Today’s criminals are, on the surface, quite a lazy bunch – after all, now they commit their crimes without even leaving their own homes. Sadly however, for anyone who has fallen victim to cyber-crime you’ll be well-aware of just how smart and technologically sophisticated this new generation of criminals has become.
Individuals may believe that preventing cyber-crime is as simple as choosing a cryptic password and being careful not to share your personal data. However, if you’re running a business you have a lot at stake – not only your livelihood but potentially vital data about your clients or customers too. So what can you do to protect yourself against this constantly evolving threat?
The scale of the problem
Think cyber-crime won’t happen to you? Sadly, it seems a lot of UK businesses don’t consider it a particularly large threat with a study by broking giant Aon revealing in August 2016 that just seven per cent of small and medium enterprises (SMEs) have cyber insurance.
Putting your head in the sand, however, can be a costly mistake. According to the Office of National Statistics there were more than five million cyber-crime incidents detected in the UK alone during 2015. Indeed cyber-crime now makes up 44 per cent of Britain’s total crime. From this eye-catching total, 72 per cent of cyber-attacks come from organised gangs within the UK.
If you think that the bulk of criminals probably target large organisations, then think again. A Government Security Breaches survey revealed that 74 per cent of small organisations reported a security breach during 2015 – it actually seems that SMEs are being specifically targeted, perhaps because they lack the sophisticated security systems that are often in place at larger organisations.
So how can you protect your organisation?
The reality is that every day there are new cyber threats emerging and there is no fool-proof approach to protection. However, there are a number of measures to implement that can greatly reduce the level of the risk you face – that can help to protect you, or, at the very least, minimise the impact of an attack.
- Boundary firewalls and internet gateways: One or more firewalls should be installed on the boundary to your internal network. This should ensure that each service able to go beyond the firewall first meets with the authorised computer’s approval.
- Secure configuration: There are a host of basic technical steps you can introduce to minimise the chance of an attack, including the removal of unnecessary accounts and software; regularly changing passwords; and personal firewalls.
- User access control: The idea here is that user accounts should only be accessible to those with special privileges, i.e. authorised individuals. Special access privileges should be restricted to a limited number of trusted parties.
- Malware protection: Malware, including viruses and spyware, is written with the purpose of performing unauthorised actions. Malware protection software should be installed and kept up to date with regular scans.
- Patch management: Software running on a computer should be kept up to date. Make sure you are using licensed software that ensures security patches for known vulnerabilities are made available. This should include regular updates to software.
More sophisticated protection
The examples above are just a starting point – a basis and good practice to follow. However, if you’re really serious about security then there are further steps you can take.
Step one – Full encryption
It’s a straightforward first step, but make sure all of the data on your hard drive is encrypted as chances are it contains a treasure chest full of information – from email messages to chat logs to download history. Full disk encryption technology such as Microsoft Bitlocker or FileVault for Mac users are a good starting point to ensure that data is scrambled.
Step two – Encrypted file volumes
While full encryption is a good starting point, and an effective baseline of encryption, if you hold particularly sensitive data then you may wish to create a separate encrypted file volume for ultra-sensitive files. VeraCrypt and Ciphershed are two of the most well-established programs in this area. If you combine these programs with full encryption then your system is going to be as hard to crack as any.
Step three – Encrypt USB drives
Careless handling of USB drives can lead to data leakage. You can encrypt USB drives just as you would with your hard drive but this can cause problems if you wish to transfer data between platforms. As such look for hardware-based encrypted USB flash drives which will encrypt data as it is being copied on to the drive.
Step four – Trust in the RIGHT cloud
Cloud storage is designed to give you a fall-back in case anything goes wrong with your data and most firms go to great lengths to protect you. However, public clouds still carry risks so you may wish to rely on a private cloud on a network attached storage device or consider peer-to-peer private synchronisation where data is replicated automatically among privately owned devices.
Step five – Manage passwords
It seems like the most basic step in security, but passwords hold the key to your data. Password managers can help you avoid using the same mediocre passwords across multiple devices.
Of course, following these steps is not going to guarantee that nothing will ever go wrong and that you won’t be subject to an attack. However, they will greatly limit the risk of a breach taking place and help ensure you suffer only minimum consequences if the worst does happen.
Consider investing in cyber insurance too, as an added fall back and to limit the potential financial consequences if a breach does take place. Good luck and stay safe.