Developing a first line of defence against cybercrime

Last year’s news reports were liberally scattered with a number of high profile data breaches, the most prominent of which was the hacking of Ashley Madison, the extra-marital relationship website. This caused ripples across the business world, with most of the site’s 37 million members left worried about their exposure from the event. In the unpredictable world of hacking, the sensational media response is likely exactly what the hackers were hoping for.

Whilst most data breaches do not generate this amount of attention, they still represent a significant threat to businesses large and small. The loss or compromising of data and the unease that this causes among customers can be catastrophic. Unfortunately, cybercrime is on the rise.

Cybercrime is evolving

Other notable data breaches during 2015 included electronic toy maker VTech, the US Office of Personnel Management, and Donald Trump Hotels. Each attack was underpinned by a variety of motivations and not every breach was financially driven. The first of these targeted young children, who are particularly vulnerable to security attacks due to their inexperience with the Internet. Parents presume children know how to respond to threats; however, the truth is sometimes quite different.

The same attitude can be seen within businesses. Mac users often perceive Apple’s operating system (OS X) to be more secure than Microsoft Windows; however, OS X should be treated with exactly the same level of caution. Regardless of whether the Apple device is being used in a small business on-site, in a BYOD environment, or remotely, it must be secure.

Shoring up your Macs

Strengthening Mac-related security should include a number of initiatives. The first step is simple - improve password security. Strong, unique passwords that are regularly updated will guard against hacking attacks. A password manager makes it easier for users to handle multiple passwords and Mac-based employees can encrypt sensitive documents by turning on FileVault. Hackers often exploit vulnerabilities found in software too, so it is essential to update browsers, web plugins, applications and the operating system.

The other main threat is to data privacy, exacerbated by the proliferation of end-points connecting through Internet of Things networks. Smartwatches, office security systems, digital signage – they all increasingly hold corporate data. Data collection strategies are also a threat, especially businesses that gather information on staff without consent. The initial intention may be honourable – for example, to register a product for warranty purposes or to improve internal processes – but data can easily be compromised or stolen.

Aside from the threat of financial or reputational damage, companies have a duty to protect employee privacy as well. It is therefore surprising to find that many employees are the weak link in the security chain.

For most companies, a layered approach to defence should be a top priority. This includes consistent and regularly updated anti-malware protection across all devices, not just tablets, phones and computers, but those that scan USB sticks and monitor Wi-Fi too.

For Apple users, there are security companies dedicated to providing appropriate security solutions. Apple’s own tools also offer powerful protection when configured correctly. The most important factor is to educate the entire team. Regardless of the size of the business, employees that understand the implications of a security attack are more likely to abide by the processes in place.

2016: New threats, similar consequences

In an IDC report covering 2014-2018, the analyst firm forecasts that seventy one per cent of security breaches will affect small businesses. These threats extend beyond data theft and into other areas of cybercrime.

In the coming year expect to see a rise in the number of ransomware cases – a profitable approach for cybercriminals looking for opportunities to extort victims for cash. Bogus ‘CEO emails’ are also on the rise, an example that demonstrates the complexity and creativity of those behind illicit actions.

As the demand for personal privacy grows and individuals take steps to block unwelcome online ads, advertisers will seek new ways to engage their audiences. Hackers could start to infiltrate these methods for their own unscrupulous intentions. Mac users should also be wary: more vulnerabilities were discovered last year than in any previous year, and as the Mac market grows, so will misuse of the platform.

The final step should be implementing a detailed security policy written in plain English, offering staff clear advice on password protection, malware awareness, the most trusted security suite to use, and a clear set of security processes. This will help protect company data, employees and customers, and at the same time, provide a strong first line of defence in the ongoing and ever increasing threat against cybercriminals.

Steve Kelly, President, Intego & Flextivity