The risks in your business include unauthorised access to networks, laptops, computers, phones and tablets. You may for example, have an online booking system for your customers, or take online payments. This may involve collecting data such as credit card details. This information is vulnerable to cyberattacks and subsequent data breaches. Don’t forget that most diagnostic equipment usually connects to the network and is something that is often overlooked as a source of attack.
It doesn’t matter if you are a sole trader in a small garage or a large company with employees, you must protect your business against cyberattacks. This is for your own benefit as well meeting the UK General Data Protection Regulation (GDPR)[1]. Any form of customer data must be used in a way that complies with this regulation. The risks here are that if this data is not secure it could be hacked. That is bad enough, but you could also receive a substantial fine for not keeping it secure.
Physical security
One area that is often overlooked with respect to cybersecurity is physical security. Keep things locked up when not in use, just like you do with diagnostic equipment and tools. Make sure physical network connections are not accessible. The Wi-Fi router, access points and network connection ports should not be accessible to a casual visitor.
Attacks and defence
A cyberattack is when a hacker tries to disable systems, steal data, or destroy information by gaining unauthorised access to your computer systems. The four most common cyberattacks on small to medium sized businesses are:
- Phishing – fraudulent emails asking businesses to share passwords and banking information
- Malware – software (a virus) designed to get unauthorised access and cause damage
- Malicious insiders – employees or former employees who have access to your system
- Denial-of-service – an attack trying to overload your company systems.
Having a good policy and a strong defence in place will stop almost all of these. However, the technology and methods used to carry out attacks develops quickly, so keep procedures up to date.
Summary
The key point here is that you should take cybersecurity seriously! In most cases the steps you need to follow are quite simple – but very effective. Next time we will look at the solutions to the business risks outlined here. They are much easier to implement than you may think.
If in the meantime I have got you worried, check out the guidance here: https://www.ncsc.gov.uk/
Automechanika 2023
Automechanika Birmingham will return to the NEC on 6-8 June 2023. Cybersecurity will be an important part of the seminars and presentations. Come and learn more from a range of industry experts and exhibitors.
[1] https://ico.org.uk/for-organisations/guide-to-data-protection/