How To Prevent Cyber Crime
Perhaps the first thing to consider and certainly a sobering though is that Cyber Crime is an industry. ‘Criminals’ in that industry treat it as a legitimate business. Just like a competitive business, it has the capabilities to adapt and react very quickly to changes in its industry and ‘new business’ opportunities that arise – a.k.a recently discovered vulnerabilities.
Prevention is better than cure, especially where cyber crime is concerned. At the heart of this position is education and awareness.
Prevention starts with education & awareness
Every company employee using technology within the business should be aware of basic security concepts and the risks of exposure to cyber crime. It will also help them fight the same issues in their personal lives too; so it’s a win-win scenario for employees and the company.
Prevention requires the close scrutiny of a company’s process and where technology and exposure to cyber crime appears. All digital assets should be reviewed and examined on a regular basis and with the view of evolving threats.
Cyber crime, while seemingly random in nature, is a highly coordinated and structured process, one that can be characterised by trends and the processes in use. Knowing this allows a prevention strategy to be created.
Law enforcement and security experts have highlighted four basic elements in combating cybercrime, these are:
Information exchange, investigation and capacity building are essential tools for dealing with the aftermath of an incident and how what is learnt can be used to help others avoid the same problem, and to increase an organisation’s resilience to such incidents in the future.
It’s not just money they take
It is common for people to think of cybercrime as an incident where criminals steal something from a business, its customers or the individuals in a business, typical of more common online fraud. However, it’s all to common for the intentions of the perpetrators of the incident to be to stop you doing businesses, either as an attempt to put your company out of business, or to hold your business to ransom. The former, an example of which is a ‘denial-of-service attack, are often incidences of cyber terrorism.
Understanding and being aware of the different types of cyber crime is the best starting point for any company concerned about the problem; and every company should be. All companies, no matter what the size, are potential targets. It’s all too common for smaller business owners to think that cyber criminals won’t be interested in them, because they are too small – that’s a fatal mistake.
Types of cyber crime
The most common types of cyber crime facing business are those where criminals attempt to gain information that ultimately leads to database, credit card and bank account access. Methods include:
Properly educated, employees in positions that can be compromised by such threats, can spot these attempts and prohibit them. Other simple company policies might include forbidding removable storage devices from being attached to company systems, as this can be an easy way for various types of malware to be propagated.
The simplest steps to avoid cyber crime
The size, complexity and nature of your business or organisation dictates the extent of the cyber security systems and processes that need to be put in place. Financial institutions, for instance, have entire departments who’s sole remit is to ‘out-think’ the cyber criminals and ensure the security and integrity of the data under their protection.
Smaller organisations benefit from implementing core processes and procedures that limit the effectiveness of many types of cyber crime. These steps include:
- Ensure you have somebody in your organisation, or have an external consultant who knows your business, to regularly review the risks within your business and to ensure a high level of awareness is maintained.
- Ensure that somebody has responsibility and ownership of data security
- Have an action plan. Should an incident occur, have a response plan and a team to immediately coordinate and act on that plan.
- Have clear and well understood data access policies and a control system to restrict access to all but those who need access and are trained in managing that data.
- Know in what forms data in your company exists and where it is stored and how it is accessed.
- Implement password policies and ensure they are rigorously enforced. This might mean making the IT department responsible for creating and issuing passwords of an adequate strength.
- Provide training for staff, so that they understand the various types of threats and how to recognise and deal with them.
- Implement solid defences around your IT and internal data networks including, firewalls, encryption, virus detection software and monitoring to uncover suspicious activity.
- Ask penetrating and realistic questions about your company’s systems capability to store sensitive information and protect that data. If not consider using secure third parties.
- Regularly test your readiness and review your response. Use that to improve your process and response mechanisms.
Turn to the professionals in the first instance
Cyber security and cyber crime are complex subjects, but with the application of some pragmatic common sense, simple steps can be used to thwart a great deal of the threats posed by todays criminals. It always helps to take guidance and advice from a professional third party, and that’s where Blackhawk Intelligence fits in. We work with clients to help understand the risks within their company and business environment and then assist in putting in place the systems and processes that can protect you.
Call our team of digital forensics experts and specialist cyber crime investigators today on +44 (0)20 8108 9317