In the age of the paperless office, data is being increasingly stored electronically on desktops, servers or in the Cloud. Such data includes email correspondence with customers, vendors and business associates; sensitive client and business information; and promotional material posted on websites and social media portals.
While all these activities are the normal and vital part of doing business in the modern age, are we opening up our businesses (and our sensitive data) to high-tech criminals?
- Theft of client information.
- Theft of company intellectual property.
- Money laundering.
- Identity theft and fraud.
While consumers, Small to Medium Business (SMB) and large enterprises are at risk, it turns out that the SMB are becoming the cyber criminal’s “sweet spot”. Why? Larger businesses tend to have more robust security systems and processes preventing most cybercriminal activities. SMB are therefore an easy target and ripe for the picking. For more on this have a read of a recent whitepaper about SMB’s being targeted by cybercriminals
SMBs are at high risk of data theft, network spamming and virus attacks. Further, cybercrime can happen from within the organisation with a large percentage of data breaches being perpetrated by staff which often goes undetected.
Cybercrimes and emails
The recent trend to cyber crimes seems to be use email inboxes as a gateway to penetrating security by sending unsuspecting users ransomware and phishing scams.
A ransomware which is doing the rounds at the moment is Cryptolocker. Cryptolocker encrypts all business data on the server once the infected email is opened and asks for payment in exchange for releasing the encrypted data back to the business. We often see this cause devastating consequences for businesses as it only takes one computer to be infected with the Cryptolocker virus and in almost all scenarios that computer has access to the server or shared Dropbox/Google Drive folder then suddenly all the data in the business becomes encrypted and inaccessible. This is an easy way for cyber criminals to hold your business data to ransom.
There has also been an explosion in Phishing Scams particularly targeting Google based accounts. I recently blogged about this outbreak of hacking of Gmail accounts using ‘phishing’. The main aim of the exercise – to collect your username and passwords to various accounts and perpetuates this scam by automatically forwarding the infected email to all your contacts.
Then there is the ‘Trojan horse’ or ‘unknown malware’. An unknown malware, usually comes in as an attachment to an email, is a piece of software specifically designed to disrupt or damage a computer system. It is ‘unknown’ because traditional antiviral software cannot immediately detect it; it can take hours or days before the breach is detected and a possible strategy to eradicate it.
Filtering out nasties
An easy step to fortify your business against cybercrime is the use of next generation firewalls. Unlike traditional firewalls which simply block incoming data based on source and destination, next generation firewalls scans the incoming content for potential nasties.
These nasties can be boobytrapped attachments, malicious websites or phishing emails that trick users into divulging sensitive information such as usernames and password combinations.
It can stop incoming nasties but also stops outgoing nasties too breaking the cybercriminal to perpetuate their work through your contacts. A single infected inbox can perpetuate more than 5 million emails per week.
Next generation firewall is a simple solution to ensure that the content you access either via websites or email is ‘clean’.
For a more comprehensive look at your business security take the DIY to see how your business measures up.