Your Business With James Caan 2017 - 176
PROTECT AGAINST CYBERCRIME
DON'T THINK YOUR COMPANY'S SIZE PROTECTS YOU FROM HACKERS - SMES ARE JUST
AS VULNERABLE AS LARGER BUSINESSES
No business can afford to ignore cybersecurity.
you're facing, you need to formulate an
IT and the internet are so all-pervading - and
appropriate approach to fix it. It's common
the number of threats they enable so high
to assume that a cure-all technology solution
- that doing business without a sensible,
exists that will allow you to rest easy. However,
well-structured cybersecurity policy is like
while technology can help a lot, unfortunately
trying to operate a bank with no security
it isn't a panacea.
guards, no locks on the doors and no safe - in a
town inhabited by millions of potential thieves.
Traditionally, the perceived high cost of
Technical controls should be used as a
layer of your information security strategy to
support the policies and procedures you've
information security has proven to be a barrier.
developed in response to the results of your
However, SMEs should focus on the potential
information risk management methodology.
costs of doing nothing - which can be so high
These controls can bring a lot of value in
as to destroy the company entirely - as well
certain areas, such as protective monitoring
as feeling reassured that a great deal can be
and email filtering.
done at little or no cost simply by maximising
The first step is to conduct a full audit of
awareness among staff and adhering to
your system or systems, and identify where
sensible information security policies.
any sensitive data is stored, processed and
transmitted. Public-facing applications such as
RECOGNISE THE PROBLEM
social media should become a focus of security,
The first step is to be aware of the scale of the
as these applications can provide a route to
problem. "Cybercrime" is a relatively flexible
your internal network. You should think
term but is certainly not limited to large-scale
seriously about deploying a web application
hacking of the type seen recently in parts of
firewall to defend against attacks that could
the NHS. Any company storing and/or using
overwhelm an application or server and leave
valuable data - which, considering that almost
you vulnerable to further infiltrations.
any personal details have value to somebody,
includes almost any type of data imaginable
INFORM YOUR STAFF
- is at risk from criminals breaking into its
One of the simplest - and cheapest - ways to
systems and stealing that data, either for their
protect yourself from cybercrime, and one that
own purposes or for sale on the black market.
should be top priority for any company, is to
A desire to steal data isn't the only reason
a criminal gang may set its sights on your
business. Cybercriminals working on behalf of
make sure the behaviour of you and your staff
minimises opportunities for cybercriminals.
A staggering proportion of cybercrimes are
your competitors, or anybody with a grudge,
facilitated by human error, be it an employee
could be paid to break into your systems and
clicking on a link sent via email as part of a
wreak havoc, by changing or deleting key data,
phishing attack, someone losing a data-
for example, or simply by preventing your
drenched laptop or flash drive on their way
customers accessing your organisation's
home or passwords being leaked. Some even
website, making payments or contacting you.
occur by design. How sure are you that your
You may think that your business is simply
staff aren't colluding with the criminals for their
too small to attract cybercriminals whose
own gain? Several high-profile cybercrimes
sights are set firmly on bigger, juicier prey.
have originated within the organisation.
Sadly, that is nothing more than naivety. The
When your staff understand the value
truth is that smaller companies are usually less
of information security and the steps it is
well resourced and therefore easier to attack.
necessary to take in order to safeguard your
SME's information, you'll find your workforce's
RESEARCH YOUR STRATEGY
entire approach and attitudes changes. Soon
Once you've familiarised yourself with the
reducing cybercrime will become embedded
nature and scope of the cybersecurity problem
within your organisation's culture. □
174 YB2017 IT Solutions jw2.indd 176