Are you prepared to protect information and profits from being stolen from your business? Cybercrime, we’ve all heard about it. It is one of the biggest threats to your business and making a cyber security plan is one of the best ways to combat this. But how do you know if you have been robbed of your business information?
The potential fallout from any data or security breach can be catastrophic for a business. It can mean third party claims from those who were impacted by your business’ security breach, the expense of notifying clients, suppliers and relevant authorities of the security breach, the fees associated with employing the services of an IT forensics expert to confirm how the incident happened and the potential replacement of computer hardware.
The reputational cost of a major breach can also be extremely damaging and regulators will not be amused. Depending on the content of the data which has become compromised, there may be obligations to report the security breach to the Data Protection Commissioner which can carry fines of up to €100,000. At worst, cybercrime could lead to the failure of the business. In fact, Cybercrime is costing the Irish economy about €600m per year according to PWC and it’s on the rise. Reported instances of cybercrime have risen dramatically in Ireland from 24pc in 2011 to 45pc in 2014.
Attackers can live behind the scenes unbeknownst to you tracking data until they find something of value to them. In 2013, the average number of days where attackers were present and undiscovered within a company network was 229 days, according to Mandiant’s 2014 Threat Report. These criminals who make their living by stealing other people’s funds and data are highly organised and savvy, and are often members of global gangs who operate from legally uncooperative jurisdictions, making them difficult to track down or catch.
The Results of Cybercrime
The results of cybercrime are simple. They include, tricking business owners and staff into releasing financial security details to facilitate the authorisation of fraudulent payments. This often happens through unsolicited emails or calls seeking confidential security credentials. The techniques employed can be very sophisticated and the human tendency to trust others can quickly lead to the handover of bank account details and other valuable information.
Cyber Security Plan
It is critical for businesses of any size to have a robust cyber security plan. Protecting a business against cybercrime is a simple process and there are some key decisions to take. This plan should cover areas such as:
- Always keep your security credentials and passwords secure. Never write them down or share them, use strong passwords with no obvious connection to you that contain a mixture of letters, numbers and characters.
- If you allow remote working, ensure that the same security policies that are applied in the workplace are also applied at home.
- Regularly review user roles and privileges ensuring you have a good IT infrastructure including anti-virus software and firewalls.
- Most importantly, ensure your software is routinely updated and run regular scans of your computer or network to check for the presence of Trojans.
- Be careful when using USB devices such as memory sticks as they may contain malicious software that can infect your computer and potentially bypass network firewalls.
- Be suspicious of unexpected emailed correspondence, even if it claims to be from your bank. Never enter sensitive personal or business information, including security credentials, via a web link attached to an email. Be suspicious of all unsolicited or unexpected emails or telephone calls, even if they appear to originate from a trusted source. You should never provide your full security credentials over the phone. If asked for this information, end the call and contact your bank using a trusted telephone number from an alternative phone line.
- Consider employing an expert to put a robust cyber security plan in place and that can followed by the wider business.
The impact of cybercrime on a business cannot be underestimated and the associated costs can be very significant. Everyone has a major role to play in the fight against cybercrime and take action against the fraudsters. You can play a role by reporting any incidents of cybercrime or malware infections you experience to the authorities and by ensuring that you put a cyber security plan in place today.