Most modern businesses rely on computers with a fast and reliable internet connection. As soon as you connect any business computer to the web, however, it becomes vulnerable to a whole range of threats, from viruses and trojans to hackers and the latest ransomware. Rather than simply seeking to cause damage, cyberattacks on businesses are increasingly targeted and intended to extort money rather than just cause damage through corruption of data.
In this article, I want to look at the current state of cybercrime and what you can do to protect your business from it.
The Price of Data
Increasingly, our businesses and the transactions and communications we make are visible online, whether that be emails or financial information we store on our cloud accounting system. That means a massive amount of information, which presents a tempting target for the cybercriminal looking to make a quick buck.
Like any other stolen property, stolen data has value to a cybercriminal and the extent of this is based on how easy it is for said criminal to sell it on or exploit it financially. Information like credit card details and login passwords are openly traded on the dark web and stolen business data is increasingly being linked to sophisticated fraud or out and out blackmail. Stolen card details, for example, can not only be used to make purchases, but can be the basis of identity theft too.
Although high profile data breaches like that at TalkTalk make the headlines with depressing regularity, the fact remains that the majority of cybercrime is entirely preventable if you take the right measures. Don’t be fooled into thinking that if big corporations can’t protect themselves, then your small business may as well not bother trying.
Such high profile attacks are generally undertaken by extremely advanced and motivated hackers, using sophisticated techniques or software and may even be state sponsored. In these cases the targets are well protected. However, just like burglars, the majority of cybercriminals aren’t looking to break into Fort Knox but are instead, looking for a soft target – the equivalent of an open window or unlocked garage. This can be something as simple as a misplaced USB stick or an unpatched network server.
The battle against cybercrime is a constant struggle between the perpetrators and security providers. In terms of protecting your business, there are three key areas to consider, which I now want to discuss: internet security, network security and endpoint security.
The internet has become an almost essential part of everyday life, and it’s almost impossible to contemplate doing business without it. However, like any big city, the web has its dark side – it’s rife with malware, phishing emails and keyloggers intent on stealing your data.
The recent trend towards storing data and sourcing systems in the cloud has only served to place extra emphasis on the importance of securing your internet activity. While services like OneDrive and Google Docs are incredibly convenient, especially for smaller businesses, they do present an extra security risk.
The first step to protecting yourself is to ensure that all browsers, mail clients and other software used to access the web are kept up to date with the latest versions. Cybercriminals often seek to exploit known exploits in programs, so the more up to date your software is, the safer you’ll be.
You also need to make sure you use strong passwords to protect your online accounts. Choose a combination of upper and lowercase characters and numbers and, crucially, never reuse passwords on other accounts. If you think you’ll have trouble remembering them all, there are many good password manager programs available to help.
The data on your network is likely to be essential to your business, so it’s vital to ensure that your servers and other network devices are protected. Your network is only as strong as the weakest device, so adding Internet of Things connected devices to your business network, like connected security cameras can introduce unexpected vulnerabilities.
Protection with a good firewall is a good starting point, and you should also look at things like web proxies and access control lists, as well as reviewing your admin passwords and who has access to them.
Increasingly, people are moving away from working on desktop PCs to using portable devices like tablets and smartphones. This, added to demand for BYOD, places extra stress on securing these endpoint systems. You need to keep an inventory of all your hardware, so you know if something is missing.
You should also consider installing security software that allows you to wipe devices remotely, if they’re lost or stolen. Encrypting business data on devices and USB sticks is vital too, so that if they do get lost or stolen, your data is protected.
Keeping up to date with computer, network and endpoint security can seem daunting to even the most tech savvy small business, let alone a sole trader with little technical IT experience. For many SMEs, outsourcing their IT is the simplest and easiest way to ensure they stay on top of security and ensure their data is safe and backed up.
Whatever you opt for when weighing up the relative costs of outsourcing or in-housing your IT, it is important to factor in security as a major consideration.
Because, when all’s said and done, you wouldn’t leave your office unlocked, so why leave your computer unprotected?