In part 1 of this series on cyber crime, I explained its origins and that in its infancy, hacking was a tool used to improve early computer programs and not originally designed with theft in mind. To be fair to hackers, the majority have no interest whatsoever in engaging in illegal activity. In fact many large institutions, both government and financial engage the services of hackers to test vulnerabilities in their systems, in what is known as ethical hacking.
At the end of this series, I will go into a little detail on the other forms of cyber crime, but for now the biggest threat to your business is from what is known as “Phishing”.
I hear you ask, “What is “Phishing”?
Phishing is defined as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”.
This definition while still relevant, is a little outdated. Yes, cyber criminals do still spread emails purporting to be from reputable sources with the sole purpose of obtaining personal or financial information from you, however, it is reported that up to 97% of phishing emails are now of the ransomware variety. So, rather than steal information from you, they simply encrypt your data both business related and private and then demand a ransom. Their bounty is usually payable in Bitcoin.
So, how do you prevent a ransomware attack?
In part one, I explained in blunt terms, that you cannot 100% prevent an attack, short of not using any network devices, whatsoever. There are however several things you can do to greatly reduce your likelihood of an attack. Some of which I am going to cover now was explained in a post I published, earlier in the year entitled “RANSOMWARE: Common Bad Practices Are Your Biggest Threat” where I used the acronym C.U.B.E to explain these steps.
Recommended steps you should take
Communicate: with employees to develop a strategy to inform employees if a virus reaches the company network. The speedy dissemination of information is vital in stopping an attack or the continuance of an attack. Forget about the them and us, the upstairs v’s the downstairs. It is every employees duty from the MD to the office intern, to quickly get the information out that the company is under a cyberattack. This will be explained in more detail in part 3.
Update: all software, including operating systems, antivirus software and all other applications. Apply security patches as soon as they become available from technology providers.
Back Up: all information every day, including information on employee devices, so you can restore encrypted data if attacked. It is strongly advised that you use an online backup service. Again, I will cover this in more detail in Part 3.
Educate: staff on cyber security practices, emphasising the not opening of attachments or links from unknown sources. This may well be the most important step you should take as a business owner or manager. Ask your IT support provider to provide information on the latest threats to the business community. Better still have your IT support provider organise a training session with you and your team outlining what you should look out for to reduce your chances of attack and the steps you should take, should any of your systems, fall victim to an attack.
I have spoken to employers who have strict policies on the private usage of their computer systems by members of staff, in that staff are prohibited from using office computers for private usage. Personally, I find that by allowing staff to check their emails or Facebook messages during their break time has a positive impact on the working environment and promotes an atmosphere of trust between the employer and employee. In truth, this area is a minefield and if you are looking at developing a policy on internet usage, monitoring of electronic devices or installation of CCTV in the workplace, go here for further information.
In Part 3 of this series “Cybercrime – Fighting the cyberattack” I will go into detail about what you should do once you discover that you have fallen victim to an attack.