Is Your Business Safe From Internet Criminals?
It is estimated that complacency over cybercrime cost business more than $3 trillion globally in 2015 & whilst a large percentage of that cost was borne by multi-national corporations, local businesses also suffered substantial losses as a direct result of Internet criminals targeting their business online. In a presentation by the CEO of Microsoft, Satya Nadella, the following numbers were shared to illustrate that 2015 was a bad year for cybercrime:
- 160 million customer records compromised
- 229 days on average between infiltration and detection
- $3 trillion of market value destroyed
Since then, cybercriminals have got even busier – & a lot more sophisticated!
In November 2017, Uber had it’s database hacked with thousands of user’s profiles being made public. Earlier that year, in August, Pizza Hut in the USA reported that personal data of close to 60,000 of its customers had been compromised.
Then there is the rise of “Ransomware” – where a malicious piece of code encrypts all the data on a computer & the only way to access it is to pay a ransom for the “Unlock code”.
All up, it is estimated that Hackers stole a total of more than $130bn from consumers in 2017, according to a recent report from cybersecurity firm Norton.
But let’s put some perspective to this, criminals have been with us for as long as people have done business with each other;
Highwaymen robbed merchants on their way to/from market, bank robbers have been targeting banks since day one, burglars target poorly protected premises – so it should be no surprise that criminals are online too – looking for opportunities to make a fast buck at your expense – and that’s what Cybercrime is all about.
Here’s the thing about Cybercrime though – whereas criminal activity in the past has been limited by geography, the internet immediately removes that restriction. A cybercriminal can strike out at anyone, from anywhere & at any time.
In the same way that the internet has removed barriers for carrying out business globally & at high speed (through more efficient communications) it has also provided Cybercriminals with the same opportunity!
Cybercrime is most definitely on the rise – each year these Cybercriminals become smarter & bolder.;
- In 2014 Sony Corporation had a massive security breach which not only saw data destroyed but stolen and then published online for the world to see!
- In 2015 Ashley Madison had their user data compromised with their members names being published online
- In 2017 the US credit firm Equifax suffered the worst data breach in history when sensitive data of more than 143 million people, including social security numbers, addresses, banking information, etc. This information is valued in around 30$ per record on the black market, making a potential deal for cybercriminals of 4.2 Billion USD.
- Government data is constantly under threat – even the Pentagon has suffered security breaches!
- In September 2018, Facebook reported that up to 50 million of its users data had been compromised
And these are the cases that we hear about – there are a lot of companies today that are getting hacked that simply don’t get reported.
Cybercriminals are broadening their net. No longer is it just big business that is the target – local business is their new frontier, and you could be next on their list!
This should serve as a reminder to all local businesses that you can’t have a “set and forget” mentality when it comes to protecting customer data.
Many local businesses have been the victim of “Ransom” style attacks. This is where the Cybercriminal accesses the website of the business & then prevents the business owner from accessing or using it until a restoration “Fee” is paid. This is the area that ransomware has seen enormous growth – with many businesses denied access to their data until the ransom (anywhere from $1,000 – $10,000) is paid – usually by way of a Cryptocurrency transfer (such as with Bitcoin).
Other attacks include inserting inappropriate messages on the business website or using the website’s mail server function to send out thousands of spam emails to customers and others.
Here’s an example of one such attack, where the business home page is replaced with content of the Hacker’s choosing:
At best, these sorts of security breaches are embarrassing, at worst they can destroy the business’ relationship with its customers (such as happened with Ashley Madison).
So, what can you do about this?
First, let’s be absolutely clear – there is no 100% bullet proof solution that will fully protect you – if the Pentagon, with all of its resources, can be hacked – anyone can be hacked!
But that does not mean that you should do nothing & hope for the best. Complacency of that sort is what the hackers rely on.
It’s akin to the joke about the two friends who are on the African plains when they see a Leopard approaching them. One of the friends sits down, takes off his boots & replaces them with running shoes. His friend says, “Don’t be silly, you can’t outrun a Leopard!” To which the friend putting on the running shoes responds, “No, but I only have to outrun you!”
The same approach is required for Cybercrime – you can’t hope to defeat a professional Cybercriminal at a game they are totally focussed on, but you can make your online presence more secure than your neighbours. Human nature being what it is, the Cybercriminal will go for the easy targets first – leaving your website alone because it looks to be better protected.
Here are some essential elements that you must have covered if your website is not going to be a “Soft” target:
- Manage all passwords – make sure they are strong (Hint; if it’s easy for you to remember it’s not that strong!) & change them regularly. Don’t have the same password for all of your online accounts!
- Make sure that all people charged with the responsibility of working on your website understand the importance of security (the Sony Hackers gained entry by accessing a folder on a staff members computer titled “Passwords”).
- Keep the software versions of all online properties (eg; WordPress, Joomla, etc for a website) up to date
- Ensure that any plugins or add ons to the website are always up to date
- When staff leave – change all passwords they had access to – immediately
- Have policies in place regarding downloaded files & what can/can’t be opened in email attachments
It’s also a good idea to have some contingency planning in place – know what you will do in the event of a security breech and implement these plans as quickly as possible after an event.
Cybercrime is not going to go away – criminal activity will always be present wherever there is an exchange of some value. Law enforcement only ever provides for consequence after the event & in Cybercime, law enforcement is way behind what the cybercriminals are capable of.
This is a classic case of an “Ounce of prevention” being far better than a “Pound of cure”. Waiting until something happens before you do anything is not a great way to run your business. If you don’t have confidence in your (or your staff’s) ability to capably deal with this – engage a professional. Their fees will be well worth the peace of mind that comes with a well protected online presence.
Article provided by Dennis Hall
Dennis Hall has an MBA in Marketing Management & has been involved in the online environment for over 15 years. He helps local businesses develop sustainable online marketing programs by applying a strategic focus to laser target what a business needs to be doing & when. He can be contacted at www.communicationcommando.com