Staff education and board level oversight are essential if companies are to effectively deal with the growing risk of cyber security breaches and attacks, a business breakfast event organised by Danske Bank was told today.

Around 120 local business people met at the Galgorm Resort & Spa in Ballymena for the first in a series of Danske Advantage cyber security breakfasts, which gave businesses the chance to hear practical advice from industry experts and discuss the latest cyber threats.

Leading expert in online security Simon Whittaker from Vertical Structure advised Ballymena businesses to clearly communicate their approach to cyber risk so that all employees, contractors and suppliers are aware of risk boundaries.

“Breaches are happening regularly across all sectors and in a number of different ways. So businesses must understand their risks, assess their data and ask themselves just how they would get everything back should the worst happen,” said Mr Whittaker.

“Many problems still come from people clicking on links they shouldn’t, so is crucial you embed an appropriate risk management regime across your organisation. This should be supported by an empowered governance structure, actively supported by the board and senior managers.”

Mr Whittaker told the audience that having employees at all levels educated about security protocols is essential, noting statistics that suggest 81% of breaches involve stolen or weak passwords and 66% involve malware installed via malicious email attachments.

He recommended businesses have clear policies on the use of removable media such as memory sticks, securing procedures that support mobile working or remote access to systems and tightly controlling high-level system privileges.

“All organisations will experience security incidents at some point so it is better to prepare and teach your team how to respond before it happens. Investment in establishing effective incident management processes will help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact,” he said. 

“Users have a critical role to play in their organisation’s security and so it's important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of training that delivers security expertise and helps establish a security-conscious culture.”

Paul Brown, fraud manager at Danske Bank added: “Every day we are informed of attacks on personal and business customers. For businesses it often starts with emails to employees, perhaps purporting to be from a senior manager asking for a transfer of funds or pretending to be a supplier asking for payment details to be changed on an existing or upcoming invoice. These types of CEO fraud and invoice redirection fraud are common and the communications are often very plausible.

“The first question to ask is whether you have a set of rules in place when it comes to sending money out of the business. It is essential to educate staff about those rules, particularly those with authority to make payments. If businesses are approached in this way we encourage them to share the information with us to help prevent others being targeted.”

Aaron Ennis, Head of North Business Centre at Danske Bank, said:

“We are acutely aware from talking to companies across the region that, no matter what sector they are in, cyber crime and cyber enabled crime is a huge concern for businesses of all sizes. Many now understand the importance of having policies in place to manage this risk and are implementing plans for how to deal with attacks should they happen.

“We want to help our customers mitigate risk and would encourage businesses to report any breaches or attempted attacks to the police and also to the bank.”   

The events were part of the Danske Advantage series of events, which bring businesses experts and businesses together on a range of topics. To sign up for the events taking place in Cookstown and Belfast please go to