Do you do business in your region? Sign up to our daily bulletin to keep up-to-date.
Bdaily QOTM: What is cybercrime and how can I keep my business digitally safe?
Posted by Jamie Hardesty on 28 Apr 2017
Good morning Bdaily readers! I trust you’ve had a happy and relaxing Easter.
To kickstart the week (and to give you something extra to complement your fifth morning coffee after a four day weekend), we’re pleased to introduce a new feature to your morning bulletin - the Bdaily Question of the Month.
With our daily reports covering a vast array of business themes and topics, we’re often emailed by readers curious to know more about niche subjects and controversial issues.
In a longer Bdaily read, we begin the series by tackling the important - yet often misunderstood and avoided - issue of cybercrime.
We’ve all heard the term, but what is it exactly? And, perhaps more pertinently, how can you ensure your business is more vigilant in the face of persistent cyber and fraud threats?
Types of cyber fraud
While digital capabilities continue to evolve around us, unfortunately so too do the techniques of fraudsters attempting to hack IT systems to steal money and data.
Cyber-enabled fraud attacks are on the up in the UK and it’s a tricky issue for authorities to clamp down on when criminals can easily hide their identities. Often, this is exacerbated by businesses which don’t take cyber threat seriously enough.
Martin Wilson, from the North East Regional Cyber Crime Unit, believes that approximately 80% of reported cyber-attacks in the region of late could have been defended against simply by raising businesses’ awareness of some of the tactics currently being used by cyber fraudsters in the North East.
UK businesses were subjected to almost 43,000 cyber attacks each, on average, in the first quarter of 2017, according to a report from business ISP Beaming.
So what types of cyber attacks should you know about?
Ransomware is a type of malicious software (malware) that severely restricts access to a computer, device or file until a ransom is paid by the user. It has the ability to lock a computer screen or encrypt files with a password, often using strong encryption.
Cyber Extortion is a crime that occurs when a fraudster threatens a victim or makes demands online. Threats will vary but have previously included leaking confidential client data to the internet or posting thousands of defamatory comments about your business on a review site causing reputational damage.
This is where a fraudster sends an email or letter, which appears to have been sent by a known supplier, asking for future payments to be made into a new account number.
CEO fraud is the name given to the scam where fraudsters hack into or imitate the email account of a senior person within your business. They will send an email to an employee asking for an urgent and often highly confidential payment to be made.
In phishing, fraudsters attempt to dupe victims into divulging passwords or other confidential information either via email or during a phone call. This scam might have been around for some time, but we still hear of businesses in the North East being tricked into giving away their online banking passwords and payment authorisation codes by persuasive fraudsters on the phone.
So how important is all of this exactly, you ask! The short answer is - very.
Andy Herrington, Head of Cyber Professional Services, UK and Ireland at Fujitsu, emphasises just how business defining cyber threat has been known to be.
He tells us: “It should come as no surprise that cyber-attacks directly correlate to negative impacts on a company’s shareholder value. It’s been clear for many years that attacks would have severe financial and reputational repercussions.
“Most recently Verizon’s offer for Yahoo was reported to have been lowered by circa $350m in the wake of two large breaches at the internet firm.
“The analysis that global investors have lost at least £42bn should provide firms with additional business justification and impetus to invest in prudent and effective security improvement: In today’s digital economy, every business has a target on its back as data is the currency of digital.”
“It’s vital that organisations take a holistic and proactive approach aligned to their business objectives."
Fortunately, there are some simple steps that your businesses can take to address these risks and stay safe online.
We urge you to take the following points into consideration:
1. Ensure you have good quality anti-virus software with the latest version installed and updated regularly.
2. Carry out operating system updates as soon as they become available.
3. Educate your users to make them aware of the risks associated with allowing malware on to a system.
4. Regular back-ups! This ensures that your most important files are copied and potentially held off-site. This will allow machines and systems to be restored in the event of infection.
5. Be vigilant about clicking on malicious links in email or opening malicious attachments.
6. Be aware that some social networking sites and other untrustworthy websites could be hosting ransomware.
7. Be vigilant about your use of removable media such as USB drives or other removable media devices, all of which could also be used to host malware.
8. Never disclose security details such as your PIN or full banking password.
9. Finally, consistently question what you’re doing and work towards attaining a more challenged mindset.
Ask most cyber fraud experts and they’ll tell you that the biggest problem in the industry is businesses being ignorant to the topic. We hope this article has helped to increase your awareness of the issue and that you can take a proactive approach to cyber crime moving forward.
To get involved with Bdaily’s QOTM, feel free to drop me a line at email@example.com and share your query. I’m on annual leave for the forthcoming 3 weeks although I’ll endeavour to return submissions upon my return.