They think “It wont happen to me”
Mistake 1, is they have a laid back attitude to cyber crime and think “What would anyone want with my data”. We’re a Steal Fabricating business or a structural engineering business, no one will have any interest in my data.
Cyber crime for the criminal is low risk \ high reward and unlike other forms of crime generally being local, can come from anywhere in the world.
You ARE a target and you CAN be a victim. Cyber crime can cost you thousands in fraudulent activity and system downtime.
Not having adequate AV Protection
Free products are worth every penny and generally only offer the basics.
Always check your software is activated and receiving updates. Also check, you doesn’t just have antivirus protection but malware too. A subscription based service from are generally best via your chosen IT Provider
Ensure it’s a Reputable company – ie Sophos.
They underestimate the number of different methods of attacks:-
Hacking – Speaks for itself. The Cyber Criminal hacks onto your systems and has full access to all data, either to damage it or steal its information. A good industry firewall from the likes of Sophos, Cisco or Sonicwall can hugely reduce the risk.
Malware ; in numerous form of Viruses, Ransomware, spyware, viruses, key loggers. Safe surfing, and a good anti virus product can help here, as well as a patch management solution and web content filtering.
Distributed Denial of Service (DDOS) – swamping your network or services so they are unusable.
Phising – malicious emails that look genuine but look to obtain key financial information or instructions on transferring money.
Social Engineer – often just mistook for phishing email, but sometimes these attacks are much sinister. Personal data is gathered from various online sources and used for fraudulent purposes. Be careful what information is available online, be it mobile numbers, dates of birth etc and also double check your privacy settings on social platforms.
They aren’t scrupulous with every email they receive
Most viruses and malware attacks come via email attachments and links to websites containing malicious software via a familiar sender; Apple, Paypal, eBay etc etc. If you click on the senders address you can often see the real sender ie firstname.lastname@example.org will actually be email@example.com
Never download the attachment, never click on the link, unless it’s an email you are expecting. If it sounds too good to be true, it usually is. Its highly unlikely the king of a small African state has left you money in his will and its even less likely the government is giving you a tax rebate (they only like to take it).
A good cloud based email solution should be able to deal with most spam, but its important to be diligent when looking at emails from an unknown source.
They have no patch management solution in place.
They don’t update their software. There’s a difference between upgrading and updating. Upgrading is moving from windows 7 to windows 10 or Microsoft office 2010 to Microsoft office 2016. Updating is ensuring your current software (be it windows, printing utilities, google plug ins etc) have the latest revisions applied. Hackers look for vulnerabilities in software and can use them as a “backdoor” entrance. This is often why newer versions of this software are released from the provider.
Ensure your computers have the latest updates and revisions. A cloud based solution is best. Your IT provider should be able to offer some guidance on this.
They have inadequate backups
Once an attack occurs and data becomes unusable, restoring that data is the only option. You need successful backups in place, in order to do that. Often sinister cyber threats can lie dormant on your system and infect good backups, so its important to have a good rotation.
The problem with Mistake number 6 is, the business owner often A) puts the trust of their backups in the hands of their provider and “assumes” all is well or B) has no provider and is unware if backups are working or not. Either way, the business owner is in the dark. You should be getting regular reports from your provider on the success of your backups.
Its essential you have a good backup rotation, giving you multiple days (preferably weeks) worth of backups to go back to and a good cloud based backup solution in place.
They don’t have a cyber safe culture
They assume viruses and hacking are the only ways their can lose money due to cyber crime and discount social engineering. This is manipulation via the telephone or emails when a person claims to be someone you know and trust, ie the bank or a work colleague, when in fact they are a criminal using information they have gathering via social media sites that enables them to pose as the trusted individual. This is the area where most money is lost …….. 80% in fact (according to the Yorkshire Cyber Crime Unit).
Things to do; raise staff awareness of the dangers. Never click on a link from unknown source. Put proper procedures and systems in place for making payments to suppliers and any new suppliers. Inform staff that a director would never email you asking you to make a payment and if they did, it would always be confirmed verbally or in person first.
They have inadequate or no firewalls on their network
A firewall is a network security system that monitors and controls incoming and outgoing network traffic. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.
In essence, it keeps the bad guys out of your internal network and gives you the ability to monitor and limit what can be seen on the outside network (the internet).
Without a firewall, your network is wide open to attacks.
Its essential that your firewall has the ability to use Unified threat management (UTM). The cheap and cheerful products tend to not have this and essentially are just chocolate fireguards.
UTM does the following:-
- It secures the network from viruses, malware, or malicious attachments by scanning the incoming data using Deep Packet Inspection.
- It prevents attacks before they enter the network by inspecting the packet headers.
- It prevents access to unwanted websites by installing enhanced web filtering.
- It provides ability to update automatically with the latest security updates, anti-virus definitions, and new features so that minimal manual intervention is required beyond initial set-up.
- It enables administrators to manage a wide range of security functions with a single management console.
Ask your current IT Provider if your firewall has UTM enabled.
Mistake 9 is password security.
It’s important that your place of business has a good schedule of password rotations, recommended at 60 days.
For home use; you should not have weak and\or the same password for everything. The password for HSBC online banking should not be the same for Tescos, Tescos should not be the same as Facebook and so on.
Consider Turning on “two factor authentication” – learn more about turning on two factor authentication @ www.turnon2fa.com
Consider having different passwords for different sites and using online secure password managers like DashLane or LastPass.
They don’t report it!!. If it’s not reported to the Cyber Crime Unit, they aren’t aware of the dangers out there. Its important for them to be aware of new threats, how to advise other businesses on protecting themselves and investigate when the threat came from.
The first point of reporting cyber crime or attempted cyber crime should be the national fraud and cyber crime reporting centre on 0300 123 2040
I hope you have found this blog useful if you would like any advice on protecting your business from cyber crime, please feel free to email us on firstname.lastname@example.org