With reports of SMEs averaging four cyber crimes every two years and 10% of the population being victims, it has to be seen as a real threat. But what does this actually mean to a business? The first thing to do is get beyond jargon like phishing, ransomware and DDoS attacks. Cyber crime falls into four main areas
- Theft – of customer and client records, intellectual property, bank account details and other confidential information. Every business has intellectual property. Although usually thought of as a product or invention, it also includes your processes and documentation. It is anything that makes you different from other businesses
- Ransom – encrypting data and demanding a ransom to restore access
- Extortion – threatening to release sensitive information unless you pay up
- Vandalism – stopping people accessing your website or defacing websites and social media accounts
Criminals target everyone. What you do, your location and your size are not important to them. Their methods include emails that entice you to click links that will then download malicious software, telephone calls asking to transfer money to a different bank account, taking over websites and the data they store, using information from social media accounts to steal identities, and creating apps that copy everything from mobile phones. A common myth is that using Apple devices makes you immune to all forms of attacks. Although Apple devices are more secure than PCs, they still have weaknesses that get exploited by criminals.
The impact on a business can be an obvious financial loss and the harder to quantify damage to a brand. It includes downtime while recovery takes place, legal and regulatory penalties, losing intellectual property and reputational damage resulting in losing clients and future work.
So how do you protect your business? The first step is to identify What you information you have. Then look at Where it gets stored. Start with your desktops, servers and network setup. Then look at how Cloud services are used, and mobile devices such as laptops, tablets phones. It isn’t unusual for a business to find out that information exists in a lot more places than they think, and if you don’t have the big picture you can end up protecting the wrong things. Don’t forget about new technology such as smart devices that allow remote monitoring of buildings. There have been issues with some devices that allow criminals to make changes that could result in alarms being turned off and look at CCTV feeds. Finally look at How you are protecting the information. Measures involve basic IT tasks like applying security patches to operating systems, programs and apps, using anti-virus software, having backups and a firewall. Protect information stored in the Cloud by using two-factor authentication when logging in. This works by sending an SMS message with a code to your mobile phone during the login process. Unless the criminal has your phone, they will not have the code and cannot login.
However, an IT based approach isn’t enough. The root cause of most issues is due to the ‘human factor’ so make sure there are reliable processes that remove access when it is no longer required, for example as soon as someone has left, and staff have appropriate training on what to look out for.
Guest Post By Ian Grey
Wadiff Consulting Ltd