Computer Security, Lockdown Working & Returning To The Office
Don’t let lockdown, or returning to the office, impact your security
The following is taken from an Illuminate presentation on cyber threats, computer security and how best to protect your business.
If you’re interested in seeing how your current computer systems face up to today’s digital threats, get in touch, our team’s priority is protecting your core business, not just your IT. Alternatively, we are happy to discuss presenting for you and your business to give you a better understanding of computer security and the issues related to it.
More than half of UK businesses in 2019 reported being the victim of a cyber attack. Other than the large number of those affected, the most worrying facts are that many more fell prey to cybercriminals and didn’t report, whether out of embarrassment, saving face for their customers or thinking that the matter was internal and best handled that way.
During the pandemic, when many businesses were left vulnerable due to reduced staff, remote working and inadequate security protocols, this number rose by 31%, which includes:
- A 400% rise in brute force attacks (a criminal actively trying to get into your systems)
- A 667% surge in email scams (all since last March)
- A 2000% increase in infected files with ‘zoom’ in the name.
The impact of these crimes and the financial loss has been staggering. In 2019 alone, before the Covid-19 pandemic and the rise in reported crimes, the cost to the UK economy was £8.8 billion.
This type of attack is not easy to recover from for many businesses as it can come at a significant cost to any small and medium-sized enterprises (SME). This figure doesn’t include the costs of staff downtime and building back the businesses reputation, which depending on the scale and sort of data compromised, means it can force many businesses to close permanently.
From a Hiscox 2018 report, it is estimated that 73% of organisations:
- Are not prepared for any form of cyberattacks
- Have a fear of the unknown when it comes to this form of security
- Lack the staff or budget to spend on cybersecurity
- Are simply complacent; a common thing we hear is ‘We’re not that stupid’; we know this, but so hackers and cybercriminals, and so the different types of attack you can face range from simple to incredibly advanced.
One of the things Illuminate stresses, and many other security experts will agree on, is that this form of complacency is misplaced.
Cyber attacks take on many forms; some use phishing to infiltrate your systems and steal money by, for instance, presenting false invoices for payment. Some others will make money from seizing your data and holding it for ransom. This data capture is not exclusive to Big Business. If your data is important to you, and I’m sure it is, it has value and is attractive to cybercriminals.
The effects of COVID on business are well documented. With the closure of shops and retail outlets, consumers have moved online and used credit cards, presenting easy pickings for cybercriminals.
Some types of attack many have seen in the last few months, and you may see going forward include:
- Fake meeting requests for Zoom to gain personal information.
- Social media scams, as people turn away from traditional media. Facebook is fighting with fake news and those offering COVID tests for a fee.
- Falsified job adverts and contact requests on LinkedIn attempting to take advantage of those who have lost jobs and are looking for new work.
To sum everything up, cybercriminals have seen COVID as an opportunity, and these guys are ‘professional’; quick to capitalise on the opportunity.
As businesses have moved to home working for staff, the opportunity for cybercriminals to infiltrate and exploit businesses has increased. Organised crime groups actively seeking companies, desperate situations, holding data to ransom. There has been a massive increase in ‘leak sites’ which publish stolen data, 80% of which has been leaked after 23 March, when the lockdown began in the UK.
Even with the most professional computer security systems in place and a team of dedicated experts on call, nothing can guaranteed completer security. One of the main reasons for this, human error.
Over the last ten years, we have helped many clients manage their IT systems and computer security, and every single breach we have faced has been down to some form of human error. Lack of knowledge and the fact that many small businesses do not have the time or money to spend are two main factors.
I’m not sure IBM’s chairman knew about COVID when she wrote this, but ‘Cybercrime is the greatest threat to every company in the world’. Still, whether it causes reputational damage, loss of money, Cybercrime is everywhere.
Fact: Cybercrime is now the fastest growing crime, predicted to cost $6 trillion this year.
Methods of attack
Here are some types of attacks you and your staff should know about:
- Eavesdropping – network traffic, obtain credit cards, passwords etc.
- Vishing – info over the phone, also known as a tele-scam
- Spim – spam over internet messaging
- Smishing – fake SMS messages
- Drive-by – downloads can happen when visiting a website or viewing an email message or a pop-up window. This attack doesn’t rely on a user to do anything to enable the attack actively — you don’t even have to click a download button or open a malicious attachment to become infected.
So why do they do it?
The main reason is that it is incredibly lucrative. $174,000 can be the salary for a hacker, and most organisations are open to attack without realising
The most common attack is ransomware. Attackers use a malicious script in an email that, once clicked, encrypts data (on server or cloud), to which they then ask for bitcoins to give you unlock key.
However, even if you pay the ransom, you are not always then safe. Attackers may keep copies of your data to sell or come back at a later date and re-ransom.
And by the way, they aren’t targeting you because they want your data, most of it (unless it is really juicy and they can sell it to the press, is worthless to them, but they know how much it means to you – it can make or break your business.
Anti-virus still is no longer enough, so what can we do?
As an industry, we are at the forefront of all attacks and are often blamed in the event one occurs, as if somehow we can wave a magic wand and make it all go away. But like everything else in businesses, it is down to everyone to work together to understand and accept the risks versus the budget available to mitigate them.
It is vital to get a board-level agreement on a cybersecurity culture embedded in everything an organisation does.
All of us should have data security at the forefront of our minds in everything we do: every single day.
This includes thinking about simple things such as:
- What we post on social media
- What information we give out on a call
- Do we leave passwords in the open (many write and leave theirs on post-its)
- Does every employee have the same password?
Continual staff training is essential, on everything from internet security, the protection of computers and steps to stay safe and help boost their business’s security measures.
However, many think this involves dull and expensive two-days courses; however, excellent training for staff can be
- Little and often
- Not boring courses
Just some common tips every business should adhere to are:
- Know what makes a good password
- Not Password01 or letmein
- Do not use the same password for all accounts
- Password managers
- Encrypt your laptops, hard drives, USB drives
- Or stop using USB sticks and move to the cloud
- Patches and necessary updates for all hardware and software
- Yes, that includes windows updates
The top five things to do for your cybersecurity
- Create CULTURE
- Carry out continual bite-sized, fun TRAINING
- Do a Security AUDIT
- Test your BACKUPS
- Plan for a DISASTER
Cyberattack is real; it happens, but rather than being scared, be prepared.
We offer a range of complete management and ad hoc services, including a free dark web scan of your business email addresses to see if any employee’s accounts appear there. It can make for interesting reading. Whether it’s assistance with computer viruses, security threats, data breaches or updating your computer networks and operating systems, give us a call.