Procurement 30 March 2016

Fraud lessons: Keeping the hackers out

Keeping hackers out
Determined hackers will stop at nothing to get what they want

Writing for Business Advice, Network ROI’s Sean Elliot explains what micro firm owners need to know in order to protect their company from a security breach.

Cybercrime looks set to become one of the biggest threats to small businesses in 2016. Worryingly, a recent report carried out by the National Security Council classified cybercrime as a “tier one” threat to national security, alongside terrorism and international conflict.

The proliferation of superfast connectivity and a rapidly growing inventory of devices has brought us closer together, delivering a multitude of commercial benefits including flexible working and productivity on the move. On the flip side, however, the introduction of these incredible new technologies into the working environment also creates opportunities for a more sinister breed of modern entrepreneur: the cyber criminal.

Managed service providers protect businesses from outside threats using advanced tools, skilled engineers and sophisticated software to mitigate such risks, but determined hackers will stop at nothing to get what they want. I have outlined some of the online security challenges organisations may face in the coming months.

Social Engineering

We are hearing the phrase “social engineering” a lot this year already. Put simply, social engineering is a form of manipulation used by criminals to gain access to sensitive data, user credentials and company finances.

Social engineering usually involves a phone call or email that appears to be from a colleague, often the managing director seeking login credentials, bank account details or to facilitate the urgent transfer of substantial sums of money to a supplier or customer.

Criminals “research” their victims using social media platforms such as LinkedIn and Facebook, which help them to connect work colleagues, gather names and collect relationship information.

Calls are usually informal, addressing individuals by their first name. The same goes for emails, which will often be branded with the company logo and contact details, making them difficult to spot.

Ransomware

Another successful tactic employed by online criminals this year is ransomware. This type of threat typically arrives in the form of an infected email attachment (usually a Word document) that, once clicked, will shut down a user’s computer and encrypt program files, rendering the machine useless. A ransom message will then appear on the screen demanding payment in return for a decryption key.

Criminals will often use social engineering tactics that can lend a degree of credibility to attacks, making ransomware a quick and easy source of income for hackers. Ransomware can be devastating for business, especially if you don’t have a regular backup schedule. If this is the case, I would suggest investigating managed backup options at the very least.

The Internet of Things (IoT)

The Internet of Things is a network of intelligent and connected devices and sensors that capture, store and share data designed to improve the quality of life for the user. The IoT is an exciting development that allows us to control parts of our home, work and leisure remotely, saving money and promoting healthier lifestyles.

However, manufacturers of the devices and apps that make the IoT work are working to tight schedules in a very competitive and fast-moving market, meaning security isn’t always top of their agenda. These products should be carefully managed to reduce the risk of introducing harmful malware onto the network.

Wearable technology

We have seen more smartwatches and fitness bands in the work environment in the early part of this year. A trend that is set to continue well into the next few years as performance, adoption rates and affordability increase. Introducing more devices into the work environment creates a larger attack surface for online criminals to exploit.

Wearables are a potential source of pain for your IT department, with the number of devices set to explode over the coming months and years. Keep personal wearables off your dedicated company network to reduce risk in the first instance and make your team aware of the risks these devices can pose.

Keeping your business information safe

Unfortunately, the biggest cyber security trend to expect in 2016 is the role played by staff and colleagues. A cyber security index produced by IBM suggests that human error is responsible for up to 95 per cent of all cases of cyber crime. With this in mind, you need to invest in training and education programmes to ensure every team member is alert to possible threats and prepared to deal with them as they occur.

Developing company policies such as onboarding and offboarding, as well as risk frameworks such as ISO 27001 within your business, will help to raise awareness of specific threats and improve methods of communication internally and externally to manage the risk and beat the hackers.

Finally, it is important to collaborate closely with your outsourced IT partner – it is much more cost-effective and efficient to avoid a catastrophic security event than manage the aftermath of one.

Sean Elliot is the founder and managing director of NetworkROI, a business IT services company

To discover how one small business owner is fighting fraud on a daily basis, check out the previous article in our fraud series.

Sign up to our newsletter to get the latest from Business Advice.


 
TAGS:

Q&A

If you’ve found the article above useful, but have a more detailed and bespoke question, then please feel free to submit a query to our expert. We at Business Advice will get in contact with them on your behalf and arrange for a personalised response. These questions and answers will then be collated on the site for any other readers who have similar queries.

Ask a question

On the up