How secure is your business?
If you’re reading this and thinking that your current security system should be better equipped for the risks your organisation could potentially face, then start now by preparing more sufficient measures to keep your organisation secure. There are three main factors that are present when evaluating risk: the type of threat, how vulnerable the system is and how important the asset affected is to your business. Security is not something you simply “put in place” and forget about, it’s important for any business especially with today’s landscape; to maintain, update and back up its security systems regularly in order to prevent data breaches and cyber risks.
Types of Malware
A cyber-attack typically targets technology and computer information. It is a method carried out to change, destroy or steal data. Organisations pose as a higher risk compared to single users, but any one of us can become infected if measures in place aren’t strong enough to protect our devices. Malware is the most common form of cyberattack and can be particularly destructive. We normally recognise it through malicious software such as viruses, spyware, ransomware, and worms. Malware works by finding a weak point in the network and creates a breach when the user mistakenly clicks on a link, email attachment or downloads an unsafe piece of software. This creates a window in to the system, enabling the malware to block access, download additional viruses and obtain important information. If unfortunately, your system gets a particularly nasty piece of Malware, it could render your devices unusable all together. Below are some more examples of malware that could pose a risk to your business.
1. Phishing |
Probably the most common of cyber threats, phishing happens when we open a communication exchange, such as an email from what we believe to be a credible source. The individual(s) behind that email will typically have the goal of stealing private data such as passwords, credit card details and personal information. It is important to look out for any abnormalities; including spelling mistakes, hidden email addresses, unusual links and the misuse of details i.e. names and logos when opening an email that you are unsure of.
2. Denial-of-Service (DoS) |
Denial of Service happens when a website becomes too over-loaded with more traffic than it is built to handle. This results in the website preventing users from accessing it’s content by shutting down completely. Naturally this can happen innocently from an over splurge in customers taking advantage of ‘Black Friday Event’, but nine times out of ten an overload in traffic will have malicious intentions. As a result, an organisation can lose access to their system and unable to fulfil genuine requests.
3. Man-in-the-Middle (MitM) |
Do you have an eavesdropper on your line? Man-in-the-middle (MitM) attacks occur when the attacker interrupts a form of communication occurring between two parties who believe they are directly communicating with each other only. Common points of entry for an attacker are an unsecured Wi-Fi network and a device that has been weakened by malware. If you use unsecure network or public Wi-Fi, attackers can access your device by positioning themselves between the device and the network you are using. If malware breaches the device, an attacker can install software that could potentially be accessing your information without you even knowing.
4. Baiting |
This type of scam relies on a victim taking the bait set out for them. The scammer wants to entice the target, such as leaving a USB stick labelled “Confidential” and filled with malware in an area where the target will find it. The scammers aim is to tempt the target into taking action, before they unsuspectedly inject the malware on to their device to see what’s on it.
5. Quid Pro Quo |
This type of scam revolves around some form of exchange – you scratch my back and I’ll scratch yours. However, it usually ends up with the target being worse off. The scammer could pretend to be giving the target help, advice or technical support and instead take control of the target’s device, committing identity theft and stealing their personal data.
Preventing DDOS attacks
You’ve probably heard of DoS, a form of cyber-attack where a perpetrator uses a single internet connection to exploit software vulnerability, but have you heard of DDoS? Distributed denial of service (DDoS) attacks, are launched from not one but multiple connected devices aiming to target an organisations network infrastructure. By using multiple connected devices to flood and infect a server with a greater volume of malware, this type of attack is alot harder to deflect compared to DoS.
Enabling good GDPR within your business
GDPR stands for General Data Protection Regulation. It’s a data privacy and protection regulation slated to officially begin on May 25, 2018.
GDPR is designed to provide better protection of personal data—or personally identifiable information (PII) —to people living in the EU. In order to do so, the regulation imposes new, specific obligations on “controllers” and “processors” of personal data, enforcing major fines if companies fail to be compliant.
When it comes to data privacy, GDPR is a massive step forward in eliminating personal data breaches and establishing a need to receive consent from a user before collecting and using their data.
1. Analyse how your company currently uses data |
Ask yourself some key questions which will uncover whether or not you have anything to worry about when it comes to GDPR’s implementation:
2. Determine what data you need to keep |
If your business has collected a lot of data without any real benefit, now is the time to consider which data is important to your business.
3. Request consent from your customers |
Make sure that whenever your website is asking for personal data, it’s also clearly asking for consent. If you’re collecting data without being clear on how that data will be used, you will need to immediately rectify the situation by allowing users to opt in and choose how their data will be used.
4. Establish procedures for how you company will handle personal data |
You also need to establish policies and procedures for how you will handle data, for example if a customer wishes to have their personal data deleted.
5. Plan ahead incase of a data breach |
Develop and implement safeguarding practices throughout your infrastructure to help contain any data breaches. This means putting security measures in place to guard against data breaches, and taking quick action to notify individuals and authorities in the event a breach does occur. Take a look at our blog ‘Keeping your data secure’, for advice.