Cyber Security – Keep Your Business Safe
Jeremy Fleming, Director of the Government Communications Headquarters (GCHQ) and ex deputy-director of MI5, said after the NHS attack that keeping the UK safe from cyber-attacks is “now as important as fighting terrorism.”
Following the cyber-attack on the NHS earlier this year, Cyber Security is more of a concern than ever before. If seemingly “low-level hackers” on another continent claiming to be from Islamic State (ISIS) can hack into one on the UK’s largest and most sensitive databases with relative ease, then its extremely worrying as to what else is capable.
Be Vigilant With Spam
86% of the world’s email is classed as spam, which is a staggering statistic. Over 400 billion junk emails are sent out daily, making avoiding the harmful ones an even greater obstacle.
There are many identifiers which help determine a spam email from a genuine email. Spam emails will often address the email with “dear client” or “dear sir/madam”, and will have a sender completely unrelated to the supposed company or email topic. Often spam emails have poor punctuation and grammar, and may contain inaccurate information on the contact – i.e. getting first names and company names wrong. You should also hover over any links in the email before clicking to check where it is taking you.
As technology gets smarter, so do spam emails, and an increasing number of people are falling into the traps of spammers – be vigilant and follow these simple steps, and always act with precaution.
A tried and tested spam filter will also prove invaluable against potential cyber-attacks and viruses. It automatically filters flagged spam into a protected folder, and allows you to white/blacklist email addresses. Blacklisting an address will allow your server to block any future emails from this recipient. A useful tactic for known and continuous spammers.
Head In The Cloud
Cloud computing can in many cases provide more security for businesses, sometimes more so than investing in their own methods of Cyber Security (antivirus software etc) say experts.
Data theft, ransomware and computer hacks ransoms are at an all-time high, which can be extremely damaging to businesses, especially SMEs. However, with dominant forces in the computing software sector such as Amazon, Microsoft and Oracle moving into the world of cloud (albeit with very sophisticated systems), we are beginning to see businesses of all sizes following suit. There is safety in numbers after all.
Cloud is also generally a cheaper option, which is a big positive for smaller businesses. This has been debated frequently of late, but one analogy from Alan Merrihew, Senior Director of US Government Technology Strategy puts it very well;
“If you have guests coming into town to visit, do you buy a car for them to use while they are in town for two weeks? And then does that car sit idle until the next time they come to visit? No, of course not! Logically, you would rent a car for them to use while visiting.”
In other words, in the short term cloud computing might not work out much less than other options, but in the long run it almost certainly will.
Protect Yourself Against Malware
Malware, abbreviation of “malicious software,” is a type of program manufactured with the sole purpose of infecting or harming a user’s computer or network. These are the more traditional of viruses, many of which are household names, such as worms and Trojans. Long gone are the days where malware was created by bored youths. Malware today is designed by professional criminals, making it much harder to spot.
Similarly with spam, malware is predominantly spread by emails. Be wary of any email that asks you to provide a password or any sensitive data, as well as any that only have a single message followed by a link, such as “learn more about this…” These can be spotted if you know what to look for, so a “do not open” warning can be sent round the department/workplace. However, because business Cyber Security is still far from bulletproof, downloads and emails from legitimate sources can still have malware attached that has slipped through the net. This requires greater measures as many are invisible to the human eye.
Malware security protection provides that all-important second barrier or protective layer for your computer or network. A well put-together Malware antivirus programme will have a few key characteristics. It should:
- Check any newly downloaded program for any malware risk
- Scan the full computer to check for any malware which might have slipped through the net
- Be regularly updated so it is capable of recognising the latest threats.
Malware protection is sadly not yet at a stage where it is absolutely 100% effective, but combining a degree of personal awareness with strong anti-malware software, the risk can be greatly diminished.
Ensure Your Business Is Clued Up
As a result of most businesses being a revolving door, your workforce can in many cases be a main target for cyber-attacks. Attackers will often target new employees at a company due to them being less aware of the make up of day-to-day emails being sent and received. Businesses should therefore ensure their full workforce are taught about the dangers of Cyber Security, and how to protect themselves. As well as educating them on the difference between legitimate and dangerous emails, and reminding them to never divulge login details or any other sensitive information.
Access to data should also be restricted in a seniority level infrastructure, so each employee will only have access to the minimum amount of data that still allows them to do their job effectively. This way the risk of a security breach is minimised, and in the case of one, it acts as damage limitation.
Have An Effective Response Strategy
If the worse-case scenario becomes a reality, and your business suffers a cyber-attack, you should have an effective response strategy in place. Any electronic device that leaves the office or the firewall perimeter should have remote tracking and emergency wipe enabled, so that threats can be traced, and worst-case scenario the sensitive data wiped if the threat level is high enough.
In terms of negotiating with the perpetrators, if a ransom is demanded you should never pay it, as there is absolutely no guarantee your files will be unlocked/returned, as was the case with the NHS attack. The full ransom was paid, but with absolutely no return or unlocking of the stolen data. You never know who or indeed what you are dealing with, so the best mechanism is defence and prevention rather than attempting to negotiate.
In 2017 we are find ourselves in somewhat of a catch 22 situation, where technology is advancing rapidly, which is on the whole very positive, however the advancement means cyber terrorism is on the up and is more complex than ever. While there are many prevention methods businesses can take, the most effective is still a workforce clued up on what a cyber threat looks like, and ways everyone can take to make sure both employees and the business are protected.
Don’t let the fear of a threat take over your life and obstruct your business growth, but always remain vigilant.