Procurement 30 March 2016

Fraud lessons: Keeping the hackers out

Keeping hackers out
Determined hackers will stop at nothing to get what they want
Writing for Business Advice, Network ROI’s Sean Elliot explains what micro firm owners need to know in order to protect their company from a security breach.

Cybercrime looks set to become one of the biggest threats to small businesses in 2016. Worryingly, a recent report carried out by the National Security Council classified cybercrime as a tier one? threat to national security, alongside terrorism and international conflict.

The proliferation of superfast connectivity and a rapidly growing inventory of devices has brought us closer together, delivering a multitude of commercial benefits including flexible working and productivity on the move. On the flip side, however, the introduction of these incredible new technologies into the working environment also creates opportunities for a more sinister breed of modern entrepreneur: the cyber criminal.

Managed service providers protect businesses from outside threats using advanced tools, skilled engineers and sophisticated software to mitigate such risks, but determined hackers will stop at nothing to get what they want. I have outlined some of the online security challenges organisations may face in the coming months.

Social Engineering

We are hearing the phrase “social engineering” a lot this year already. Put simply, social engineering is a form of manipulation used by criminals to gain access to sensitive data, user credentials and company finances.

Social engineering usually involves a phone call or email that appears to be from a colleague, often the managing director seeking login credentials, bank account details or to facilitate the urgent transfer of substantial sums of money to a supplier or customer.

Criminals research? their victims using social media platforms such as LinkedIn and Facebook, which help them to connect work colleagues, gather names and collect relationship information.

Calls are usually informal, addressing individuals by their first name. The same goes for emails, which will often be branded with the company logo and contact details, making them difficult to spot.


Another successful tactic employed by online criminals this year is ransomware. This type of threat typically arrives in the form of an infected email attachment (usually a Word document) that, once clicked, will shut down a user’s computer and encrypt program files, rendering the machine useless. A ransom message will then appear on the screen demanding payment in return for a decryption key.

Criminals will often use social engineering tactics that can lend a degree of credibility to attacks, making ransomware a quick and easy source of income for hackers. Ransomware can be devastating for business, especially if you don’t have a regular backup schedule. If this is the case, I would suggest investigating managed backup options at the very least.

The Internet of Things (IoT)

The Internet of Things is a network of intelligent and connected devices and sensors that capture, store and share data designed to improve the quality of life for the user. The IoT is an exciting development that allows us to control parts of our home, work and leisure remotely, saving money and promoting healthier lifestyles.

However, manufacturers of the devices and apps that make the IoT work are working to tight schedules in a very competitive and fast-moving market, meaning security isn’t always top of their agenda. These products should be carefully managed to reduce the risk of introducing harmful malware onto the network.

Wearable technology

We have seen more smartwatches and fitness bands in the work environment in the early part of this year. A trend that is set to continue well into the next few years as performance, adoption rates and affordability increase. Introducing more devices into the work environment creates a larger attack surface for online criminals to exploit.


Legal Advice