PUTTING A SECURITY PLAN IN PLACE
Firstly, you need to run a risk assessment. Consider what sensitive information you have that is critical to your business and what threats it could be exposed to. What legal stipulations and compliance regulations must you adhere to? It may be worth investigating whether any businesses in your sector have been subjected to any attacks so that you can learn from their experiences.
Look at investing in security controls that can be implemented to increase your defences. Malware protection will minimise the threat of virus infection. Network security is paramount and can be enhanced through the use of firewalls, access lists and proxies.
Manage user privileges to restrict access to IT equipment, systems and information only to those for whom it is vital. Ensure that data is encrypted for mobile workers and those using their own devices. Liaising with us to put a disaster recovery solution in place will ensure you remain productive should the worst happen.
The message form the BIS is clear. Making that investment now may require time and money, but it will save you a fortune in the long run.
DON'T BANK ON RECOVERING YOUR LOSSES
The last few months have seen an upsurge in cyber-attacks leading to financial loss, for instance Birkenhead-based varnish producer AEV Ltd were subject to a phishing attack that enticed their financial control staff to inadvertently divulge the access codes to the online banking systems, the scammers then created bogus payee accounts and transferred over £100,000 of the Company’s money. A similar loss was experienced by a Baker “Truffles Bakery” who were subjected to a sophisticated virus attack that was originated from a bogus email from HRMC , the virus provided remote access to the fraudsters who used the information to access the firms online bank account and transfer some £20,000. These are a few examples of seemingly low profile businesses that have probably never thought they would be worth targeting by Cyber criminals discovering the hard way that anyone with an online business account makes them a target!
What makes this interesting is that the banks for both businesses although sympathetic to the firms loss, are not refunding the money or accepting liability, so be warned if you use internet banking and you’re the victim of fraud don’t expect your bank to make good - prevention is definitely better than a costly court battle with a rich bank.
And whilst talking of banks, they have also had a bad time of late; with both Santander and Barclays Bank being subject to highly developed attacks where outlying branches were targeted with a bogus telephone engineer tricking their way past reception staff to install equipment on PC’s, that in turn allowed the attackers to remotely control and access the banks finance system, in Barclays case over £1.3 million was lost.
BELOW ARE THREE SUGGESTIONS TO MAKE YOU MORE RESILIENT TO A CYBER-ATTACK
1) Ensure staff are informed of cyber threats, educate them in how to identify the risks and what they should do to limit the threat, coach them not to trust electronic communication, layout the do’s and don’ts for financial system access – make your staff part of your defence.
2) Ensure you malware protection is robust – use all the features your solutions has available (virus scanning is no longer sufficient) and have multiple lines of malware defence such at the gateway and the endpoint - detect the threat at the earliest possible opportunity.
3) Tighten up your system configuration to have a ‘least privilege access policy’, actively check for and remove vulnerabilities - deny hackers the ability to infiltrate your systems.
And lastly if you want to do more and not sure where to start then consider taking on our Cyber Assessment Service: where we undertake an assessment of your cyber security defences against the 20 best practice controls for cyber security, reporting on what needs improving and identifying key gaps in your defences, please email firstname.lastname@example.org if you would like to know more about this service."