Few people could believe that TalkTalk, the communications network, could be taken down by a 15-year old boy beavering away in his bedroom. But with the extra marital dating site Ashley Madison being taken down and Mumsnet being hacked into over the summer, it is clear that few businesses can totally protect themselves from cyber crime.
SMEs are an attractive prospect for cyber criminals; they can often hold a mass of client data and/or provide client services online, often through interactive websites or retail sites.
But what actions can you take to prevent a hacker accessing your site and/or redirecting your customers elsewhere? How can you ensure that customer data is protected? And what can be done to minimise the potential for a data breach?
Ask the chief information officer of any blue chip company what would be on their top ten list of strategic priorities lists, and most would list big data and cyber crime among the top items.
Your business should take the same approach. The increasing amount of customer-sensitive data and the move to an ‘everything online’ digitisation model has put the management of ‘big data’ firmly on every business’s risk register.
Buying disk space is part of the equation but making this data safe is a critical issue, which means understanding the data and ensuring it is secure.
Furthermore, best practice policies in relation to security need to be overlaid to ensure that should a regulator, such as the Information Commissioner’s Office, come knocking there is not too much or too little information buried in disks spread across your business.
Cyber crime is not just about businesses being under threat from fraudsters or those looking to cause heavy disruption, there are some other interesting crimes using wired and wireless access.
Eight new users join the internet every second and 250,000 new viruses are reportedly being released daily, cybercrime is now a well organised and highly professional industry. It’s even possible to buy services to launch denial of service attacks (DDOS) on others’ websites.
Read more on cyber crime:
- Startup launches service to protect revenge porn victims
- Four reasons IT security shouldn’t fill SMEs with dread
- As cyber crime soars one SME is offering companies a new way to keep safe
The Information Commissioner’s Office serves civil monetary penalties to organisations, large and small, for failing to take the necessary measures to keep personal information secure. Where reputation is a significant asset, a fine for a lack of professional diligence around confidentiality can be devastating.
But what can businesses do to protect themselves?
1. Make one person responsible for reviewing and managing risks within your business and do not ignore data management or security issues.
2. Establish ownership for data protection and information security and make that person responsible to you as the business owner.
3. Put in place some simple but effective data access policies and controls to systems and key data, as well as detailing who should have access to what.
4. Understand your data. Where is your business data and your client data? Design a data strategy or, at least, start with a workable retention policy which covers both paper and electronic material.
5. Ensure password policies are implemented across the business.
6. Train staff to be aware of potential threats, including bogus emails and suspicious requests for information.
7. Take advice from a specialist and review your IT security position to ensure you have a reasonable level of defences against external attacks and malware, ensuring that penetration tests on your systems are a regular event.
8. Take an honest view of your capability and consider moving data and applications to a secure hosted environment.
Andrew Taylor is technical director at Converge Technology Specialists