They are coming to get you!

Jan 17 | 2017

At The Movers and Storers Show in November, Dan Brown from MoveMan explained how cyber crime can disrupt your business, and what you can do about it.

Dan said there are a number of ways the criminals can get to you.

* Phishing: is an e-mail sent to a random e-mail address purporting to be from a reputable company to try and get individuals to reveal personal information such as passwords, credit card numbers, etc.

* Spear phishing: is a more targeted form of phishing where an e-mail is designed to appear to come from someone the recipient knows and trusts, for example a colleague, business manager or human resources department, and can include a subject line or content that is specifically tailored to the victim’s known interests or industry.

* DoS attack: DoS is short for denial-of-service and is where the perpetrator tries to make a machine or network unavailable. This is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some, or all, legitimate requests from being fulfilled.

* Ransomeware: is a type of malicious software that’s designed to lock a user out of their computer. A fee is then demanded before access is returned.

* Malware: This is software that is specifically designed to disrupt or damage a computer system.

Dan said that it is important to try to protect yourself and offered some suggestions as to the best ways of doing that.

Educating staff about the hazards of cyber crime is very important. “For example, not to open e-mails from an unknown or suspicious source and if they do, not to open any attachments,” he said. A common example is an e-mail with the attachment of a PDF invoice. “The same applies for links, these should not be clicked on.” Dan said that a good check is to hover the curser over a link to see if what’s written in the e-mail actually matches the destination link shown when you’re hovering over it.

“Make sure your WiFi is secure,” said Dan. “Potentially, anyone that can access your WiFi has access to your data so ensure any WiFi connection is password protected.” Dan gave the example of someone moving into a new block of flats who gained access to several of the neighbours’ routers that weren’t secure and changed the passwords so the owners could no longer access them.

Software should be updated regularly. “You should ensure that all operating systems and software are kept current by applying the latest software updates and patches, and that antivirus software definitions are kept up to date,” he said. “Microsoft is a particular target for hackers.”

Your company should have a strong password policy so that all passwords used contain a mixture of uppercase letters, lowercase letters, numbers and characters. “Also don’t use generic company e-mail addresses such as info@xxx or enquiries@xxx as these are easily guessed.”

Backups should be kept and tested regularly. “Restores should be tested: there is no point in having a backup if you can’t use it. And if you use cloud services, ask your provider how they protect your data and ask them about their backup and restore policies.”

You should have firm policies in place to detail what to do in the event of a cyber attack. Work out how long, if you are unfortunate enough to be targeted, your business could survive if it was brought to a halt. “The longer a cyber attack takes to resolve, the more costly it is.”

Finally, Dan suggested that you should consider obtaining ISO 27001 - the international Standard that describes best practice for an information security management system (ISMS). This accreditation demonstrates to your customers that you are following information security best practices and working to protect yourself, and therefore their data, from attack.

Cyber crime and the small business

The Federation of Small Businesses (FSB) believes that small firms are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy. Its report suggests smaller firms are collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.

Click here to see the next Editor's Pick