A successful business is a cyber safe business; it is essential that your company takes steps to improve its cyber security and tackle cyber threats.
The internet and other information communication technologies form an integral part of every business operation nowadays. Sending emails, making online orders, using online banking services, these are now some of the daily tasks businesses perform naturally.
While technology allows us and our businesses to be more efficient, it also gives criminals the opportunities to commit crimes directed at our computers, smartphones and systems. According to the cyber security breaches survey 2019 conducted by the Department for Digital, Culture, Media and Sport, 32% of UK businesses have had cyber security breaches or cyber attacks in the last 12 months.
More often than not, the objective of cyber-crimes is to steal information and cause financial devastation and business damage. In this article, the digital fraud experts at Blackhawk Intelligence aim to discuss cyber-crimes and how you can keep your business safe.
Common types of cyber-crime
Hacking happens when someone gains unauthorised access to your computer or system with increasingly sophisticated techniques. Their objective is to steal or destroy information, or install malware (which we will explain later) for personal gain. While a large number of hackers are after data, such as customer information, state-sponsored attacks are after trade secrets that can do maximum damage to your profitability.
This term refers to fraudulent attempts to deceive you into revealing or confirming personal data or to paying a fake invoice. Cyber criminals can also send an attachment that looks genuine but actually contains malware. There are four types of phishing:
- General phishing refers to general emails sent to thousands of targets. An example is an email asking you to confirm a parcel delivery that you have missed.
- Spear phishing happens when targeted emails sent to specific individuals like business owners or payroll managers. An example is an email with a payment confirmation attached to a payroll manager and the attachment is likely to contain malware.
- Whaling is similar to spear phishing, except that it targets high-ranking C-level executives.
- Vishing or voice phishing is when fraudsters, pretending to be someone else that you have business dealings with, call you up. It can also happen when you are asked call a number belonging to a bank or a service provider.
Malware is an umbrella term for a myriad of malicious software including viruses, spyware, trojans and worms. In most cases, employees unknowingly download the malicious software contained in a legitimate-looking email. The software then takes control of the computers or systems, giving cyber criminals plenty of opportunities to steal sensitive information.
A cruel form of malware, ransomware allows cyber criminals to lock down a computer remotely. The attackers then display a message informing the owner that the computer will remain locked until a ransom is paid. The ransom money is usually payable by using a type of cryptocurrency like Bitcoin.
It must be said that cyber criminals are becoming very sophisticated and no systems that are connected to the internet or use some kind of technology are safe from cyber-attack. However, as a business owner or company director, you can help to reduce the impact of common cyber security incidents by using these 10 helpful tips.
Top 10 tips on how to keep your business safe from cyber crimes
1. Educate your staff
Educate your employees so they can readily recognise phishing, which is the most common form of cyber-crime in the modern business world. This will prevent complacency emanating from knowledge gaps and contribute towards the reduction of incidents.
Your employees should always exercise caution when they receive an urgent email requesting for money or confirming receipts of money, or a notification from your ‘bank’ informing you of changes with your bank accounts.
It is worth saying that training should not be a one-off process as cyber criminals are becoming more sophisticated and more persistent.
2. Equip yourself with adequate software protection
Making sure that every piece of work-related software is up-to-date, that your employees use a virtual private network to send and receive data, your system is protected by a firewall, your team uses encryption technology to protect sensitive files, to name but a few.
3. Back up your data
A data backup is a copy of your important digital files such as sales figures and customer details. In some companies, the files are backup several times in different storage devices, and some storage devices are also not connected to the internet.
4. Passphrase instead of password
Despite the fact that most of us are aware of cyber frauds, many people still rely on passwords such as ‘123456’ to log into a host of sites and systems. Instead of a password, employees are encouraged to use a passphrase that is longer and more complex.
5. Two-factor or multi-factor authentication
A password or a passphrase alone should not be enough to grant anyone access to essential data. Instead, it should be a combination of something that only the user knows (password and an answer to a security question), the user has (fingerprint and face recognition), or the user possesses (card and token).
6. Manage user privileges
In business, it is often easier to regulate than to educate. Establishing a process to regulate who can access what is certainly beneficial. It is also worth spending time to monitor activity logs and spot any irregular patterns.
7. Employment background screening
Cyber-crime and other fraudulent activity can also come from inside your company. Thorough pre-employment background screening reduces the chance of hiring criminals. At Blackhawk Intelligence, our background check specialists work with companies in the UK and across the world to verify candidates, especially C-level executives, and make sure that they really are who they say they are.
8. Put a cyber-security response plan in place
In the UK, most companies still do not have a formal cyber security plan in place. Ideally, an effective cyber security plan should include:
- Preparing for different scenarios and recognise various cyber threats.
- Identifying when a breach has taken place and isolating the breach, ideally forensically.
- Evaluating areas that have been impacted.
- Reporting the incidents to the authority.
- Hiring private digital fraud investigators when you need their help to eradicate the root cause of the breach and to restore your systems as quickly as possible.
- Calling for an after-action meeting with your team and/or private digital fraud investigators to analyse the incident and take steps to improve.
9. Reward employees who find threats
A successful corporate security culture requires your employees to be vigilant at all times. If a sharp-eyed employee recognises a cyber threat and successfully stop a fraudulent transaction, they should be rewarded accordingly. This type of employee recognition will motivate others to follow suit and very soon, you will have a team that will go the extra mile to protect your business interests.
10. Contact Blackhawk Intelligence
At Blackhawk Intelligence, our digital fraud specialists work with companies in the UK and abroad to identify cyber threats and provide comprehensive digital fraud investigation services should your company fall victim to cyber crime.
For more information on how we can help you keep your business safe, email us on firstname.lastname@example.org call us today on +44 (0)20 8108 9317.
If you liked this article, you might also like:
- Protect your business from cyber-attacks
- How can asset tracing help fraud victims?
- Due diligence isn’t just an option, it’s essential
This post is intended to provide information of general interest about current business issues. It should not replace professional advice tailored to your specific circumstances.
This article was initially published on 06/11/09 and was updated on 06/11/19.