It is apparent to all that cybercrime is on the rise. The attacks in the last few years, Wannacry, Petya, and others have brought a new phrase – ‘Ransomware’ to our attention.
The top three threats are as follows:
1. Malware – software designed to disrupt, damage, or gain unauthorised access to a computer system. Employee education, regular updates to browsers and installing endpoint security will help to prevent malware infections
2. Cryptojacking – secret use of your computing device to mine cryptocurrency
3. Botnets – network of private computers infected with malicious software and controlled as a group without the owners’ knowledge
A common perception among SMBs is “We’re too small for the criminals to bother with !“
Sadly, that is not strictly true, the criminals will target whoever they can. It costs nothing to attack the small fry, and if they gain a few thousand from each, well, that’s a reasonable reward for practically no effort ! Why limit themselves to the big fish, who anyway, probably have the strongest defences ?
In a survey of 1,000 SMBs, 38% declared they are too small to be targeted.
Don’t be fooled, SMBs are in the firing line.
A caller asked if we could confirm that the spoof email his customer received did NOT come from him. It instructed the customer to pay the recent invoice to ‘their new bank account’, which he did.
Our caller then asked for the invoice to be paid, the customer refused as he had already paid it. They continue to discuss their positions.
The same survey of 1,000 SMBs shows 39% of respondents said, “The data we hold isn’t worth stealing.” Not true. The fact that you can’t see the value in people’s names, addresses and other details just shows you don’t think like a criminal !
Approximately two-thirds (68%) of SMBs surveyed believe that employees responding poorly to cyber attacks are the greatest threat to their business.
Paradoxically, it is also perceived (64%) that employees with the appropriate training are one of the strongest protectors of their employer’s digital security. Training provides knowledge of the types of attack they could encounter, what they should look for to identify it and what to do in the event.
Raising employee’s awareness of the cyber criminal’s methods means they become a strong element of the business’ security strategy.
A checklist of cyber security issues would include,
- Firewall, controls the flow of data, allowing or denying access to the network.
- Anti-virus/Anti-malware programs. Is it up to date ? Is it paid for ? There are many free AV suites available, but these are really not regarded as a professional or sufficient solution.
- Bring Your Own Device strategy. Is that home laptop secure ? Who uses it, and for what ?
- Staff training, it’s inexpensive and even more, cost-effective.
- Remote working. Is the link secure, as it allows access to your business network ? Are there robust passwords in place ?
- Email filtering, prevents unwanted emails getting to users’ mailboxes.
- Website filtering, detects unsecure sites, prevents accessing them.
Once your business knows it needs to create a roadmap and then you need to review your infrstructure and consider possible investment.
So how do you make the case for cybersecurity investment?
1. Map the data at risk; consider the impact of a breach – including monetary and financial
2. Evaluate how different breaches could impact stakeholders – customers, investors, employees
3. Consider how a more proactive approach could enable digital transformation and other benefits
Contact us to discuss any of these issues, we are ready to help