Statistics on the lack of business cyber security and the increase in cyber-attacks abound. It’s no wonder experts continue to warn that poor security practices can compromise company finances and put commercial and customer information in the wrong hands.
The most serious involves the use of malicious software including ransomware and scareware, which extort payments for the return of data; trojan or rootkit malware, which lodge in the company’s systems to steal information; theft or breach of confidential information; and denial-of-service (DoS) attacks.
In Operation Lino, an investigation into compromised credit cards, it was found that a Romanian criminal syndicate gained access to 500,000 Australian credit cards, and about 30,000 credit cards were used for fraudulent transactions amounting to more than £20 million.
Below are some basic tips to keep your business safer from cyber criminals.
1. Application whitelisting
Application whitelisting helps prevent malicious software and other unauthorised programs from running. The whitelist is a list of specific applications that are permitted to run on a given system.
2. Patch, patch, patch (applications and operating systems)
Patch applications such as PDF readers, Microsoft Office, Java, Flash Player, web browsers and operating systems as soon as patches for known security holes are released.
“A lot of data breaches occur on systems that are not protected, and not up-to-date,” says Sean Kopelke, director of security and compliance solutions at Symantec.
3. Passwords and privileges
Minimise the number of users with administrative privileges. Also, check the identity of visiting technicians and change passwords when they leave.
4. Develop information policies
You should treat information in the same way on each platform or device, says Kopelke. “It sounds simple, but implement policies around securing information, not the devices. It is irrelevant where information is stored; the policy on how it is protected should be the same.”
5. Educate staff
Often the weakest security link is the human link. Educate staff about how to handle confidential information. Teach them how to assess whether someone who rings asking for information is legitimate and to suspect all emails, links and attachments.
6. Rethink social media
Often businesses implement policies banning employees from accessing social media sites at work, as these sites can allow malware to infiltrate company systems. Many security companies, however, recommend mitigating this risk with specialist applications and security modules to accommodate social media in the workplace.
As far as security breaches go, it is strange that organisations don’t report cyber compromises, but they do report burglaries. Companies should report any cyber security incidents to the authorities.
To find out more, please call us on 0845 504 8989, or complete our contact form.