If you think your business is too small to be targeted by Cybercrime, think again. Last year it was estimated that 74,000 new online threats were created every day. Cybercrime refers to any illegal activity committed with the use of a computer and the internet such as hacking, phishing, spamming and identity theft. These online threats get more sophisticated by the day as the evolution of malware has taken off. However, there are things you can do to protect your data.
What is Malware?
The word Malware is short for “malicious software”. It is a general term describing software which causes harm to your PC, or which steals your data or personal information. Malware includes viruses, spyware, trojans, worms, ransomware and scareware to name but a few.
Ransomware is a growing problem and one that is likely to target a business like yours. It’s a type of malware designed to block access to your data until a sum of money is paid. A recent example you may have heard of is Cryptolocker. You will know about it pretty quickly if you get infected, but there is little you can do if you haven’t planned ahead for it. Once infected, it encrypts your files so they are unreadable without a decryption key. Your options are to pay the ransom to receive the decryption key, or accept the loss of your data. The secrets to avoiding this depressing scenario are preparation and education.
How do I protect my business?
The first step towards protecting yourself from any attack is to backup your data. Ensure you have redundancy built in so that you can retrieve data going back weeks and months, not just a few days. Modern ransomware will encrypt everything it has access to, including external hard drives and network shares. If users have admin rights on their PC it’s possible for the backups to become encrypted along with the original files too. This can be devastating for any business, which is one reason we recommend users do not have admin rights. Users without admin rights have less chance of picking up infections as they can’t accidentally install any malware.
Take a layered approach to security by installing a firewall and ensure you have the latest security updates on all servers and PC operating systems. You must have up to date antivirus software as a minimum.
We advise all clients to purchase both antivirus and anti-malware software due to the vast number of threats on the internet. It is estimated that any one security product can only capture up to 40% of threats. Even with two products you can’t guarantee 100% protection from Cybercrime.
Which is why the next step is to educate your staff. Despite all the technical advances in malware, hackers still rely on “social engineering” as a way into your business via a user’s computer, for instance phishing emails, malvertising, and scam telephone calls. In reality, security is less of a technical issue and more of an employee awareness issue.
Educate your staff to question every attachment no matter how plausible it appears. A common scam comes in the form of an email from the police with a Word document invoice attachment. It is highly unlikely the police would ever send you an invoice, and if they did, it would not be as a Word document. If it was something important, they would call you.
Another common scam is for hackers to create a very convincing copy of an email that you might expect to receive, like a supplier notifying you of a change of bank details. Never do this without confirming with the supplier first. It is very easy for hackers to send an email pretending to be from another legitimate company. Also, pay close attention to the senders email address, it might appear dubious and the body of the email may have many spelling or grammar mistakes. If you don’t recognise the sender, treat it as spam and delete it or ask your IT department for advice.