now browsing by tag
Cyber security is essential for organisations of all sizes. Organisations need to ensure they have taken all the necessary precautions to protect their data.
In the past year, 46% of businesses identified at least one cyber attack or breach, with 875,000 of these victims being an SME. Despite these statistics, a recent survey found that many SMEs don’t believe they are at risk, with 59% thinking that their information would be of little value to cyber criminals.
This mindset is a major issue for small businesses because their lack of interest in cyber security makes them a favourable target for criminal hackers.
Why do criminals target SMEs?
Many small businesses do not put enough money and resources into cyber security. They do not monitor or implement strong enough cyber security defences that will adequately protect their data. Not having these defences in place makes their data more susceptible to attacks.
Although they may not feel that their information has much value to criminals, it very often does. Small businesses still hold personal and financial information, but they do not have the security defences in place that large organisations do. This makes them an easy and attractive target.
When an organisation has been hit by a ransomware attack, the criminals responsible will demand it pays a ransom to retrieve its data. It’s very difficult for small businesses to recover from ransomware attacks, so they are often more willing to pay the ransom than larger organisations would be. Again, this makes them an attractive target for many criminals.
How are SMEs being hacked?
The most common ways SMEs are hacked are by phishing, poor passwords and IT vulnerabilities.
Phishing schemes are fake emails that impersonate someone that you may trust: an online provider, bank, popular website or sometimes a colleague. These emails try to trick you into giving away sensitive information.
Passwords are vital for ensuring the security of your data. If a password is easy to guess or used for multiple platforms, it becomes less secure and easier to hack. Passwords should be unique and complex, and should never be shared..
IT vulnerabilities are a result of a network not having the right security measures in place in order to protect data. These vulnerabilities can lead to malware attacking an organisation’s data.
What precautions should SMEs take?
There are many simple ways an SME can protect itself from a cyber attack. Implementing a firewall is one of the first things an organisation should do, as this will put up a barrier between your data and the hacker, restricting their access.
It is very important to educate your employees to follow cyber security procedures. They should complete staff awareness training to ensure they can identify a phishing email, and follow basic security measures such as regularly changing passwords and adopting security policies.
Installing security software is vital to keep your data secure. Even after you have trained your staff, there is still the chance they may fall for a phishing email. Installing anti-malware software will help protect your organisation from malware that may be contained in these types of email.
Evaluate your cyber security posture
Gain a high-level evaluation of your organisation’s cyber security posture and a documented summary of recommendations for improvements with the Cyber Security Audit.
The post How #seriously are #SMEs taking their #cyber security? appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
It is a scary time to do business. Phishing, hacking, identity theft, ransomware, payment fraud: the list of ways that cyber criminals are attacking individuals, companies and governments seems endless. The U.S. Securities and Exchange Commission (SEC) recently referred to cyber threats as “the greatest threat to our markets right now” and for good reason. While recent global attacks like Wannacry and Petya/GoldenEye dominated headlines due to the sheer size of its reach and impact, thousands more acts of cybercrime are committed every single day — almost 50 percent of which target businesses.
But, don’t be fooled into thinking that you have to be a Fortune 500 corporation to be a target. Cybercrime is an equal opportunity menace. Larger mature companies are hit most often, but smaller scale-ups are hit the hardest, and it takes longer for them to recover. Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective. In today’s digital economy, winning and maintaining the trust of your customers is central to business growth, and nothing erodes trust quite like a cyber breach.
Scaling customer trust is a very different animal to scaling customer numbers. In fact, it can work in inverse proportion. When there is rapid customer base growth, it puts more strain on the company’s Trust and Safety resources, which in turn, results in an increase in security breaches and a decrease in customer trust. Don’t allow this to happen. Safely and successfully scale the trust of your customers by adopting these three key measures:
1. Take full control of updating your company’s software.
Imagine that your company is a castle. The walls of the castle can break and crumble in places, allowing intruders easy access. So these walls need to be constantly maintained and patched up. If you give everyone working in the castle responsibility for this maintenance, something is going to go wrong somewhere, sometime. One of your team will fill a hole with sand instead of cement, so you need to take full control of it.
It’s the same in a company. A recent survey conducted by research firm Voke Media found that 27 percent of companies reported a failed audit in the prior 18 months. Eighty one percent of those failures could have been prevented with a patch or configuration change. Twenty six percent of companies reported a breach, of which 79 percent could have been prevented with those two measures. In fact, if more individuals and companies kept their software up to date, the devastation caused by the recent Petya attacks would have been minimal.
By using an enterprise network, this critical function will be managed centrally by one expert rather than by many novices.
2. Put human error in the firing line.
Even though the walls of your castle may be fully maintained and secure, a worker may unwittingly open a window or door, giving intruders full access.
Ninety five percent of all security incidents involve human error, according to the 2017 IBM Cyber Security Intelligence Index. Examples include staff clicking links to phishing scams or visiting corruptive websites, and network administrators making small errors with big consequences. For example, it was reported recently that North Korean hackers stole U.S.-South Korea war plans. A contractor working at the data center left a cable in place that connected the military intranet (which had compromised antivirus software installed) to the internet, allowing the North Korean hackers to access sensitive information.
Employees can be helped to recognize scams through prevention training and awareness programs. Make it easy for your employees to report fraudulent emails quickly, and keep testing internally to prove the training is working. Your front line must always be cyber-ready.
3. A.B.C. — Always Be Communicating with your customers.
Tell them what you are doing to keep them safe. Customers value transparency, and the more companies are open with both its customers and employees, the further trust will be established. Take Zappos, for example, who promotes transparency in its Zappos Family Core Values by being completely open with its vendors when it comes to internal information. Instead of trying to hide secrets or use private information to establish leverage, Zappos believes in giving vendors complete visibility. The result is more trusting relationships that strengthen the organization at very foundational levels.
The expertise and time required to successfully introduce all or any of these security measures can be immense, and often difficult to provide in-house. As a result, many fast-growing companies are outsourcing Trust and Safety (TnS) Operations to a partner company, allowing them to focus on core competencies. If this is a route you choose to take, be sure to demand the same level of trustworthiness from them, as your customers do from you. And here’s how to do it:
Find a partner who has a proven track record of delivering top quality TnS services.
A premium BPO will routinely outperform its partner’s Net Promoter Scores (NPS) scores and will have the data to prove it. Providing value added, high touch customer experiences results in high customer satisfaction. So not only will you have a high NPS score, you’ll also be able to turn those satisfied customers into your champions. A raw, positive customer referral is infinitely more powerful than any advertising copy.
Many companies are publicly private about its outsourcing practices, so go deeper than a few Google searches when carrying out your research. Conversations with peers and BPO reps will bear more fruit. Ask for examples and personal accounts so you can understand how the agents would react in any situation.
Ask a lot of questions about the training the contact agents receive.
Contact agents will be your front line so it’s important they are prepared for any scenario. Whether it’s risk, user safety or fraud prevention, proper training is critical. Last year, one of my TnS agents saved one of our major partners over $20,000 by foiling an attempted money laundering scam before it even got started. Our in-depth agent training programs were central to this big win.
Ask what training programs are available, and if they can be tailored to suit your needs. Empathy training for emergency situations and crises help equip agents with the skills needed in case they find themselves in a sensitive or stressful situation. The key to success is the people so choose an organization that invests in recruitment, training and quality.
Be clear about the security measures that you want in place.
By having the security discussion up front, you can find a partner that is flexible enough to provide what you need. Inform yourself about the company’s network security and how they intend to keep your data safe. Ask: Does their security philosophy match yours? Do they have the right tools already in place? What else is needed to keep yours and your customers’ data safe?
Ask about their data recovery and business continuity plans in the case of a breach. With data breaches looming around the corner every day, it’s imperative to know there’s a backup plan should a breach occur.
Make sure your partner can support your growth.
When companies experience rapid growth, it will throw up a lot of challenges on your journey to success, and many of them will be way outside of the sphere of your core competencies. You’ll need to hire in functional expertise, set up complex new systems and processes, and create management structures. In a world where companies grow faster than at any other time in history, most are outsourcing at least some of their core functions, so that they scale up successfully.
Take Airbnb for example, who over the past ten years has seen phenomenal growth. What started as a small company in San Francisco that allowed people to turn their spare bedrooms into vacation rentals, now operates in more than 190 countries worldwide. When Airbnb contracted Voxpro to carry out its TnS operations, it started with six agents. Three years later, the number has grown to 106 given the rapid growth of the business. A great BPO will grow with you.
It’s a scary time to do business, but in the 20 years I have been running companies, I have never experienced a more exciting time to do business. The digital nature of today’s global economy has opened up amazing opportunities to scale your company bigger and faster than at any other point in history. Yes, it also opens up opportunities for cyber criminal opportunists too, but never forget that you are the one in control, not them. By taking a proactive approach to your trust and safety operations you will shut them down, lock them out, and successfully scale the size and the trust of your customer base.
The post Here’s How #Taking #Cybersecurity Very #Seriously Enhances Your #Brand appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Source: National Cyber Security – Produced By Gregory Evans A recent survey of 2,000 UK businesses looking at digital transformation showed the number of businesses with formal strategies had doubled over the last year to 63%. However, businesses with less than 50 employees lagged behind with 64% not having a formal plan, compared to 91% […] View full post on AmIHackerProof.com | Can You Be Hacked?
There is no doubt that there are numerous threats to organisations worldwide, and that it can seem increasingly difficult to manage your chances adequately. Whereas many years ago cyber-attacks were a rare warning sign, nowadays cybersecurity has increased in danger and frequency.
It seems that every day you can encounter another article on the topic, and this has managed to create a real and significant concern for both small and large organisations. More and more people are turning to reliable services such as those provided by Prosyn, a London IT services company dedicated to implementing safe and stress-reducing IT solutions.
Although some have taken precautionary measures against these possible attacks, many organisations have continually underfunded their importance. Here is why you need to take cybersecurity seriously:
Cybersecurity Threats are everywhere
As a general rule of thumb, we view technology as an intriguing subject which is bound to increase our lifespan and quality of life. However, it’s essential to understand that while some people can focus on innovative ways to help others, there will always be the ones who will look for an easy way to make money.
Professional hackers are paid to understand possible cybersecurity problems, and this is done in order to make the technology of a specific company safer and more reliable. Nonetheless, it appears that a reoccurring theme can be spotted: we are not getting better, and our security problems are not changing. While we depend more and more on technology and potential advancements, we are opening ourselves more and more to the possibility of an attack.
Hackers will tell you that most technology is prone to these attacks, rendering it vulnerable. There are many examples in our everyday lives, starting from smartphones, home alarm systems, cars, plane systems, and even medical pacemakers. Of course, the goal is not to instil fear in you, but to make you aware that even critical infrastructure such as dams or power grids can and have been hacked in the past. Thus comes the question, how confident are you in your cyber security measures?
Loss of revenue
According to experts in the industry, a staggering 60% of smaller businesses suffer a data breach each year, and that sometimes includes bigger names you might not expect. Yahoo and UPS are two clear examples of this threat, and so is JP Morgan –having lost the details of 76 million customers during an attack. This loss means that you are exposing your customer’s sensitive information, endangering their financial health, and causing significant revenue loses for your company.
According to a 2015 report published by the World Economic Forum (WEF), a whopping 90% of companies worldwide recognise the fact that they are ill prepared in case of a cyber-attack or breach of confidential data. In fact, it is estimated that this problem costs the global economy over US$400 billion per year –based on a prognosis by the Centre for Strategic and International Studies
The consequences of cyber crime
There are two main aspects that organisations should have in mind when dealing with cyber-attacks: are they meant as a data security breach or a deliberate act of sabotage? A security breach can be viewed as intellectual property or company secrets that an attack might target –ranging from information about bids to personal data. In comparison, sabotage is when fake messages flood web services, or when there is an effort to disable infrastructure systems which are being used by millions each day.
The direct result of these problems is not only a commercial loss, but also a disruption of public relations, with the goal of potentially extorting an individual, company, or organisational chain. Of course, there are also modern-day vigilantes who tirelessly work to expose negligence claims, fraud, and other issues which an organisation may try to sweep under the rug.
Whatever the reason for the cyber-crime, it should be noted that most of these incidents are often not reported, and that loss of information is rarely if ever mentioned. This problem does go hand-in-hand with companies not wanting to damage their reputation or be seen as unsafe by its customers. Besides, it’s hard to take legal action against the culprits –many of them have not even been identified.
Why do some companies underestimate the threat?
One of the main reasons that experts highlight is the difficulty of predicting the likelihood of a cyber-attack happening in your company. It’s also incredibly hard to estimate potential losses; thus the question many have on their mind is “should I invest this much to protect something that might never happen to me?”
An article published in the Harvard Business Review revealed that many decision makers are faced with making the judgement of how much they are willing to invest in cybersecurity, and most of them don’t fully understand the dangers of it. Here are the three main reasons highlighted in the article:
An empirical assumption that security frameworks like FISMA or NIST represent sufficient security
A security breach has never been an issue in the past, so there is no need to fix what isn’t broken
Companies have previously dealt with a small cyber-attack which was quickly resolved
It’s easy to see how individuals would follow this mindset. However, the problem with these mental models is that they view cybersecurity as a problem that can be solved, rather than on-going process which requires a robust prevention strategy. In fact, cybersecurity should focus mainly on risk management and minimise the possibility of future attacks rather than on risk mitigation. As previously discussed, some attacks could cost millions or even put you out of business.
The reality is that cyber-attacks are not solely related to one geographical area or another; criminals operate across borders, and very few of them have moral principles relating to uncovering corruption plots or cases of fraud. Therefore, there is a need to respond to cyber-attacks by having a global vision and strategy, all while understanding how law enforcement agencies work and how IT services can aid you.
The post Here is #why you need to take #Cybersecurity #seriously appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Source: National Cyber Security – Produced By Gregory Evans Police have stressed how seriously they treat cyber crime following a new report criticising how the growing trend is tackled by forces nationally. The National Audit Office (NAO) said the issue was “not yet a priority” for all local police forces and the problem had been […] View full post on AmIHackerProof.com | Can You Be Hacked?
A blunder that Apple made in iOS 10 has weakened the encryption of iPhone data when backed up to iTunes
A flaw Apple introduced in iOS 10 has made it far easier for password crackers to brute-force data backed up
The post Oops. Apple has seriously weakened iOS 10 backups against password hackers appeared first on National Cyber Security.
View full post on National Cyber Security
Most companies are aware of Cybercrime, however many are yet to make a change to their level of Cyber security, largely because they’ve not been burnt first hand. Underestimating the cost of a cyber-attack on your business can have significant repercussions in both monetary terms and often more importantly, reputation. Usually our blogs are packed […]
View full post on National Cyber Security