Cybercrime isn’t just the stuff of sci-fi; it can have a devastating impact on your business. Last year the accountancy firm PwC”found that almost 70% of UK firms experienced an incident in 2014, which is higher than the global average. This coincides with some very high-profile data breaches. American retailer Target experienced something of a nightmare before Christmas in 2013 when a spill of information belonging to 70 million customers led to losses upwards of $148m (£100m). Similar incidents occurred with Office and Home Depot and they are by no means isolated incidents – we just don’t always hear about them. This is also a massive problem in the UK and small companies bear the brunt, making up 85.7% of hacking incidents.
Franchises are just as much at risk and can leave themselves open to attack if they don’t prescribe the right approach to security, both centrally and for individual franchisees. Stuart Facey, VP of EMEA at Bomgar, a company specialising in enterprise remote support solutions for computers and mobile, says IT security should be a much bigger concern for franchises. “A lot of bigger brands require that franchisees give the mothership access to their back office systems, and in that case security should be very important but based on what we’ve seen, it isn’t a top priority.””
Because there are now so many platforms on which you can store data, not having proper measures in place is very risky. “In the old days it was pretty straightforward as there were maybe only two PCs working through a server, but now, with everything being wifi-enabled, you’ve got a massive potential hacker problem,” says Facey. He cannot stress enough the importance of encryption when it comes to protecting data. “Consider if you were to leave your mobile device with your work emails or a USB stick on the train; if they’re not encrypted it’s a massive liability.”
Keeping data secure is a major responsibility and your customers trust you to keep theirs safe. If you lose it or expose it to others, you’re at liability for that exposure or loss. This can lead to lost revenue, legal and regulatory costs, and all the associated disruption to business. Franchises are built on brands and so reputational damage should be a particular concern. Why then are so many still so lax when it comes to security? “A lot don’t understand or are too busy selling, promoting and doing all those other essentials,” says Facey. “IT is still largely seen as a service other than being business critical – until things go wrong, that is.”
Not all threats are new, however. Some of the most common breaches occur because of security risks that have been around for a long time – code injection or malicious web shells, for example. Innocent looking programmes that have been on your system for an age can also wreak havoc. Take PC Anywhere, a perfectly good product in its day but it has since been discontinued. Despite this it is still in use by some. “With PC Anywhere, if you aren’t careful you could leave ports open on your devices where you had a session running and so it was relatively simple for a hacker who knew about the programme to access your network,” says Facey. “Once they’re in they can start placing all sorts of malware and do naughty things.””
Once you are compliant Worldpay can work with you on a one-to-one basis at an affordable rate to ensure you stay on top of your IT security. The cost of cyber liability and data cover is overall relatively inexpensive when compared to the damage that can be done. You can take the decision now to invest in some decent software, or risk not paying that £100 for another year and leave yourself open to all sorts of trouble.
As smaller companies often have less money to spare, they are most open to risk. It therefore makes most sense for a franchisor to include data breach prevention measures in their initial package to franchisors. In his experience, it makes most sense for IT security to be more comprehensively included at the outset in the franchisor package.”
Lansdale also recommends measures such as changing passwords, regularly testing your firewalls and destroying all card data records when you no longer need them.
Another area you could look into is insurance. Moreland is one of six brokers in the UK that has been chosen to pilot a new product to protect businesses against cybercrime.”
“We’re now in a situation where there is a big gap in cyber liability in most businesses,” says Maurice Logie, director at”Moreland. “They take it for granted but when it comes to insurance coverage the market is only now catching up.” But the UK isn’t alone – “even in the US only 40% of companies have got cyber insurance. “It’s a big, big issue,” says Logie.
Everyone has a story, whether they were hacked or their credit card was used for something dodgy. The same is happening in the world of business – and a lot goes undetected. “If you’ve been the victim of cyber crime, you’re not going to put your hand up and admit it,” says Logie. “It’s a kind of iceberg syndrome in that here’s a lot happening below the surface.””
