Is Cyber Crime the norm?
Virtually every week there is media coverage about increased security threats either business related or of a personal nature. Hence the title for my blog as delivered by the one and only Samuel L. Jackson from the film Jurassic Park. What prompted me to write this blog was having attended some interesting Cyber Crime talks and demonstrations at the recent Cloud and Cyber Security Expo at Excel. These highlighted how easy it was for experts to search for system vulnerabilities and to hack virtually anything. Some of this activity will be for the common good in terms of highlighting system/network weaknesses so that the system owner can then fix them and eliminate the vulnerabilities. However, a lot of this activity has criminal overtones with people trying to make financial gain at other people’s expense.
If you are a large corporate with lots of resources and money you stand a good chance of being able to limit your risk in this area. However, what if you are a small SME. You might only have 30 people working for you and limited resources. How do companies like this make it difficult for the Cyber Criminals and keep their business and staff as secure as possible?
An obvious place to start would be with your staff. Most companies believe their people are the biggest asset they have. The flip side is that from a security viewpoint they’re also potentially your biggest liability. They’re human, they get tired, they get careless and they make mistakes. They’re not machines.
That’s why there must be a culture of Security driven from the top down. It’s not just your finances that are at stake. It’s also your business brand and reputation. Organisations can’t afford security breaches or outages to be caused as a result of staff mistakes. The answer is to ensure that comprehensive on-going training is in place for staff. Criminals know that people are a potential weak link and will probe for weaknesses through things like Phishing attacks and social engineering.
Make the Cyber Criminals job as hard as possible
Having addressed the people issue there are some simple approaches that SME’s can take to ensure that they make the Cyber Criminals job as hard as possible.
- Protect your software by keeping it at the latest release and install updates as soon as they become available.
- Adopt a strong, companywide password protocol. Ensure that they contain a mixture of upper and lower-case letters, numbers and special characters. Some of the most popular passwords that people use are qwerty and password. Not exactly difficult to crack.
- Use Two factor authentication to ensure that you increase the layer of protection between you and the attacker.
- Encrypt confidential information.
- Backup important data regularly.
- Install security software (anti-malware, firewall).
SME’s should also consider gaining Cyber Essentials plus. The Government introduced the scheme to ensure the protection of data and for companies to understand how that data can be used, secured or compromised. The scheme is also backed by the federation of small businesses and the CBI.
The Scheme focusses on the following 5 essential elements.
- Boundary Firewalls and Internet Gateways
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Cyber Essentials is a self-audit only whereas Cyber Essentials Plus is where you are audited by an external accredited body.
Cyber Crime is here to stay. The conviction rate is very low. The attacks will become more and more sophisticated. Every business must protect itself against these attacks. Hopefully by SME’s adopting these suggestions the quote “God damn it! I hate this hacker crap!” will be restricted to repeats of Jurassic park on TV.
Writen by Graeme Brodie