Sunday July 1, 2018

Advice for businesses at risk of cyber breach

The climb of cybercrime

It goes without saying that, in the digital age, businesses are undoubtedly becoming more exposed to cybercrime. Research shows that almost half of UK firms were exposed to online fraudsters in the last year alone.

These hacks are costing the global economy over £4.3 billion – a figure that is prompting management teams to review their security measures. A recent study by tech retailer Ebuyer identifies Essex as the county most at risk to cyber fraud in the whole of the UK, so management teams based here need to be extra vigilant.

With more and more data – from financial records to customer information – being stored on cloud systems and internal servers, it gives criminals a platform to cause serious damage to businesses, and so it is essential that firms implement processes to best safeguard against potential threats. Ultimately, firms need to put robust plans in place to avoid threatening activity that may leave the business in an unfortunate and distressing situation.

The cyber scandals

Over the last few years, the media has been littered with news of big brands falling victim to online ploys, which have resulted in heavy reputational and financial losses. The TalkTalk scandal of 2016, where a hacker accessed the personal details of over 150,000 customers and sensitive financial data of over 15,000, resulted in losses of 100,000 customers because of the business’s failure to deploy security processes to keep information confidential. More recently, the ride hailing firm Uber had reportedly leaked the personal information of 57 million customers and drivers, which was subsequently concealed by the business until the story was unearthed last year.

It’s often assumed that firms of this scale would have the infrastructure in place to safeguard from threats like this. The reality is, often businesses don’t. So many firms, both large and small, have gaps in their software which can give hackers a route into their systems. Business owners should remember that prevention is better than cure, and while investing in online security measures may incur an upfront cost, it’s worth doing in the long-run.

Decoding the forms of online attacks

There is myriad methods hackers can deploy to access a business’ server, data or other internal platforms. The surge in recent years is, in part, attributed to the fact that more businesses are moving data, information and financial details to online platforms and cloud systems. As a starting point, businesses should seek advice from professionals to ensure they are familiar with cyber fraud strategies. This can help to uncover gaps in internal systems which may be subject to a cyber breach.

FRP has a wealth of experience in implementing cyber-security and fraud prevention measures, supporting those who have fallen victim to an attack. It’s important to act early and remember help is on hand to navigate these difficult times – with our support we can help guide a business back to financial health.

Clients and suppliers should also feel assured that FRP has attained a Cyber Essentials Plus accreditation, a Government backed scheme that helps to secure IT systems against cyber-attacks and ensures heightened cyber security measures are in place.

There are so many different examples of cyber-attacks, with some of the most common being cyber extortion. This is the direct victimisation of an individual or business, by making demands online. Threats will vary case by case, but historically these have included leaking private client information to the internet, or posting defamatory comments about a business on a website, leading to reputational damage.

Ransomware is also a typical attack, when a type of malicious software (malware) severely restricts access to a computer, device or file until a ransom is paid by the user. It can lock a computer screen or encrypt files with a password, meaning the rightful owner is no longer able to access or control what happens with this data.

Employees should also be wary of hackers imitating a recognised supplier, service provider or colleague by sending an email, letter or online message requesting payments to be made into a specific account. Equally, requesting details of other bank accounts is also on the increase. As well as this, some fraudsters imitate the CEO or another senior member of a business, or hack the email account of that individual. Known as CEO fraud, correspondence will often be urgently demanding highly confidential information or payments to be processed. In these situations, it is important to look at the style and wording of the message as it may have spelling mistakes or other small differences from the secure sender’s usual methods.

An extremely common type of cyber fraud is phishing, where hackers gain access to a firms’ confidential files and information by extorting information through a phone call or email. Although this technique has been around for many years, businesses still unwittingly fall short to this ploy and freely give away passwords and authorisation codes.

Top tips for businesses to deter fraudsters

There are some simple but essential processes that organisations can put in place to reduce their vulnerability and ensure the misplacement of data doesn’t have a detrimental impact on operations and cashflow.

1. Update your software: Ensure good quality anti-virus programmes are in place, with the latest versions installed and updated regularly.
2. Be vigilant with emails: Employees should look out for senders’ email addresses matching the organisations’ domain. It is simple for fraudsters to use the name of a trusted person within a business. Equally, it is important that suspicious looking links embedded in emails aren’t opened, as this could trigger a malware attack.
3. Staff training: Carry out regular training for colleagues to educate users about the risks they could be exposed to daily.
4. Data back-up: Back-up data regularly, preferably to off-site servers. This ensures there is a duplicate copy of important files, which can be restored in the event of infection.
5. Website trustworthiness: Be aware that some social networking sites and other untrustworthy websites could be hosting ransomware.
6. Removable devices: Be vigilant about the use of removable media such as USB drives or other removable media devices, all of which could also be used to host malware or be infected with viruses.
7. Password protection: Always keep PIN numbers or banking passwords confidential, and update regularly where possible.

First published in the Essex Chronicle in July 2018.