SMEs in Ireland are taking grave risks to business by overlooking the dangers of cyber crime. A recent survey revealed that nearly half of SMEs didn’t feel they needed to protect their business against cyber attacks despite listing data protection as one of their biggest concerns. SMEs are as likely to be hit with cyber crime as their bigger competitors but they are less equipped financially and operationally to absorb the impact.
Many businesses have fallen victim to Ransomware, whereby company data becomes encrypted leaving the business paralysed unless a ransom is paid to criminals for the unlocking key. Nearly a quarter (23%) of Irish organisations have been held to ransom by a hacker, and yet the vast majority (93%) assert they would never pay a ransom.
So what practical steps should you take to help protect your business from cyber crime?
Security should be an ongoing process and not something you do every few years. Implementing security systems without proactively maintaining and managing those systems will leave your business exposed.
Security consists of several layers each with a specific responsibility:
- A poorly configured firewall or a firewall that does not offer advanced threat protection is a guaranteed security risk. Firewall policies should be regularly reviewed by experts to ensure that they are offering maximum protection.
- An internet monitoring system helps identify unusual internet activity on your network such as a malware infected device.
- All devices should have an up to date antivirus and antimalware installed and security updates should be applied to address any vulnerabilities.
- Remote access to corporate networks should consist of an encrypted connection consisting of two factor authentication (a username and password along with a unique code generated by a phone app or a key fob that you need to enter when logging in.)
- An email protection system to help block malicious emails reaching employees and minimise their changes of falling victim to a phishing attack.
A security breach at Target in the USA resulted in the theft of credit card details from 40M customers. Criminals gained access by sending a phishing email to an unsuspecting air conditioning contractor who provided them with his username and password. Had Target implemented two factor authentication the username and password alone would not have provided the criminals access and as a result cost the company $162M.
With 200,000 new pieces of malware being identified every day and a hacking intrusion taking 210 days to detect businesses need to get serious about security! The EU’s new General Data Protection.
Regulation will come into force in 2018 and could result in companies being significantly fined for allowing security breaches to compromise their customer data.
Cyber Security is not the new buzz word, it offers a very real threat to every business.
For more information on how you can protect your business from cyber threats, visit –https://novi.ie/