks, and data from digital attacks 2. Any business using the internet — even for basic operations — is at risk of cyber threats 3. The **five major attack types** are: malware, phishing, identity theft, spoofing, and wireless network attacks 4. **Phishing** relies on fake websites — always check for `https` and a lock icon before transacting 5. **Spoofing** involves impersonating trusted contacts to gain access or spread malware 6. **Public Wi-Fi** should never be used for financial transactions or transferring sensitive data 7. **Pirated software** lacks security patches and significantly increases vulnerability 8. **Anti-virus software** must be installed, updated, and properly licensed on all systems 9. **Cloud backups** prevent permanent data loss and reduce hardware dependency 10. Every business should have a **formal cyber security policy** developed collaboratively with the team