Cyber crime: Is Your Business Protected?
In opinion / By Mark Flynn / 26 June 2018
This week’s news has been dominated by cybersecurity and we learnt that cybercrime is a booming business, your biggest security threat is your people and why outsourcing your IT is an important consideration because security is too big a moving target for you to keep on top of.
I’d like to start by sharing what I think is an incredible statistic. This year the global cybercrime economy generated $1.5Tn, if it was a country it would have the 13th highest GDP in the world.
Moving on, without a shadow of a doubt the biggest risk to your business is your people. They are either stealing your data or falling foul of the latest fraudulent phishing email.
The facts are 63% of employees leaving your business will steal your data and 90% (yes 90%!) of successful cyber-attacks start with a phishing email.
So the big question is what are you going to do to stop your business becoming a victim of these security concerns?
My recommendations are put employee cybersecurity awareness training top of your list. Make sure everyone has at least a basic understanding of the security do’s and don’ts and secondly introduce products such as Microsoft EMS to stop rogue employees emailing your entire CRM database to their personal Gmail account or copying your company secrets to their Dropbox accounts.
Something else you must check and/or challenge is to make sure all your servers and data are being backed up, don't just assume your IT department or IT partner is doing them. Backups help stop issues such as ransomware destroying data and having backups in place will enable you to recover post attack. You might think it’s a no-brainer and a waste of space in this article but I recently came across a recruitment organisation that incorrectly assumed their IT partner was backing up their data, they quickly found out that when they got hit by a ransomware attack they had no way to recover their CRM data.
I talked recently about the Banking industry taking on an increasingly battlefield mindset to fight cybercrime and it is great to see Microsoft following suit in their fight against cybercrime by creating their own digital crimes unit with over 30 offices worldwide. By using the latest in technology, they hope to enhance the security features found in Microsoft products to beat threats to your cybersecurity before they have a chance to attack your systems.
That’s not the only help you could be receiving soon. Infosec Europe just had its conference and the big talking point this year was the use of AI in cybersecurity. By monitoring employees use of the digital workspace, AI can get a picture of their regular habits and then if they are hacked they can detect it by observing strange behaviour from that account.
AI can also look for gaps in your cybersecurity defences and help to bring attention to them. By figuring out these weaknesses ahead of time you can minimise the risk of being hacked.
As we all embrace the cloud with its flexible modern way of working it is important to remain absolutely vigilant with regards to cybersecurity. To be safe working and collaborating in the cloud it is important to adopt these four critical measures:
Use Two Factor authentication to challenge your mobile users to prove who they say they are, we do it every day in online banking and every business must do exactly the same
Make sure all laptop hard disks are encrypted – so if your laptop does get stolen they will not be able to pull data off your machine
Implement remote wipe on all smartphones – so if you do leave your smartphone in the pub you will be able to get all company email and data wiped from it
Adopt Single sign-on - to tighten up password complexity, improve starter/leaver processes and improve user productivity
Another way you could improve your cyber security is by outsourcing your IT to a managed IT specialist. The biggest advantage of a managed IT service is the 24/7 monitoring of your systems. The average cybercrime breech is only noticed by a company roughly 200 days after the hack took place. By constantly monitoring your systems, hacks can be noticed in progress and then stopped before they can do any real damage.