Cybersecurity – don’t stick your head in the sand

Posted byLonePosted inSecurity, TrainingTags:

CYBERSECURITY – Don’t stick your head in the sand

Fraud is an ever present danger to all businesses whether small or big. When it happens you are shocked, then you realize that you have no plans or back-ups in place. Fraud, whether external or internal, more often than not has a huge impact on your business. It comes in many guises: a hack into your computer network, internal theft, a computer virus, Phishing, ransomware, identity theft, etc.

“It’ll never happen to me, we are too small to be targeted, we don’t have anything of value to steal”

WRONG!!  The one sure thing is that you will only take your SMEs security seriously after you have been hacked.

A Norton survey from 2021 found that:

  • 53% of adults admit they don’t know how to protect themselves from cybercrime
  • 38% of consumers have never considered their identity could be stolen
  • 83% of consumers want to do more to protect their privacy, but 47% don’t know how

And a LastPass survey in 2021 found that:

  • 41% of people don’t think their accounts are valuable enough to be worth a hacker’s time

Big companies spend a lot of money on cybersecurity to protect their assets. I recently gave a talk at a financial services event on banking fraud – a whopping 42% of reported bank fraud is actually internal fraud. In 2020 internal fraud was reported to be a total of USD 3.6 billion, but sadly banks don’t report internal fraud unless it becomes public, so the true number is deemed to be much higher.

The thing to remember is that it’s not always an anonymous hacker that impacts your business.

We all remember the ILOVEYOU worm that a student from the Philippines sent out 20 years ago. This first global bug turned out to be much worse than just a self-propelling chain letter. As it was replicating itself, the ILOVEYOU worm destroyed much of the victim’s hard drive, renaming and deleting thousands of files. The estimated impact to businesses large and small was USD 8 billion and the cost to secure businesses against future attacks was estimated to be in the region of USD 10-15 billion.

This worm didn’t care if you were a small business or the world’s largest bank it just spread.

It’ll never happen to me

Statistics show that this is a wholly wrong assumption. The world is ever more connected and the chances it will happen to you or your business are very high. We all hear stories about company A or B who got attacked for ransom, or money stolen from their accounts.

One such SME, a new client of mine, has for the past 10 years been held hostage by an unscrupulous web hosting service provider they trusted to look after them. We are in the process of building out a completely new website and implementing security processes for their business. This is just a small company of little interest to most people and yet this business has been subject to ransom demands, denied access to its email server, and not able to control its domain ownership.

We are too small to be targeted

According to a 2019 report done by OnTimeTechnology 31% of all cyberattacks today are designated for smaller entities such as individuals or small businesses.

Big businesses take cybersecurity very seriously, not wanting to become the next victim in this cyberwar. These companies invest in sophisticated cybersecurity and backup systems, protocols, and processes to protect them in the case of an attack. This means SME companies who are focused on other things become easy pickings for cyberattackkers.

We don’t have anything valuable to steal

That may be so but you have a business reputation to secure. You deliver goods or services to your customers. Any impact to being able to do this will have an impact on your revenue stream and your ability to sell in the future. You might have customer data, bank account data, and sales reports that can be used to take your customers away from you or even used to blackmail you. The reality is that we all have something of value that we need to secure.

Securing your business

The majority of people and SMEs hardly ever change their passwords, use simple ones that are easy to hack, and have them written on a yellow post-it on the computer screen or written on a piece of paper in the top drawer of their desk. No firewall, no security protocols in place. None or only partial back-ups are undertaken, no security reviews, and zero training for their staff on how to stay secure. Even if you need to save on costs, there are things you must do to take precautions.

Building a robust Security Policy

The first thing you need to do is conduct a review of your infrastructure, your networks, your protocols, and processes. Create an overview of who has what access to which systems and files, then do a risk assessment for your business as a whole. Once you know what you have, you need to create a policy for your company’s security. Train your staff on how to stay vigilant and what they need to do to stay safe.

Free tools to help you

There are many available free tools and apps available today, that have solid security protocols in place. Make use of these apps and services. Put as much of your data as you can in a secure cloud. Make sure the computers your staff uses are secure, even if it’s not your computer. Put someone in charge of security, organize some training for them and monitor that your security protocols are followed.

Leave a comment