According to the World Economic Forum Global Risks Report 2018, cyberattacks are now the global risk of most concern to business leaders in advanced economies and are viewed by the wider risk community as the risk most likely to intensify in 2018. As businesses becomes ever more dependent on technology to function, companies’ exposures to cyber risks multiply, as does the need to anticipate attackers’ objectives and build cyber resilience to protect customers and businesses from malicious cyberattacks.
Just weeks ago, a huge security failure on Facebook’s website was revealed, allowing hackers to compromise millions of accounts. Facebook has since been seeking to strengthen its defences and is now reportedly talking to several major cybersecurity firms about an acquisition. It wants security tools that will easily integrate with its current services and can be used to better secure users’ accounts or automatically detect, report, and even mitigate hacking attempts.
“It’s not just large corporates that are at risk. There is a fallacy that small businesses are rarely targeted because of their size and lack of valuable data.”
In September, hackers carried out a sophisticated attack on the British Airways website. The airline stated that the personal and financial details of customers making or changing bookings had been compromised. With this stolen data, the crooks gained access to personal information, may be able access bank accounts or open new accounts in a victim’s name, or may use details to make fraudulent purchases. They can sell on the stolen details to other criminals.
It’s not just large corporates that are at risk. There is a fallacy that small businesses are rarely targeted because of their size and lack of valuable data. However, any information stored on a system might be of interest to criminals. A firm could be holding customer data, employee information and product data. An awareness and basic understanding of the threats posed in a cyber-world will help protect your digital assets, intellectual property and your business.
Top five cyber threats Ransomware is a type of malicious software that aims to encrypt data and then extort a ransom to release an unlock code. Most ransomware is delivered via malicious emails. To protect your company, ensure that staff are wary of unsolicited emails, and install and maintain good anti-virus and malware protection software. You should keep your software applications up to date and ensure that data back-ups allow you to recover from an unencrypted version of a file.
Phishing is an attempt to access sensitive information while posing as a genuine contact. Phishing emails might appear convincing, frequently with faultless wording and genuine logos. A few steps you can use to protect yourself include bearing in mind that companies do not usually ask for sensitive information, being suspicious of unexpected emails, making use of anti-malware software, and making sure you have spam filters turned on.
“A pragmatic and practical approach is needed. First, identify valuable data and make sure it is protected.”
Data leakage is an increasing problem as the use of smart devices proliferates. The ubiquitous nature of portable storage devices makes them a useful tool for the back-up and transportation of data, but that means they are also a target for data thieves. Ensure mobile devices have passcode locks, turn on GPS tracking and the option to remotely wipe devices if lost. The use of encryption software is highly recommended when using portable storage devices.
Gaining access to IT systems via hacking from outside an organisation is still a means of plunder for criminals. Typically, they attempt to gain access to bank account information or credit card databases, but intellectual property is another source of value. Tricking staff into revealing user names and passwords remains a threat. The main methods to protect from hacking are network firewalls, data access security, procedures for providing and removing access, and user awareness and training.
Then there is the insider threat. Staff can leak data by accident or deliberately. You should educate your team to be alert to issues and minimise careless mistakes. Limit how much data staff has access to, providing them with the minimum access they need to do their roles. Control the use of portable storage devices, such as USB memory keys, portable hard drives and media players. Consider using applications in certain situations to monitor staff behaviour.
Every organisation needs to act to keep system security as impenetrable as possible, and a huge part of this will be cybersecurity policies. Cybersecurity policies are formalised sets of rules and regulations within an organisation, prescribing the use of various devices and software that can lead to cyber security breaches within the organisation. These policies should clearly point out which behaviour is considered safe and which is not.
Small and medium-sized companies face particular difficulty in balancing cybercrime prevention with their resources. They want to avoid putting profit at risk, but doing nothing is not an option. A pragmatic and practical approach is needed. First, identify valuable data and make sure it is protected. Where there are security issues, implement new or improved procedures and controls. Create a cybercrime prevention culture. And outside help is always available for those without IT staff. There are numerous resources to assist, including IT security companies and websites that offer plenty of information.