[BreachExchange] How to protect your business from cyber-attack
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Mar 17 15:48:51 EDT 2017
https://www.standardmedia.co.ke/business/article/2001233062/how-to-protect-
your-business-from-cyber-attack
The digital age, which brought the world ever closer to trade, innovation
and accountability, has also brought new and dangerous cyber threats that
do not recognise borders and cost businesses as much as US$525 billion
every single year, according to UK officials. SMEs are not immune to cyber
security attacks; any data loss or incident could have a devastating impact
on the business operations and company’s reputation.
There is a common misconception that SMEs are not the target for hackers
because of their smaller size and lack of relevant data. However, any
information stored on your computer might be interesting to criminals. All
business should be prepared for the five most common attacks; an awareness
and basic understanding of these threats in the cyber world will help
companies protect their digital assets.
Phishing
This is an attempt to gain sensitive information while posing as a
trustworthy contact; like a bank or on-line service. Phishing emails may
look very convincing, with faultless wording and logos.
It is important to remember that genuine companies simply do not ask for
sensitive information so staying alert to unexpected emails and training of
staff are key. Anti-virus software and having spam filters turned on are
also vital.
Ransomware
This form of malware attempts to encrypt the data and then extort a ransom
to release an unlock code. Notable examples include: Locky, CryptoLocker
and KeRanger that are particularly prevalent at the current time. Most
ransomware is delivered via malicious emails.
Businesses should train their staff to ensure they are wary of unsolicited
emails, particularly those that ask for an immediate response as these
prompt employees to reply without giving it much thought. Malware
protection, software updates, data backups and spreading data across
different locations are also helpful; though management of a large number
of IT systems can be costly and time consuming.
Insider threat
The potential damage from a deliberate or careless leaking of documents by
staff should not be overlooked. Limiting how much data employees have
access to is a key step to mitigating the size of any data leak. It is also
important to consider controlling the use of portable storage devices (e.g.
USB memory keys), portable hard drives and media players. In certain
circumstances, businesses can also consider the monitoring of staff
behaviour online.
The most important thing is to get the basics right. Up to 80% of security
breaches can be prevented by having basic cyber security hygiene in place.
Everybody with access to any business critical data must be vigilant, as
attacks often happen through the extended supply chain, through digital
channels, or through staff. Therefore, cyber risks must be considered, and
skills improved, across the entire business and the economy more broadly.
Hacking
Apart from trying to gain access to bank account information, credit card
databases or intellectual property, hackers have been targeting
“downstream” businesses in an attempt to gain valuable information. This
secondary data could provide an insight into the operations of the primary
target.
It may not be possible to gain direct access to a company’s systems; it
might however be easier to get useful information from their suppliers.
Gaining access to a legal company, for example, can provide details of
participants in mergers or acquisitions. The truth is that almost all
information is valuable to someone.
The primary methods to protect the business are network firewalls, data
access security, and user awareness.
Data leakage
The nature of portable storage devices, such as smartphones, means they
become targets for data thieves. Ensuring that mobile devices have pass
code locks, turning on the tracking by GPS and the option to remotely wipe
the device if lost could protect the data from being stolen. The use of
encryption software is also highly recommended when using portable storage
devices.
Keep an eye on your mobile devices and paperwork at all times. A large
proportion of crime is opportunistic; taking your eye off your briefcase or
smart device could result in a serious data loss.
In all these areas it is key to remember that alongside technology,
well-developed processes, procedures and staff training go a long way to
protecting your valuable data. For example, if someone leaves your
employment, make sure you remove their access. The reality today is that
you should protect your digital assets with the same vigilance as you do
when locking your office door at the end of the day.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170317/319a5cf6/attachment.html>
More information about the BreachExchange
mailing list