Protecting yourself and your business from cyber criminals is a huge challenge that is constantly evolving, writes Air IT, an IT services provider. There are steps you can take to protect yourself and stay ahead.
Inevitably, the role of the web in running a business is also increasing, giving criminals more potential targets. According to 2017’s Cyber Security breaches survey, 85pc of businesses now have websites, 59pc have social media pages and 61pc hold personal customer data electronically – the scope for attacks is therefore wider than ever before.
1. The password problem
Guessing passwords is another incredibly common way attackers can gain access to your business.
Password cracking software can be used to go through all the words in the dictionary and any common combinations. It can run through thousands of combinations in seconds, which means even if you only disclose partial information you’ll make their job easier.
How to protect yourself
Your passwords should use a combination of letters, numbers and symbols, which don’t make up a word, or use an obvious date like a birthday. A good way to set a strong password is a line from a song or poem that is very personal to you. Make sure you change the default password you get for any system and don’t allow multiple login attempts – no more than three.
2. The role of Ransomware
High profile cyber attacks, like those on the NHS brought ransomware to the attention of the mainstream. Such attacks either completely lock users out of their computers, or encrypt their information, and will only grant access once a payment is made to the attacker. For the attackers to gain access to your system, someone usually needs to download an infected attachment, or click on a link.
How to protect yourself
Protecting against these sorts of attacks all comes down to education. Employees need to be taught to be wary about suspicious emails and never click on a link that looks out the ordinary. Unfortunately, you can never guarantee to avoid an attack, so it’s important to back up your data. This means you won’t have to experience significant downtime, which can affect your business operations.
3. Looks “Phishy”?
Phishing attacks send out emails designed to trick the sender into revealing sensitive information, such as passwords or personal details. Criminals then use these details for further crimes, like identity theft. Fraudulent emails are the most common type of attack experienced by businesses in the UK.
How to protect yourself
Employees need to be educated about the risk of sharing sensitive information online. Rather than calling the phone number given in such emails, or clicking the web address, it is best to find out such information yourself to ensure it is legitimate.
4. Malicious malware
Malware is an umbrella term for several types of attacks including viruses, worms and trojans. Viruses can be sent via emails, or automatically downloaded when you visit an unsecure website. They replicate themselves and spread through computer networks where they cause damage to files, or even allow criminals to access your computer.
Worms exploit security vulnerabilities in operating systems and can give attackers the ability to remotely control your computer. They can do this to several computers, which they then use to create a network to carry out further attacks like distributed denial-of-service attacks. DDOS attacks are used to overwhelm websites and cause them to crash. You may not know you’ve been infected with a worm or virus until your computer begins to slow down, or programmes start to crash repeatedly. You can also be unwittingly infected by trojans which infect your computer by getting you to download software which appears to be legitimate.
How to protect yourself
Installing security updates and patches to operating systems and software is crucial to remaining protected from such attacks. Firewalls and anti-virus software can also be used to prevent criminals from infecting your computer. If you’re unsure about a website, look for the HTTPS letters at the start of the URL, which indicates it meets certain security standards.
5. Specific targets
Unlike other attacks which are more random, whaling or CEO fraud is designed to hit specific companies. The cyber criminals will spend time researching their victim and gathering information they can easily find online. They use the information to impersonate senior executives at companies and send out emails in their name. They’ll then ask for large sums of money, or sensitive information.
How to protect yourself
Intelligent email security can be used to check if emails are from a genuine source. Employees also need to learn to look out for tell-tale signs an email may not be genuine, such as a slight alteration in the format of the email address. Hackers sometimes simply add an extra symbol or letter to the real email address.
Sensitive requests should also be verified via another channel before they are authorised. Simply calling the email’s sender to confirm the request is enough to identify such attacks and prevent huge losses to your business.
Overall…
Anti-viral software, firewalls and backing up data are just some of the fundamental security measures you need in place. It’s best to have several layers of cyber security, which use a number of methods to protect your business. In many cases, humans are the weakest link, so you can achieve a lot by training staff in cyber security.
