In the final part in this series on cybercrime, I will highlight some other forms of cybercrime that you should be aware of and that have the potential to negatively impact your business operations. I will then finish off by summarising what has been covered throughout the series in a section titled “lessons learned”
Other Forms of cybercrime
Phishing: This series has primarily dealt with a relatively new form of phishing, known as ransomware. Phishing has been around for many years and is defined as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”. Remember the Nigerian Prince emails scam? While very few fell for this scam, those that did learned some very hard lessons.
Identity Theft: Identity theft refers to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain. This is something that you should be aware of and concerned about both as a business owner/manager and private citizen. While identity theft is a cybercrime, in that the personal information stolen from you may be used fraudulently online or the personal information itself may be stolen by means of you responding to unsolicited emails; information may also be stolen by less sophisticated means such as someone going through your bins or looking over your shoulder at the ATM machine. If you are a Facebook user, you have likely seen a post from a friend, warning you not to accept a friend request from them as someone has set up a fake Facebook profile in their name. If you accept the “fake friend” request, the person who has set up the fake profile will have access to some of your personal information (Information you have agreed to share with Facebook friends) and can use this information to build a profile on you with the intention of stealing information relating to your identity or for the purpose of drawing you into some type of scam. This list below offers some useful tips in preventing identity theft.
Hacking: Most companies, even sole traders have websites. Your website is possibly your most important marketing tool and the window to your business for potential clients or customers. If you have any form on eCommerce on your website, then it is likely you will have the financial details of your customers stored on your servers. If your website is hacked, the hacker has the potential to crash your site, change any element within your site or most concerning, steal the personal or financial data of your clients and customers, resulting in a negative impact to you and your company’s reputation and possible legal implications from the loss of client’s data. Talk to your web developers or website hosting service about, how to best protect your site from hackers.
This series on cybercrime was undertaken to aid the clients and friends of IT.ie, to be prepared, as best they could, for a cyber-attack, and in particular, a ransomware attack. This is by no means an exhaustive guide but looks at the best practices applied by IT.ie and leading experts in the cyber security field. So, what have you learned?
- Cybercrime in its infancy has been around, as long as computer code, although early hackers and many ethical hackers today simply look at ways to improve computer code for the end user. The first large scale illegal hacking was in 1989 when hackers stole $70 million from the First National Bank of Chicago.
- Ransomware attacks by way of phishing are probably the biggest threat to your business, at this time, with a reported 97% of phishing attacks being of the ransomware variety.
- To best prepare and defend against a ransomware attack, IT.ie highly recommend that you implement our C.U.B.E system, outlined in part 2 of this series.
- Look at implementing an IT policy that looks at how team members use your IT equipment for private use i.e. checking Facebook, private emails etc. While some companies have a policy that does not allow staff to use company systems for private use, others find it is better for team morale to allow the team members access the private mails etc. at break time. You should also look at what access to your IT systems each member of your team requires, depending on their responsibilities, and restrict full access where necessary.
- If you do fall victim to a ransomware or any other form of cyber-attack, you should.
- Disconnect the infected computer from the network immediately.
- Report the attack or suspected attack to your network administrator or office manager.
- Assess how much damage the attack has caused and ensure you have taken the above steps to prevent the continuance of the attack.
- To pay or not to pay, that is the question?
- Once you have assessed the damage or potential damage to your systems, and have spoken to your on-site or outsourced IT support, you must seriously look at the arguments for and against this. IT.ie strongly recommend that you do not pay as there simply is no guarantee that the cybercriminals who encrypted your files will have the knowledge or expertise to de-crypt them. You may also be viewed as a soft target and attacked again.
Following the steps above will greatly reduce your likelihood of falling victim to a ransomware attack, however, at the time of writing this, there simply is no piece of software or tool that guarantees you won’t fall victim to attack. If you are connected to the internet, you and your company are potential victims. If we at IT.ie were to pick a single recommendation from those listed above, it would undoubtedly be to backup your data online. The one sure fire method of recovering your data, should you fall victim to an attack, is to engage the services on a reliable online backup service. If you currently don’t have your data backed up online then I strongly urge you to contact us, and we can talk you through backup options that best suits you and your company.