Today’s hackers are more innovative and daring than ever before. For instance, fraud, email phishing, fake news and more, have been used by cyber criminals, exploiting the COVID-19 pandemic to steal and spread dangerous malware.
In this increasingly complex cyber world, there are, however, some basic tips to ensure you have the foundations set to avoid costly scams and sanitise your digital footprint.
Back to basics
When it comes to cyber-crime, remember that we are dealing with criminals. Not the usual sort who end up with their faces in the news, but the kind who hide behind lines of code and a computer screen. These criminals are aiming to extort, steal, damage and expose, and they aren’t slowing down. Comparatively, they are ramping up.
That’s because cyber-crime is a lucrative business. There are plenty of easy opportunities for them to exploit and take advantage of. For instance, weak passwords that are easy to crack. The opening of scam emails and clicking of malicious links. What’s clear is that, despite the risks, there are still many gaping holes in business defences. So it’s time to reinforce the basics.
Getting the basics wrong
Let’s go back to the infamous global WannaCry ransomware attack from 2017, which took down a wide range of organisations, including the NHS, and is a good example of what can happen when you fail to get the basics right.
The malicious software targeted vulnerable Windows computers, encrypting the files on the computer’s hard drive and demanding a ransom payment in bitcoin in order to decrypt them and get access back to the files. Simple procedures, such as software updates and patching, could have better prevented the spread of WannaCry.
WannaCry was a wake-up call for the need for better basic cyber security, but, unfortunately, millions of unpatched devices are still prevalent around the world.
Here are five simple, but sometimes forgotten, basic cyber security tips you can improve right now to reduce the risk of cyber crime:
1. Software updates patching
As mentioned above, the NHS outage from WannaCry was the result of unpatched software. It should be a business priority to ensure all operating systems and applications are patched and updated on a regular basis. The sooner this happens, the sooner any vulnerabilities are locked down.
2. Proactive, not reactive
Reacting to a cyber breach is normally too late. Therefore, a proactive approach to cyber security is required so when a breach does happen, you are ready for it. Get this wrong and you could face hefty regulatory fines, as well as a further loss of data. At the very least, make sure your business has a process in place for when a breach occurs, and don’t forget to inform the regulator.
3. Educating the workforce
Many people incorrectly assume cyber security is just a technology problem. It isn’t. You can spend as much money as you want on state-of-the-art technology, but you still won’t be fully safe. And that’s because people are the problem. People present easy access to your network. And people are easy to manipulate.
So, you can have all the technology and processes in place to think you are safe from hackers, but it’s the triangle of people, processes and technology which is the Holy Grail. If your people aren’t aware of the risks, then technology alone won’t save you.
4. Risk management process
If your business handles personal data, make sure you have a plan in place. A risk management process, which is regularly updated, is important to stay on top of the latest threats and minimise, or even avoid, the impact of them.
5. Protect your emails
Your inbox presents the easiest target for hackers. Phishing is the most common kind of cyber-attack, and it still has a massive success rate. So, if in doubt about the legitimacy of an email, don’t open any link or attachment. Some businesses have an email security solution which checks received emails for malicious content, but that’s not fool proof so you need to be aware of what to look out for. Ensure everyone in your business is aware of the dangers of opening malicious emails.
These five basic steps don’t make you bulletproof to cyber-crime, but they do ensure you’ll reduce your risk landscape. Failing to address these cyber prevention steps will present opportunities for the bad guys to take advantage of. If there is a weakness, you should expect cyber criminals to find it.