Fighting cybercrime is a bit like fighting a many headed hydra! Chop off one threat, and another springs up rapidly in its place. But there are ways to mitigate the risks of a cyber attack. This week, we look at three areas of risk for small businesses, and how simple expediency can reduce the likelihood of crippling cybercrime.
Cybercrime has been heavily on the radar for businesses in the last year. Cybercriminals are constantly looking for new ways exploit a businesses vulnerabilities. The many attacks over the last year show that, whilst security specialists can do their best – releasing new patches and protocols etc. – there are continuing problems with many small business IT systems that allow attacks to take place.
At Wood ITC we regularly come across the same cybersecurity issues that businesses are failing to address.
We’ve talked before about the WannaCry attack in May last year. The main reason the attack was so dangerous was that many NHS systems were running Windows XP.
Microsoft stopped supporting Windows XP in April 2014. Any business still using an outdated and unsupported operating system is highly vulnerable to an attack, as there will be no new updates or patches to protect them.
It’s very much easier for hackers to find vulnerabilities in older operating systems that lack any support and protection. When a new threat is discovered, the large software companies, such as Microsoft, Apple, IBM, CISCO etc. release specific updates (known as patches) to counter the threats. Which is why it is so important to update your software regularly with the latest versions to keep the hackers out.
Many businesses put together a cyber security protocol, but fail to review it for the next few years. With cyber threats moving at pace, it’s very easy to fall behind quickly.
Unfortunately, one of the most common causes of data breaches and cyber attacks is still the humble password. Passwords have been in use for protecting systems since computers first began. And some people haven’t changed their password since that time. Weak and vulnerable passwords, which are never changed are an easy target for experienced hackers and give cybercriminals easy access to our devices, data and networks.
Despite this, many people stick to easily discovered passwords, such as their name, the name of their child, or in several cases we have seen, simply – PASSWORD!
This might have seemed like a clever ploy in 1997, but it didn’t fool hackers then and certainly doesn’t now.
It’s important to make sure all staff keep up to date on the company cyber security policies, which should include the regular changing of passwords.
One workplace trend that is gaining considerable popularity is Bring Your Own Device (BYOD). The average employee now uses several devices to complete their work, including, smartphones, laptops, desktop computers etc. BYOD policies have help companies to reduce their costs and also help employees to work more flexibly.
However, each personal device an employee uses introduces a security threat if it’s not managed correctly. And small businesses have no BYOD policy at all.
The danger arises because smartphones and tablets tend to be less secure than desktop computers that have pre-installed security software.
Cybercriminals routinely target these devices, including using specific malware that is tailored for mobile devices. The answer is to have a clear and comprehensive BYOD policy in place and make sure that staff adhere to it.
Employees today appreciate the ability to work from home or to collaborate on documents during their commute. In addition, staff on the road want to have access to company files and systems, such as CRM etc.
The result is that businesses need the technology to enable this kind of working, such as mobile devices, collaboration tools and cloud computing infrastructure.
Problems arise with these new ways of working when businesses have no control over which networks their employees are accessing. Public networks, such as a coffee shop or hotel WiFi can be vulnerable and are often targeted by cyber criminals. Hackers can attempt to access a worker’s phone or laptop through the network, meaning that company data and systems are compromised.
Small business owners are usually very busy and their main priorities are, making sales and paying staff. Taking the necessary action to protect against cyber attacks is usually lower on the list, and often never gets completed, either because the responsible party thinks it can wait until later or because it doesn’t appear to be a pressing business priority. Unfortunately, the stats suggest otherwise, which makes inaction and complacency the biggest area of risk for cybercrime.
It’s vital that small businesses treat cyber security as a top priority. By taking the time to deal with cyber risks appropriately, businesses will not only protect an important asset – their data – but they will also be able to deliver better peace of mind for their customers, who can rest assured that their data is safe as well.
For a complete IT Security Audit of your business systems, contact Wood ITC today.