Be strong, be safe: How to protect your business against cyber crime

RSA Insurance cyber expert Craig Watson discusses modern fraudsters’ tactics and how businesses can protect themselves against cyber crime.

There are more new and emerging technologies in the modern business world than ever before, but this also brings with it new methods of fraud, especially around cyber. SMEs need to consider the risks as well as the innovation that modern technology brings. Your company may have fantastic physical security but you may still be losing thousands due to the following:

Email cloaking – where the finance team gets an instruction from the MD or CEO and it looks and feels genuine. They transfer money and then discover some weeks later it was a fake.

Phishers – pretend to be legitimate companies and use spam, fake websites, emails and instant messages to fool people into handing over sensitive information or clicking on a malicious link. More than 1,250 brands were hijacked by phishers in the first quarter of 2016, according to the Phishing Activity Trends Report published by the Anti-Phishing Working Group.

Malware – An abbreviated term for “malicious software,” the intent of malware is to damage or disable computers or computer systems – often for the purpose of extracting a ransom. It’s a comprehensive term for a variety of threats, including computer viruses, Trojan horses, adware, spyware, and worms. Malware is typically introduced to a company’s computer system via email attachments, downloads, or operating system vulnerabilities.

Password Hacking – As the name suggests, this occurs when a con artist attempts to access your systems by figuring out your password.

Distributed Denial-of-Service (DDoS) Attacks – Hackers disrupt service to your company’s network by sending high volumes of data or traffic, thereby overloading it. For many companies, that means business comes to an abrupt halt, which can cause thousands of pounds in lost revenue depending upon the company and length of disruption. DDoS attacks are on the rise, increasing 23% in the first quarter of 2016, according to the Q1 2016 State of the Internet/Security Report by Akamai Technologies.

Cyber hacking – is anyone safe?

WannaCry ransomware software has been affecting individuals and businesses across the globe, reportedly hitting over 200,000 computers in 150 countries. In the UK, NHS Trusts are among the most high profile targets, but the impact is much wider.  The user is told they have three days to pay the ransom before it doubles, and seven days in total, before the files become unrecoverable.

What can SMEs do to protect themselves from this risk?

Assess the risks to your organisation’s information and systems with the same vigour you would for legal, regulatory, financial or operational risks. To achieve this, embed a Risk Management Regime across your organisation, supported by the Board and senior managers.

  • Ensure your company’s operating system and patch software is up to date.
  • Ensure you are using commercially licensed firewalls and anti-virus software.
  • Think before opening any unexpected emails and do not open attachments unless you are certain of the contents.
  • Back up – if you recover your files from a backup, you cannot be held to ransom for those files.
  • Staff training to ensure your colleagues are well informed and understand what practical steps to take to the lessen the risk. Unfortunately, human error
    remains the weakest link in an organisation’s defences.
  • Produce relevant policies and establish anti-malware defences across your organisation.
  • Ensure you review your insurance annually and work with the experts to identify the risks to your business and ensure you have appropriate cover in place.