[BreachExchange] How cybercrime has changed business processes

Destry Winant destry at riskbasedsecurity.com
Tue Oct 23 22:06:26 EDT 2018


http://www.fluxmagazine.com/cybercrime-business-processes/

Cybercrime is, unfortunately, on the rise. Most people have heard of
commonscams such as phishing emails, of course, and high-profile hacks
such as the icloud celebrity photo leak of 2014 and the NHS ransomware
attack certainly hit the headlines.

However, with business cybercrime rates skyrocketing to nearly five
million incidents a year, it’s clear that it’s not just major
institutions or Hollywood stars who are at risk. A large-scale threat
is developing in this space – and businesses will need to shift their
priorities and processes in order to deal with the problem swiftly and
effectively.

It’s vital, then, that business leaders face up to their
responsibilities when it comes to keeping their staff, assets and kit
safe from cybercrime. From staff education sessions to hiring an
expert to carry out an audit, businesses are having to make all kinds
of changes in order to stay ahead of the curve. This article will
explain what exact cybersecurity processes businesses are undertaking
– and what effects they’re having.

Staff education

The first place to start when it comes to cybersecurity is prevention.
For businesses that employ staff, training them up with the skills
needed to avoid exposing the firm to cybercrime is key. Teaching staff
how to avoid phishing scams and ransomware attacks is now quite
common. It’s especially important in industries such as financial
services where major transactions take place, and businesses in this
field are increasingly directing relevant resources towards their
employees. Junior staff can learn how to avoid scams and begin to
trade with forexfraud.com, while in-person training events run by
cybercrime experts are often held in workplaces to demonstrate what to
do – and what not to do.

Software and back-ups

According to the UK government, 80% of cybercrime is actually
completely preventable – meaning that the ball’s partly in the
business’s court when it comes to preventing these kinds of problems.
Many businesses therefore make the decision to invest in cybersecurity
software such as firewalls. Encryption software is also something used
by many businesses: this “scrambles” sensitive data until it is opened
with a designated virtual key, so it’s not as vulnerable as a
traditional username and password setup. If your staff members use
cloud-based office software such as Google Drive, then two-factor
authentication is a must.

Backing up data is also vital. In some cases, hacks can erase all of a
firm’s files either during the hack itself or as part of the clean-up
process. In the event that a ransomware attack occurs, say, you might
be told that your data is being held captive by the hacker until you
pay a certain fee. However, if you have your data protected already,
then it won’t be an issue: you’ll be able to ignore the demands, and
simply reinstate your latest back-up. Whatever the reason, though,
having effective back-up processes in place is now essential. If you
lost all of your invoices and client data, say, then you may soon find
yourself losing both your reputation and customers.

Look after devices

Earlier this year, it was revealed that those working for the UK
government had managed to lose over 600 devicesbetween them in the
last few years – leading to serious criticism. This kind of incident
exposes your business to significant risk – if a cybercriminal was to
find an unprotected device in a public place, then the opportunity
would be too good to miss. One of the worst aspects of this kind of
incident, though, is the fact that it paints your organisation as
reckless. Even if no cybercrime occurs as a result of losing a device,
a reputational problem will be inevitable if it becomes public.

Back to pens and paper

For some firms, however, the key lies in moving away from technology
to some extent. That way, of course, data is never entered onto a
computer system to begin with – so it isn’t vulnerable to hacking at
all. This doesn’t have to be a wholehearted move, and can simply be a
way to prevent putting all your eggs in one digital basket: it may be
worth considering asking staff to take meeting notes with pens and
paper, for example, to reduce the amount of exposure that your
business has to cybercrime.

Battling cybercrime isn’t easy – especially if you’re a business with
a reputation and employees to protect. However, there are some common
steps that many business leaders choose to take in order to protect
their firms from harm. Whether it’s staff education programmes or
simply anti-hacking software designed to protect networks from
problems, there are all sorts of ways that a business can ensure that
it doesn’t fall victim.


More information about the BreachExchange mailing list