Are you at risk from cybercrime?
In July 2016 the Office for National Statistics (ONS) reported there had been more than 5.8m incidents of cybercrime in the past year, with one in ten adults being a victim.
The 5.8m offences were made up of:
- 3.8m fraud offences, including 2.5m incidents of bank and credit card fraud;
- 2m computer misuse offences, including 1.4m virus attacks;
- 600,000 estimated offences related to unauthorised access to personal information, such as hacking of email, social media or other online accounts.
Cybercrime has become one of the UK Government’s key objectives as highlighted in The UK Cyber Security Strategy 2011-2016 Annual Report. The report states “we are also living in an uncertain and insecure world – both real and virtual”.
The 2010 National Security Strategy identified cyber as one of the top threats to the UK. In response, the Government has invested £860 million since 2011 in their National Cyber Security Programme, with the aim of making the UK one of the most secure places in the world to do business online and to build the UK’s cyber security knowledge, skills and capability.
How can you safeguard against cybercrime in your business?
Intrusion detection and exfiltration monitoring are imperative. You need to know if someone has got into your network and what they have stolen. However, with any data breach comes reputational and financial risk. Ideally, fraud needs to be stopped in advance, not reacted to.
Businesses have a variety of options, including software fail-safes that prevent sensitive data from being sent to off-network sources, two factor authentication and robust internal processes.
A multiple defence mechanism approach is necessary with layers of defence needed to keep intruders out. Even with the best systems in place, however, there remains a real challenge.
Social engineering attacks have always been an issue that’s difficult to tackle, as hacking people is often easier than hacking sophisticated tech. A key area is detection and monitoring of phishing emails as well as training staff to avoid social engineering attacks. All organisations need to prioritise fraud prevention and there needs to be focus on education of not only employees, but customers as well.
Effective security requires a combination of technology, intelligence, and people. Here are our top tips to help you improve your own IT security.
Do these yourself:
Use a password manager. These are strongly encrypted places to store your passwords, so you only need to recall one! Secure it with a passphrase – several words strung together. With a password manager it’s much easier to make sure your passwords are secure and unique without having to commit every single one of them to memory. Another advantage is that you can share passwords with other people securely. There are many products on the market, such as LastPass, RoboForm and Dashlane.
Never re-use a password. If just one site is hacked, then all the accounts that use the same credentials are vulnerable.
Use 2 Factor Authentication if it is available. 2FA uses a second channel, like an SMS or special security token, to further secure your account. It’s worth the tiny extra hassle for the comparatively huge security benefit.
Don’t change your passwords frequently. It actually makes security worse, not better. Pick a stronger password and commit it to memory. If you must change it frequently, pre/append extra characters rather than replace characters – a longer password is always more secure, and it’ll still be easy to recall.
NEVER save a password to your phone’s address book. Nearly every app you install has access to your address book! Likewise, don’t keep a file on your computer storing passwords. Instead, use a proper password manager.
Use a password manager. Did we already mention this? Put all your eggs in one secure basket, then guard that basket with a long passphrase.
Make up answers to your security questions. In this age of social media, it’s breathtakingly easy to find out the kind of basic information about a person that provides the answers to most security questions. Your answers don’t need to be truthful – in fact, they shouldn’t be if you want them to be secure.
Ask your IT manager to:
Install updates. Many programs are hacked every day; with patches installed to re-secure them you won’t be affected unless unlucky.
Fully disable MS Office macros and Windows scripting. Very few people ever use these, but they are the single most common entry point for ransomware. Many attackers use a “Click here to view this document” trick to get around lesser defences.
Ensure back-ups are routine and physically separated, not just on a remote network share. Ransomware can now destroy networked drives – an expensive experience!
Scan emails that come in for suspicious attachments and senders. Always take care you know who you are replying to!
Ask your Accounting staff to:
Double check requests for payments “in a rush”, “as a favour” or “Urgent today”, even if “from” the CEO themselves! Check via a second channel such as voice – don’t just hit reply. This kind of attack is called “Spearfishing”, and is usually very convincing.
These are all simple steps you can take towards better cyber security; however, they only scratch the surface. Consult a respected professional as this is the fastest moving field in the world today, and advice valid at lunchtime may not be suitable by dinnertime!
Do you have any top security tips to share? Let us know in the comments or on Twitter or LinkedIn.