Most small and medium sized businesses are aware of cybercrime, but the daily demands of running a company mean that taking measures to protect yourself against cyber threats often falls further down the list than perhaps it should.
So how serious is cybercrime? According to Norton Antivirus, cybercrime is rapidly on the rise. It has surpassed illegal drug trafficking as a criminal money-maker and in 2015, UK consumers lost £1.7 billion to cybercrime.
Ok, so that’s pretty serious stuff. So let’s take a quick look at the three main types of cybercrime, to see what we’re dealing with.
1. Distributed Attack
This is where malware is installed on multiple computers. There are various ways that a distributed attack can reach your PC or mobile device:
- Encryption/Ransomware: hackers encrypt your files and hold your data to ransom! Never pay the ransom! More often than not, they’ll take your money and still not unlock your data. The only solution is to restore your data from back-up.
- Browser manipulation: malware can manipulate what you see on your browser and steal your data e.g. the malware inserts a few extra lines of code into your bank’s website. The website looks the same but the malware is stealing your data.
- Key Logger: this type of malware sits in the background of your PC and captures what you’re typing, to learn your behaviour and potentially catch your personal data.
- Distributed Denial of Data (DDOS): bombards your website with traffic until the server collapses and goes offline.
How might I get caught by this malware? Ironically, you install it! It could be in the form of a website download, pop-up box (the “You’re a winner!” type of messages), email attachment or USB drive.
How do I avoid it? Don’t click on any links or pop-ups that look suspicious or that you’re not expecting. If in doubt, don’t click! On a PC, you can press Alt + F4 to close the window completely.
2. Central Attack
This is where a central system is hacked in a bid to get customer data, usually for financial gain. Alternatively, a central attack may be done in the name of Hacktivism; for moral/social/political reasons – a prime example of this was the Ashley Madison hacking scandal in July 2015.
How do I avoid it? Unfortunately, you can’t. That’s to say you have absolutely no control over whether or not this happens. But central systems are becoming more and more vigilant and resistant to such attacks.
3. Personal Attack
Exactly what it says on the tin – a personal attack on your data. The most common types of personal attack are:
- Email spoofing
- Telephone spoofing
- Letter spoofing
How can I avoid it? Be cybercrime aware – stay vigilant and use your common sense. If someone calls you from ‘Microsoft’ to remotely log in to your home computer, the chances are it’s fake. Ask yourself if it’s too good to be true – if the answer is ‘yes’ then it probably is.
What's my biggest threat?
According to Dineshi Ramesh from Board Intelligence, one of the biggest threats to a firm’s cyber security is the people working within it. So it’s essential that your employees know and understand the vital role they play in protecting sensitive information. Make sure your staff have cyber-awareness training – you could consider going for a Cyber Essentials Certification.
So what can I do?
Taking steps to make sure your business is as safe and secure as possible may seem like a daunting task, but it needn’t be. There are things you can easily implement and other things that you may want to consider for longer term peace of mind.
Here are our top 5 tips for staying cyber-safe:
- Passwords – the longer the better. And never write your passwords down!
- Lie! If something is asking for your password and you’re in any doubt about its authenticity, use the wrong one. If it’s genuine, it will ask you again – if it’s a scam, it will accept your incorrect password…and you will have just escaped being a victim of cybercrime.
- Ensure your Windows updates are done. This reduces the chance of malware being able to penetrate your operating system.
- Make sure your antivirus software is up to date.
- Ensure your back-up provision is robust and you have recovery/business continuity plans in place.
If you want to know more about how to protect yourself from cybercrime, why not join projectfive for a Cybercrime Awareness Training Course – call 01276 455466 for more details.