Cyber crime can mostly be avoided with good IT security measures

Basic IT security and training are vital to businesses nowadays

The UK’s Office for National Statistics figures for crime in 2014-15 show that on average one in 12 adults is a victim of fraud and one in 22 is a victim of cyber fraud.  There were 5.1 million estimated cyber crimes and frauds last year, plus 2.5 million offences under the Computer Misuse Act – hacking, identity theft, malware, and so on.  And those are just the ones that were reported.

That’s a lot of threats to your online security. 

So what can you do to avoid becoming a victim of cyber crime?  I recently attended a presentation on the subject by ID Cyber Solutions and Keith McDevitt from the Cyber Resilience Unit at the Entrepreneurial Scot event, which was both full of great advice and warning. 

One interesting fact is that 80% of that crime is avoidable if you use even basic security, because most of its success is down to human error.  If you have the basics built in – password access, anti-virus, firewalls, malware protection – it’s a good start (if you don’t, talk to us as a matter of urgency).  You need them even more on your mobile devices than on desktop ones; using devices on public wifi networks is always going to be more unsafe than using them on your own office network. 

Yet many people fail to install even basic protection on mobile devices.  A few years ago that might have been understandable: anti-virus programmes often slowed down internet access to a slug’s pace.  But that’s no longer the case, so there’s really no excuse – and every reason to install it. I'd hazard a guess that the huge majority of smart phone users do not have anti-virus programmes installed.

Other forms of human error that allow cyber crime to flourish are not recognising dodgy emails (even then email phishing is becoming far more sophisticated in understanding the target audience behaviours and interests) and clicking on links within emails.  ID Cyber Solution’s advice is never to click on a link, even one in an email you think is perfectly OK.  Always type the URL into the browser: the search engine will often warn you if it’s an unsafe site. 

Any email that asks for your personal or financial details should be deleted immediately, even if it appears to come from a trusted source; no bank or other such company will ever ask for those sorts of details in an email.  Either phone them or go to their website and check for messages.  They’ll want to know about the email you received, too, likewise with sms txt messages.

Passwords are another chink in your armour that help online criminals. Many people just use the same password for everything, and it’s often something really obvious like their date of birth or the name of their house. 

A good password can’t be guessed or worked out from what people know about you (if you’ve put your birthday on Facebook, it definitely doesn’t count as a secure password).  ID Cyber Solution's are recommending we move away from the traditional 8 letter password with punctuation, numbers and a range of upper and lower case.

Why?

Well they demonstrated how quickly these types of passwords could be hacked using easily available and downloadable software. So what did they recommend? Move towards the use of passphrases not passwords, for example "jackandjillranupthehilltofetchapaleofwater" would far longer to crack than an 8 digit password. Some security systems now recognise if you’re using the same password for more than one site and will advise you to change one or more of them.  It’s good advice.

For the other 20% of cyber crime, tougher measures are needed, such as:

• configuring your network using recognised network design principles; encrypting data;
• monitoring with Network and Host Intrusion Detection Systems and Protections Systems (NIDS/HIDS and NIPS/HIDS);
• control of user privileges, so that only people with a right and a need to access information can access it; training staff to use devices securely both in the office and out of it;
• controlling the use of removable media such as DVDs and memory sticks; and installing software updates as soon as they become available.

Cyber crime is as much of a risk to your business as any other form of crime, and you should have policies and procedures in place to prevent it.  You should also have – and crucially, regularly test – a  policy for incident management and disaster recovery.  All your staff should be trained in what is expected of them for both prevention and reporting of incidents, and a specialist management team may need to be set up and trained.  That then leads into a whole other topic but for now have a look at this Jimmy Kimmel Live video where they demonstrate Cyber Security vulnerabilities via Social Engineering

If you think of recent hacking events, it’s obvious that cyber crime will not affect just your IT hardware and software: your entire business reputation could be destroyed.  It’s worth being serious about it.  If your IT security could do with an overhaul, please get in touch today: don’t leave it ‘til it’s too late.

Follow Inspire on Twitter @inspireltd and @developersos