29/01/2015

By Jan Wielenga, Product Manager for Data Networks, Daisy


Last year saw some of the most brutal security attacks on the world’s giants of the software industry. Apple’s iCloud, Microsoft and Sony were among the targets dominating the media, but the threat is not solely applicable to corporate enterprises with multi-million dollar data sets.

Cybercrime is a highly profitable, international business and hackers are treating it as such, becoming more organised and developing increasingly clever tactics to make a profit.

For hackers, bigger isn’t necessarily better

Whilst they might not be the most obvious targets, smaller businesses can be the easy back route into a larger company, or simply be a good way to make ‘a fast buck’. They tend to have firewalls that are designed to withstand simple viruses and malware (software that is in many instances used by criminals to obtain valuable business information), but have little protection against the sophisticated methods now used by hackers.

One study has suggested that in a period of 12 months 87% of small firms experienced a security breach, an increase of 10% on the previous year.

One of the latest tools used by cyber criminals to target SMEs are computer programmes which paralyse a business’ system by overloading them with traffic (called Distributed Denial of Service (DDoS)). This disrupts a business’ IT system and can lead to database corruption or reduce the effectiveness of firewalls making the organisation easier to hack.

Generally, hackers aim to steal the bank details of a business’ customers or valuable information such as intellectual property, however cyber extortion is a growing problem, especially among SMEs, and according to CSIS (Centre for Strategic and International Studies) and McAfee, is costing businesses £265bn a year.

Criminals use computer programmes to take over a business’ files or website, rendering them unusable, and then blackmail the business for a small amount (approx. £150 - £300) to release it. Because it is such a small amount, most businesses simply pay the ransom demand, and few victims report the crime through embarrassment. Subsequently the risk to the criminals of conviction is low, and the rewards are high.

Preparation is key to prevention

Although the threat to your business is very real and shouldn’t be underestimated, it is important to note that there are some simple steps which can be taken to overcome hacking and minimise your risk of data loss.

• First and foremost, your firewall is your best line of defence against cybercrime, so make sure yours is up to scratch. Speak to your internet provider about firewall protection (including capacity, internet feeds and intelligence & filtering) and always use a reputable supplier. Whilst free or cheap firewalls may seem like a cost saving, it’s important to remember that you get what you pay for. The cost to your business, if it is successfully hacked, can run into thousands of pounds, with the UK government estimating that a successful attack can cost a small business between £35,000 to £65,000.

• All too often cyber criminals receive a helping hand from within an organisation, when employees unwittingly click on a seemingly legitimate email or use obvious passwords. Educate your staff about the threats to your business’ IT systems, what is required of them to mitigate risks, such as changing passwords at regular intervals using a combination of letters and numbers, and only downloading content from trusted sources. You should also explain what action they should take if they suspect security has been breached.

Don’t ignore the warning signs

Whilst Hollywood would have us believe that, once hacked, a skull and crossbones and threatening message would instantly appear on our computer screen, in the majority of cases hackers are unlikely to alert you to their presence. Only by passing unnoticed can they access bank details or use you to spread viruses to other businesses, thereby expanding their criminal network.

The most obvious sign to look out for is a change to the way your PC or smart device is running and behaving. A slower processing power, or experiencing your PC coming to a complete halt, could indicate that you have been hacked. Similarly, you may notice that new software or toolbars have been installed to your device, could receive pop up messages or your contacts may even report receiving fake emails from your account.
If you suspect that your security has been breached by hackers, time is of the essence. The sooner you respond, the less damage they are likely to inflict and the more likely it is that the culprits can be discovered and apprehended.

Act on it

As computer hacking is a criminal offence, punishable by imprisonment, it is important that you take immediate action in all instances. You should call Contact Action Fraud who will pass your information on to the National Fraud Intelligence Bureau (NFIB) where the attack will be investigated. In the meantime you should reset passwords, run a scan of all suspected infected devices using up-to-date antivirus software, and notify contacts that you have had a security breach and recommend that they run a scan using antivirus software.

While the concept of being hacked can be extremely daunting, self-awareness does have a major role to play in combatting it. There is no perfect solution, however, being IT savvy and investing in a reputable data security system will prevent most attacks. Take action today to protect your business’ assets for the future.