Businesses of all sizes are at risk from the ongoing threat of cyberattacks and the theft of sensitive data. George O’Dowd from Novi Technology details the risks businesses face from cybercrime and the steps they can take to protect their business.
Many businesses have fallen victim to security breaches without their knowledge. An ageing infrastructure and a growing trend in the automation of cyberattacks – making them smarter, harder to detect and more widespread – is contributing to the increasingly delicate security environment.
SMEs in Ireland are taking risks with their reputation and their ability to conduct their business by overlooking the dangers of cybercrime. A recent survey by Zurich Insurance revealed that nearly half of SMEs surveyed didn’t feel that they needed to protect their business against cyberattacks, despite listing data protection as one of their biggest concerns.
Small and medium-sized business owners need to become acutely aware that they are as likely to be hit with cybercrime as their bigger competitors but they are less equipped financially and operationally to absorb the impact.
Below are some of the ways criminals can gain access to your data – and what you should do to protect yourself.
1. Malware
Using malware hackers can silently transfer your customer data or intellectual property to external servers where it is collected and sold for substantial gains. More often than not employees provide access to systems by clicking on a compromised email or a disguised file download.
2. Unprotected systems
Criminals can also get inside your network by targeting security vulnerabilities on unpatched devices. Many businesses have fallen victim to ransomware, whereby company data becomes encrypted, leaving the business paralysed unless a ransom is paid to criminals for the unlocking key.
Nearly a quarter (23pc) of Irish organisations have been held to ransom by a hacker, and yet the vast majority (93pc) assert they would never pay a ransom.
3. Exposed Wi-Fi access
Poorly configured wireless access points are often an easy way to access corporate networks from outside the building, and in some situations guest access is not partitioned from internal systems, leaving company data exposed. Organisations, small and large, should implement more complex password policies that need to be regularly changed.
4. Unsecured devices
Laptops should be encrypted and you should be wary of the devices you allow to connect to your internal wireless network.
5. Data storage
If you are using cloud-based service providers ensure they are credible and that your data is encrypted and protected offsite. For online businesses it is important that you don’t store customer payment data on your servers, ensure servers are regularly patched and updated and consider implementing safeguards against distributed denial of service (DDoS) attacks. A DDoS attack consists of hundreds if not thousands of connections being made to your systems at the same time, causing them to become overwhelmed and unusable, which can lead to significant loss by forcing your website offline.
Practical security steps to protect your business from cybercrime
Business owners and managers need to take security seriously and stop thinking it will never happen to them. They need to continuously educate employees about the threats and how to protect themselves from falling victim.
The EU’s new General Data Protection Regulation will come into force in 2018 and could result in companies being significantly fined for allowing security breaches to compromise their customer data.
So what practical steps should you take to help protect your business from cybercrime?
- A poorly-configured firewall or a firewall that does not offer advanced threat protection is a guaranteed security risk. Firewall policies should be regularly reviewed by experts to ensure that they are offering maximum protection
- An internet monitoring system helps identify unusual internet activity on your network such as a malware-infected device
- All devices should have an up-to-date anti-virus and anti-malware installed and security updates should be applied to address any vulnerabilities
- Remote access to corporate networks should consist of an encrypted connection consisting of two-factor authentication (a username and password along with a unique code generated by a phone app or a key fob that you need to enter when logging in)
- An email protection system helps block malicious emails reaching employees and minimise their chances of falling victim to a phishing attack.
A well-documented security breach at Target in the US resulted in the theft of credit card details from 40m customers. Criminals gained access by sending a phishing email to an unsuspecting air conditioning contractor who provided them with his username and password. Had Target implemented two-factor authentication the username and password alone would not have provided the criminals access and, as a result, cost the company $162m.
Cybersecurity is not the new buzzword, it is something every business needs to be concerned with.
George O’Dowd
George O’Dowd is the founder and managing director of Novi Technology. Novi offers a wide range of IT managed services and proactive IT support to SMEs across Ireland, including Novi Cyber Security Monitoring is a cloud based service that collects, logs and analyses internet usage patterns to identify suspicious activity n your environment. With offices in Dublin, Cork and Kildare, Novi specialises in IT security, cloud computing, disaster recovery, IT resourcing and day-to-day IT needs. Contact hello@novi.ie.
Padlock image via Shutterstock