The chances are that whatever your business is from; oil pipelines to boycotting pipelines, to the business pipeline, you have some exposure to the internet. Although that brings a host of benefits, it also brings vulnerabilities. Approximately $4.2b of vulnerabilities, according to IC3, the FBI's internet crime complaints unit. (Move over NCIS. This FBI spin-off has legs.)
We have all seen the Hollywood image of the wunderkind hacker in his mum's basement, clad in, pot noodle-stained hoodie staring at screens of cascading 1s and 0s. And while the notion that these evil genii are locked in a subterranean purgatory might offer some comfort when you find yourself locked out of your system, it is, at best, cold comfort and probably erroneous.
According to law enforcement, the idea that these benign young men (they were almost always portrayed as men) would be prevented from causing any serious disruption by their appalling social skills and poor personal hygiene, is like most stereotypes, wrong. Hacking has become a multi-billion dollar industry with sophisticated players from state espionage to organized crime and individual actors a flourishing market for services. The increased use of "off the shelf tools" and gangs specializing in specific elements of the hack or data gathering has gathered pace.
In such a world, what can you do to keep your business safe?
Well, the horrifying truth is you probably can't. Bridge Prof. of Cyber Security and Policy at Tufts, Susan Landau, rather chillingly recently said; there are two types of threat, the ones you know are there and the ones you haven't yet discovered. What you can do, is your best to be prepared.
So here are some useful tips. As ever, a lot of virtual crime is indiscriminate and opportunistic just like the real world.
If I Have Told You Once
As much as is humanly possible, keep all your devices' software up-to-date. Interpol suggests we pay attention to security alerts, update security patches, conduct periodic systems checks.
Where ever possible, automate updates on all company devices.
Send reminders- Via company email, SMS, WhatsApp. Make sure it gets noticed (without crossing the line into nagging) This is especially important with so many companies following dispersed working models.
Ditch one of those unproductive meetings that have crept into the schedule and have an IT clinic for updates, backup and training.
Prevention Is Better Than Cure
Do invest in antivirus software, firewalls, spam filters, and of course, training.
Don't download from untrusted sites.
Try to ring-fence critical areas of the business. As Prof Landau suggests separating corporate IT from operational systems with strong security between the two.
With the proliferation of ransomware attacks, we can't stress it enough; back it up.
Have at least one backup. Use a reliable cloud service provider or, if possible, keep important data cold (offline).
(LaRock et al, 2021)
Keep it Real
Verify emails and websites with a phone call or entering the official URL yourself.
Look out for similar email addresses, websites.
Use two-factor(2FA) authentication for staff accounts/customer accounts.
But don't kid yourself that this is foolproof; hacking 2FA is indeed horrifyingly possible.
Give regular training to staff about the latest scams and how to avoid them.
Be smart about what you post on your social media and who can see it. "Our anniversary, 3 years today" On a time-stamped public post could drastically alter the budget for the anniversary dinner.1) Shred sensitive data.
2) Use different strong passwords for every account.
3) Run tests to find weak links (excuse the pun).
4) Look out for changes in - email addresses, bank accounts.
5) Unexpected requests, messages that try to create a sense of urgency.
However, try to avoid naming and shaming if your staff aren't au fait with phishing, social engineering, then it's likely the training, and not the staff who are not up to scratch.
Assume that your emails can be seen by others/everyone… you might think the account manager of your biggest client is an obnoxious little… (Decency laws prevent us from printing that!) But maybe don't leave a paper trail to that extent, even a virtual one.
Don't Pay Ransoms
At least think twice. As Accenture point out in their 2021 Cyber Threat Intelligence Report you won't necessarily get your data unfrozen. Let's face it the criminal who has just broken in and jeopardized your livelihood, is probably not going to top your list of most trustworthy business partners.
Do let law enforcement know. (IC3)
The more funds they collect the better equipped, the better incentivized and the better-funded these criminal actors become.
Guess we have to finish with an apology. The ergonomic furniture we usually talk about may let you relax in reassured comfort the above probably has the opposite effect. This is by no means a relaxing bedtime read or an exhaustive list of the problems or solutions that face the modern connected business. We'd urge you to do your own research and take steps to protect yourself and your business.
Eazeechairs or its affiliated companies do not endorse or recommend any of the products or services mentioned. Eazeechairs cannot be held responsible for any external or third-party hyperlinks. This article is written for purposes of entertainment/interest only and should not be used as a guide to best practices or cybersecurity. The opinions contained in this article are those of the writer/s and do not reflect those of Eazeechairs.
Green, M. (2021, July 20). 12 Ways to Improve Cybersecurity. [Illustration].
McAlaney, J. & Thackray, H. (2019, April 17). There’s a massive cybersecurity job gap – we should fill it by employing hackers. [Illustration].
Segal, C. (n.d.). 8 Cyber Security Best Practices For Your Small To Medium-Size Business. [Illustration].
Lewis, S. (2021, March 15). Why You Should Keep Software Up-To-Date. [Illustration].
LaRock, T. et al. (2021, April 23). 4 ways to perfect your corporate data backup strategy. [Illustration].
Krakoff, S. (n.d.). The Top 5 Reasons You Should Consider a Career in Cybersecurity. [Illustration].