How common-sense and a few simple steps can help tackle cyber crime

It can only take a second’s loss of concentration to destroy a business, one online click while a person is distracted that allows criminals to compromise an IT system and wreak havoc.

The results can be devastating for a business, causing lost income, massive inconvenience and in some cases such serious damage to a company’s reputation that it never recovers and ceases trading.

That is why every employee in every business must be trained in cyber security, according to Alan Stenhouse, who runs Scottish business AST Risk Consultancy & Training Services Ltd.

Alan was speaking as concern grows about the risks posed by cyber criminals using ever-more sophisticated software to seek out gaps in companies’ defences.

Indeed, the Cyber Security Breaches Survey (2017), commissioned by The Department for Culture, Media and Sport (DCMS) as part of the National Cyber Security Programme, found that just under half (46%) of all UK businesses identified at least one cyber security breach or attack in the past 12 months. This rises to two-thirds among medium firms (66%) and large firms (68%).

Alan says that a few common-sense measures can go a long way to protecting against the likes of viruses that infect systems or ransomware, whereby access to data is blocked through encryption and only occasionally released after payment has been made.

He said: “There have been plenty of warnings and plenty of high-profile recent incidents to confirm that the threat is very real yet too many people still take the view that it will not happen to them.

‘In my experience, a lot of companies only take cyber security seriously after they have been attacked, which is too late because the damage has already been done.

“If you are sitting in your office thinking ’it won’t happen to me’, then think again because if you continue to ignore the dangers, it will.

“Cyber crime is a very real threat and it is everyone’s responsibility in an organisation to guard against it.”

Alan’s advice to managers and employees alike includes:

• Do not click on a web link you do not know or trust or open an email you think is suspicious. Vigilance and scepticism are your best defence here so if it’s too good to be true, it probably is – don’t click that link!
• Ensure you have automatic updates turned on (Windows and anti-virus) – Ransomware will target Windows operating systems that don’t have the latest security patches installed
• Exercise care if you are out and about and consider using a company’s external wi-fi, such as in a café. Malicious wi-fi access points are easily set up allowing attackers to view most of what you are doing.  If you can, try and use only password protected networks that use WPA-2. If using unsecured wi-fi is necessary, ensure that any log-in or sensitive information is processed over HTTPS – look out for the padlock. Otherwise, wait until you are back in the office
• Be clear around the business need to use removable media such as USB sticks or CDs and apply appropriate controls. Removable media is easily lost and could result in a data breach with large volumes of sensitive data being compromised. Equally, use can increase the risk of introducing malware to your systems. In this regard, ensure you have a policy for removable media in place, limit functionality to approved users only and implement measures so that media is automatically scanned for malware when introduced to any system
• Finally, create a regular back-up copy of your important files and ensure this is kept separate from your computer (preferably off-site or use of cloud services). If using a portable hard drive, do not leave it connected as it, too, would become vulnerable during a malware attack