Andy Hunter, Technical Director at technology solutions and support company ITPS, takes a look at cyber-security and the threat that no business can afford to ignore.
The UK National Cyber Security Centre (NCSC) published a recent report showing that nearly half of all crime now has an element of cyberenablement.
From internet-connected TVs that can spy on you in your living room, to talking dolls that can open your front door, the media headlines are full of scare stories about online security. For the hacker, wherever there is data and let’s face it, that means within every organisation – there is information to be harvested and money to be made.
At the NCSC’s CyberUK conference in March, delegates were warned that hackers are targeting the Internet of Things (IoT), wearable devices and voice-activated gadgets as priorities. Ransomware, where hackers encrypt data and demand money for handing over the encryption key, is now a big problem for all sizes and types of business, with the FBI estimating a ransom total of $1billion dollars in 2016.
Anecdotally, some businesses are said to be considering whether to ringfence a pot of cash and simply pay ransom demands as they arise. This is a risky and costly approach, as criminals then see you as worth targeting again. Prevention is a much better approach than cure.
As the amount of data we produce increases exponentially, there are correspondingly more targets. So what can business owners do to counteract the threats? Organisations that cannot afford to suffer any downtime or loss of data can opt for a managed services approach, outsourcing some or all elements of their IT needs to an expert partner, but there are sensible precautions that every organisation can take.
Keep up to date. Cybercrime is constantly evolving, and at our regular cyber-security events our experts highlight topical issues and advise business owners how to avoid attacks.
Be proactive. Do not ignore the threat, particularly if you are a small business. Around 43% of cyber-attacks are aimed at small enterprises.
Get the basics right. Create a secure network and implement a carefully thought out business continuity and disaster recovery strategy.
Educate your people. Use strong, complex passwords. Current advice is to change them less regularly than previously advised. Password complexity – rather than a simple password more frequently changed – reduces the likelihood of passwords being compromised. Coach employees about cyber security and regularly test their knowledge and understanding.
Make yourself less of a target. Backup your data and systems, and keep all your software not just your anti-virus and firewall programs – up to date.
Check your logs. If you do not have time to check your logs, then it is not worth the effort to setup the logging.
Use the best tools. Security companies are developing new and more sophisticated products to counteract the threat of constantly evolving malware, use all of the tools at your disposal.
Prevention is always better than cure. There are network monitoring tools on the market that constantly scan and assess your network for any unusual activity that might be a threat, and alert your IT team. If you work with an IT partner, make sure they understand and are using these tools to full advantage.
Undertake assessments and implement standards. Look at Government-backed schemes such as Cyber Essentials, and Cyber Essentials Plus.
We will never be in a situation where we have zero cyber attacks, but we can keep one step ahead by acknowledging the threats and taking the right steps to mitigate risk. If you want to find out more about protecting your business, talk to our experts, come to one of our regular technology briefings or sign up for our monthly newsletter.
