Is Your Business Safe From Internet Criminals?
It is estimated that complacency over cybercrime cost business more than $3 trillion globally in 2015 & whilst a large percentage of that cost was borne by multi-national corporations, local businesses also suffered substantial losses as a direct result of Internet criminals targeting their business online.
In a presentation by the CEO of Microsoft, Satya Nadella, the following numbers were shared to illustrate that 2015 was a bad year for cybercrime:
- 160 million customer records compromised
- 229 days on average between infiltration and detection
- $3 trillion of market value destroyed
Let’s face it, criminals have been with us for as long as people have done business with each other;
Highwaymen robbed merchants on their way to/from market, bank robbers have been targeting banks since day one, burglars target poorly protected premises – so it should be no surprise that criminals are online too – looking for opportunities to make a fast buck at your expense – and that’s what Cybercrime is all about.
Here’s the thing about Cybercrime though – whereas criminal activity in the past has been limited by geography, the internet immediately removes that restriction. A cybercriminal can strike out at anyone, from anywhere & at any time.
In the same way that the internet has removed barriers for carrying out business globally & at high speed (through more efficient communications) it has also provided Cybercriminals with the same opportunity!
Cybercrime is most definitely on the rise – each year these Cybercriminals become smarter & bolder.
- In 2014 Sony Corporation had a massive security breach which not only saw data destroyed but stolen and then published online for the world to see!
- In 2015 Ashley Madison had their user data compromised with their members names being published online
- Government data is constantly under threat – even the Pentagon has suffered security breaches
And these are the cases that we hear about – there are a lot of companies today that are getting hacked that we never hear about.
Cybercriminals are broadening their net. No longer is it just big business that is the target – local business is their new frontier, and you could be next on their list!
Gumtree (Australia) suffered a security breach in 2015 – some of its users’ information was compromised during a security attack with hackers gaining access to people’s names, email addresses, and phone numbers.
This should serve as a reminder to all local businesses that you can’t have a “set and forget” mentality when it comes to protecting customer data.
Many local businesses have been the victim of “Ransom” style attacks. This is where the Cybercriminal accesses the website of the business & then prevents the business owner from accessing or using it until a restoration “Fee” is paid.
Other attacks include inserting inappropriate messages on the business website or using the website’s mail server function to send out thousands of spam emails to customers and others.
Here’s an example of one such attack, where the business home page is replaced with content of the Hacker’s choosing:
At best, these sorts of security breeches are embarrassing, at worst they can destroy the business’ relationship with its customers (such as with Ashley Madison).
So, what can you do about this?
First, let’s be absolutely clear – there is no 100% bullet proof solution that will fully protect you – if the Pentagon, with all of its resources, can be hacked – anyone can be hacked!
But that does not mean that you should do nothing & hope for the best. Complacency of that sort is what the hackers rely on.
It’s akin to the joke about the two friends who are on the African plains when they see a Leopard approaching them. One of the friends sits down, takes off his boots & replaces them with running shoes. His friend says, “Don’t be silly, you can’t outrun a Leopard!” To which the friend putting on the running shoes responds, “No, but I only have to outrun you!”
The same approach is required for Cybercrime – you can’t hope to defeat a professional Cybercriminal at a game they are totally focussed on but you can make your online presence more secure than your neighbours. Human nature being what it is, the Cybercriminal will go for the easy targets first – leaving your website alone because it looks to be better protected.
Here are some essential elements that you must have covered if your website is not going to be a “Soft” target:
- Manage all passwords – make sure they are strong (Hint; if it’s easy for you to remember it’s not that strong!) & change them regularly. Don’t have the same password for all of your online accounts!
- Make sure that all people charged with the responsibility of working on your website understand the importance of security (the Sony Hackers gained entry by accessing a folder on a staff members computer titled “Passwords”).
- Keep the software versions of all online properties (eg; WordPress, Joomla, etc for a website) up to date
- Ensure that any plugins or add ons to the website are always up to date
- When staff leave – change all passwords they had access to – immediately
- Have policies in place regarding downloaded files & what can/can’t be opened in email attachments
It’s also a good idea to have some contingency planning in place – know what you will do in the event of a security breech and implement these plans as quickly as possible after an event.
Cybercrime is not going to go away – criminal activity will always be present wherever there is an exchange of some value. Law enforcement only ever provides for consequence after the event & in Cybercime, law enforcement is way behind what the cybercriminals are capable of.
This is a classic case of an “Ounce of prevention” being far better than a “Pound of cure”. Waiting until something happens before you do anything is not a great way to run your business. If you don’t have confidence in your (or your staff’s) ability to capably deal with this – engage a professional. Their fees will be well worth the peace of mind that comes with a well protected online presence.
Dennis is a “Digital Nomad” with an MBA in Marketing Management & has been involved in the online environment for over 15 years. He helps local businesses develop sustainable online marketing programs by applying a strategic focus to laser target what a business needs to be doing & when. He can be contacted at www.communicationcommando.com