Category : Uncategorised
Information Security and Cyber Crime
Data is really valuable stuff and we are currently producing it at an unprecedented rate. In 2017 it is predicted that we will produce more data in this single year than already exists.
So, if your data is valuable you are going to want to look after it and this post is here to give you some advice on why you need to take precautions, how to do that and how to protect yourself from cyber crime.
What if my hard drive fails?
Not long ago one of the big business continuity issues was making sure your data was backed up just in case your hard drives failed or your building burnt down. Disaster Recovery was all important and very expensive, often involving duplication of hardware servers and expensive telecoms links to remote sites, not something any small business would be able to afford and so looking after your data became a chore involving tapes and manual backups and because it was a chore it sometimes didn’t get done at all. It is even more important now that data is secure but much less expensive and certainly a must for any business, no matter how small.
With the proliferation of cloud based backup services the risk of losing all your data due to hardware failure has reduced. It was more difficult and expensive in the olden days but now it’s so cheap and simple to set up there really isn’t any good reason for not doing so, unless keeping fingers crossed is your company’s adopted strategy.
One new worry to think about though is Solid State Drives or SSDs. They are much faster than a Hard Disc Drive (HDD) and getting cheaper so they are now being used more often, especially in laptops. If an SSD has a problem with a bad cell then usually the only solution is to format it and start again or bin it for a new one. They store data quite differently from an HDD and once it’s lost it can’t be recovered, unlike an HDD which data recovery software may be able to salvage files from. This is why you might want to invest in a NAS to backup your entire system to.
Losing your data because of a hardware failure really shouldn’t be keeping you awake at night anymore but your data is under threat from cyber crime. Cybercrime is one of the highest ranking risks on the UK Governments risk register and is in the news almost daily. A bit more on cyber crime later in this post.
What would the impact on your business be if lost the use of your desktop or laptop?
Because our reliance on IT is ubiquitous most small businesses take it for granted and don’t really think through the impact of losing connectivity and or data, after all, it’s always there and just does what we need it to do, until it doesn’t.
What would you do if you lost your laptop or your desktop stopped working?
Last week my desktop died but I barely missed a beat as everything I have is backed up on a Network Attached Storage (NAS) Drive and all my files are also on the cloud. All I had to do was change to my laptop or use one of the other computers available to me and everything carried on as normal. When my iMac came back from the iMac fixers it cost me an hour or so bringing it up to date. This is Business Continuity Management. I assessed the risk of hardware failure (it’s a no brainer, hardware will always fail eventually) and took steps to mitigate the risk and everything worked seamlessly as planned. The only interruption to my business was the hour or so to take my broken machine to the repair shop. I am still surprised at the number of businesses that don’t take these simple steps to protect themselves.
Assessing your vulnerability
Why not take a few minutes to map one of your computerised processes? It could be invoicing or ordering or production schedules or anything else you do on a computer. Write down each stage of the process, don’t skip steps, the devil is in the detail. Write each step on a post-it and stick it on the wall. Now think about what could go wrong with each step and what the impact of that would be. Let’s imagine you use a finance package on your office desktop, what would happen if that desktop computer failed? What would happen if your printer failed? What would the impact be on your business of not being able to send out invoices and how long would you be able to continue like that? Whatever the answer it is almost certainly costing you money. Someone has to be doing the invoices, how much of their time is wasted? Cash flow is always a problem, how much will the delay in processing cost you in bank charges?
What is the cost of a cyber attack?
Potentially devastating is the answer. We often hear about the big companies losing loads of data to hackers or the NHS being attacked by ransomware but we don’t often hear of small businesses being attacked or what the costs are. The Business Continuity Incident found in a recent survey that £3000 is the average cost of a malware attack to a small business. Have a look at a previous blog for a full rundown. Another worrying statistic is that 60% of businesses who have suffered a serious cyber attack will fail to recover! That’s pretty serious when you consider that about 75% of organisations suffer some kind of security breach at some time in the past 12 months. See this post for more detail.
Cyber criminals don’t just go for big companies. Who would have thought that a hairdresser in Glasgow would be the victim of a cyber-attack, after all, hairdressing isn’t an IT business, is pretty low tech in terms of delivering their service and probably doesn’t hold much data that’s worth stealing but when you stop to look at how businesses are run, hairdressers rely on IT as much as anyone else. For the full story about how the business was affected, have a look here but it cost them a lot of money, time and heartache. People often forget about the heartache but when I speak with people who have been affected by any kind of incident they always say how difficult, stressful and draining it has been for them to recover. By all means get insurance but investing in prevention is much much better.
How do you protect yourself against cyber crime?
It’s not really that difficult to be fair. Protecting yourself from cyber crime isn’t necessarily about expensive software. It’s about processes and protocols so before you go off and spend a fortune on software that may not protect you in the event of an attack (see the Glasgow hairdresser story for how that can happen) put in place some simple measures to prevent an attack.
- Use strong passwords and only use them once on each site. To make it easier you could use a password manager to store your passwords or you could just choose a really strong one and then salt it. Salting a password is adding a couple of letters to the end of your one password so you remember it easier. For example, 76Str@wberr1es could be your password and just add ‘FB’ on the end of Facebook. You get the idea. You’ll need to change it every so often though, just in case it gets compromised.
- It seems obvious but hide your passwords. You would be amazed at the number of people who don’t.
- Don’t plug any device you don’t trust 100% into your PC or anything on your network. If you don’t know where it’s been it may well be infected.
- When receiving emails never click on untrusted links and make sure your staff don’t either. Funnily enough, it seems to usually be the CEO that clicks the infected link so apply the same discipline to everyone in the company. If there is a link in an email, hover over it and it will show you the URL it points to. Most of the time this will show you a different web address than the one you would expect but not always so be careful. Better to go to your browser and go to the website without using the link.
- Be careful when out and about using wifi. I was nearly caught out at Haymarket by a wifi pretending to be ScotRail. They had used the usual Scotrail name but added an underscore at the beginning to fool you. If you connect to wifi you should be using a VPN if you are doing anything other than just surfing the internet.
- Make sure all software is up to date! This cannot be over emphasised. I know it’s sometimes a pain and it takes time but the software used to attack you relies on vulnerabilities in your systems. The software companies are constantly plugging these vulnerabilities and issuing updates. The updates will help protect you so make sure you do them.
If you take these simple precautions you will have reduced your risk of cyber attack by around 80% and for no more cost than putting together an IT policy and a little staff training.
I can assist you with all of this if you need some help so please do get in touch.