With the ready availability of antivirus software packages out there today, it’s all too easy not to worry about cybersecurity anymore. Whether free or paid for, inbuilt or advisedly subscribed to, antivirus software runs perpetually in the backgrounds of our devices, periodically performing exhaustive scans that require very little attention from us. Yet, says Richard Harris from Okappy, well read on...
Yet as the sophistication of antivirus software has increased over the years, so too has the sophistication and variety of techniques used by hackers in staying one step ahead of our cyber defences.
There is currently a major international crisis in the IT security sector, with cyber security in the UK being among the worst in the world.
For businesses to really be secure in today’s changing landscape of security, managers as well as other business leaders must now take an active role in ensuring that security is enforced at every level.
Why Security Matters
According to the UK’s National Cyber Security Centre (NCSC), Small or Medium-sized Enterprises (SMEs) now have around a 50/50 chance of experiencing a security breach each year.
For any businesses relying on networked technologies to any large or even small extent, a security breach such as a Distributed-Denial-of-Service (DDoS) attack could bring operations to a halt for an indefinite period of time. To regain normal functioning following a DDoS attack, a business will likely have no other choice but to meet the exploitative demands of hackers, by which point the chances are that a great deal of money will have been lost already.
If data such as job and invoice history is stolen in the event of a security breach, a business could also get into trouble with HMRC. Any personal data kept on customers, employees and subcontractors is likewise highly desirable to hackers, and the theft of such sensitive data could cause irreversible damage to a business’s reputation.
When the General Data Protection Regulation (GDPR) comes into effect this May, the cost of security breaches will also potentially become two-fold, as EU authorities will reserve the right to fine even small businesses as much as 20 million euros for failure in keeping personal data adequately secure.
It is therefore important now more than ever that any false sense of security created over the years is now dismantled.
Your antivirus software will block hundreds of bad connections online every week, but connections that are facilitated by your own devices, employees and even through your own management can be a little harder to regulate.
Your Own Devices
The heightened connectivity of devices in the modern working world is truly incredible. Unfortunately, however, it also creates the opportunity for malware originating from just one device to quickly spread through an entire network.
With employees more regularly depending on their own external hard drives, smartphones and laptops for work, an attack can come from anywhere. Smartphones are arguably the most underestimated culprits here, as they can likely have any number of poorly regulated third-party apps requesting user information installed on their systems.
Security breaches can also occur when a device used for work is left in a public place such as on a bus or a train and the device is then found by the wrong person.
Even seemingly innocent networked devices such as printers and CCTV cameras can provide entry points for hackers if their ports are left open or passwords easy to crack.
While hackers are quick to realise the new opportunities made available to them through networked devices, businesses often do not acknowledge the threats that they pose until it is too late.
Your Own Employees
Although malware typically spreads through a network from just one connected device, the initial infection of the first device can usually be attributed to some small instance of human error. More often than not, it is not the devices themselves that are at fault in the event a security breach but rather the people using them.
Cyber attacks often occur when well-intentioned internet users believe fraudulent websites to be genuine. If users fail to identify fraudulent websites for what they are, they will unwittingly provide hackers with any information that they enter, whether personal data or banking details.
Even that green HHTPS padlock to the left of the address bar does not mean that a website is safe—all it means is that its owners have purchased an SSL certificate affirming that connections to and from their website are encrypted. This is a poor validation of the trustworthiness of a website.
Perhaps most hazardously of all, however, malware can also originate from seemingly harmless email links, or even from attached documents in recognised formats such as PDFs and Word documents.
Any employees who are not well versed in recognising potential attacks will have a tough time preventing them.
While security is no doubt the responsibility of every worker, ultimately it is the managers and leaders of a business who are to establish security policy and set the example to be followed.
It is your responsibility to stay up to date with the cyber threats specific to the size and nature of your business, and to consider how to improve security accordingly.
If you do permit your employees to use their own devices at work, it might be wise to regulate the number of devices used and to make sure that everybody understands the risks.
Consider switching to cloud storage systems to reduce reliance on hardware storage without restricting mobility. By allowing cloud services to house data where possible, you will also be taking advantage of the advanced security measures put in place by cloud service providers as well.
Many cloud systems also use their own internal formats that are much less likely to contain malware than more widely used formats such as PDFs and Word documents. The job-management cloud system Okappy, for example, enables its users to create documents such as job sheets and invoices using its own unique internal formats, improving security while optimising job management at the same time.
By encouraging the use of the internal instant-messaging services often included on cloud systems such as Okappy’s, you can also easily reduce the risks involved with using old emailing systems too.
In light of the impending new GDPR legislation, make sure that you and your employees are ready for any changes that may affect your business, and that everyone knows what to do in the event of an attack.
It’s hard to secure business by yourself, so consider training an apprentice in cyber security and have the government greatly subsidise the cost.
Ensuring cyber security can be a pain, but it’s a whole lot better than otherwise finding yourself in the likely situation of having to fight off a cyber attack that could have easily been prevented. Act now and save yourself the trouble later.
GDPR Summit Series is a global series of GDPR events which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at http://www.gdprsummit.london/