Cyber security: steps to reducing the cyber crime risk

Cyber security: are you following these steps?

There’s been a significant increase in cyber crime, with both large and small businesses at risk. In 2014, it accounted for 20% of all UK economic crime, just two years later it now accounts for 44%.

The threat from cybercrime is so severe that it should be an issue for boardroom discussion.

Cyber-attacks on businesses fall into two main categories: hacking and ransomware.

Posted 12/12/2016

Hacking

There has been a spate of hack attacks, with one of the most high-profile taking place in 2016, when hackers stole at least £2.5m from 9,000 Tesco Bank current account customers.

It’s thought that customers’ debit card details were harvested using an automated mass attack. This probably involved supercomputers rapidly trying out random combinations of numbers to access the cardholders’ money. The hackers checked they’d gained the correct card details by making low-value online purchases. Such purchases aren’t automatically blocked after a few failed attempts.

After confirming the card and security codes, the hackers plundered thousands of accounts and sent much of the money to Spain and Brazil. With such dazzling rewards tempting hackers, no business involving customer accounts, from dating sites to e-commerce sites, is completely safe from attack.

Here how to reduce the risk:

Issue account holders with card readers

These card-sized devices generate a random and unique passcode each time the customer inserts their card into it and uses their PIN. This securely authorises the transaction.

Ban ‘Bring Your Own Device’ (BYOD)

Allowing staff to use their smartphones and tablets for work increases the risk of introducing malware to a ‘secure’ network. Also, confidential customer details can end up on personal devices that could get lost, stolen or taken by a rival employer.

Stop staff downloading personal apps to company phones

Mobiles can introduce malware to secure networks. Make sure all corporate devices are encrypted and monitor employee use of apps and data. To avoid staff downloading apps and software in the first place, supply the productivity tools and the financial software they need.

Ransomware attacks

One of the most common forms of cyber attacks is for software to take over businesses’ websites or computers, encrypt all the files and freeze all usage. A ransom demand usually swiftly follows, with payment needed to restore access. Ransomware attacks affect staggering 36% of businesses each year.

How to reduce the risks:

The first step is recognising that there’s a huge chance of being targeted by ransomware. Once the threat is recognised, it can save a lot of disruption – and money if you put a plan in place to deal with it:

Backup critical files routinely and regularly. To cut the risk of backup copies being targeted along with the software that’s in use, keep them separate from the main systems
Consider taking out cyber insurance
Have a list of staff to go to in case of an attack, including I.T. staff, legal experts and PR advisors
Regularly update all cyber security systems and install security patches as they’re released

Above all, businesses shouldn’t just rely on a single anti-virus or anti-malware system. Instead, it’s best to employ a range of systems, each dedicated to a different type of attack.