Cybercrime is on the rise. Protecting your business from cybersecurity attacks – and the potential consequences of lost income, business disruption and damages to your organization’s reputation – requires an ongoing effort and constant vigilance. Learn how to protect your business against cybercrime by managing risks and making it more difficult for hackers to exploit vulnerabilities in your technology, processes and staff.
Cybersecurity breaches are increasingly common
In 2017, almost 11,000 Canadian businesses with 10 or more employees participated in the first Canadian Survey of Cyber Security and Cybercrime1 and reported on the incidents that impacted them. Over one in five respondents said their businesses had been targeted, with large businesses twice as likely to be affected. Incidents ranged from hackers attempting to access unauthorized areas and stealing personal or financial information to installing ransomware and blocking access to data or services unless a payment was made.
A 2017 report from Accenture – based on a survey of more than 250 companies operating in seven countries – found that security breaches were up 27% from 2016 and that the number of ransomware attacks doubled from 2016 to 2017. Companies are spending more money and time to recover from the disruption caused to their organization and customers. The financial costs associated with cyberattacks are up 62 percent over the past five years2, and the time required to resolve malicious code attacks and ransomware are also up, averaging 55 and 23 days2 respectively.
The Accenture study also found that larger firms were more likely to be the victim of denial of service and malicious code, while smaller organizations were more likely to experience malware and phishing incidents.
We’ve all received emails that look like legitimate requests for information – requiring us to click on a link or download an attachment – but that on closer examination seem suspicious.
In the past, these emails were often laughably amateur. But they are becoming increasingly sophisticated. Many hackers will conduct extensive research to tailor their emails with specific and customized details. It’s easy to be fooled.
Clicking on a link may install ransomware or malware on your system that is able to capture keystroke data or corrupt or steal files. Or you may be connected to a site that looks identical to a legitimate site you visit frequently and asked to log in so that hackers can gain access to your passwords, user names or other sensitive data.
Security breaches happen in other ways, too – from clicking on corrupt links on websites or inserting an infected USB drive into your laptop. Hackers can also deliberately target your network system to gain access.
Protecting your business from cybercrime requires a multifaceted strategy. Reduce the weak points in your technology and processes by:
- Establishing strong response, recovery and back-up processes
- Ensuring firewalls, virus scanning software and endpoint security are all in place and updated regularly
- Reviewing anomalies in network behaviour
- Installing network behaviour anomaly detection software
- Limiting access to systems and information based on job duties, and splitting financial responsibilities between employees
Siva Ram, HSBC’s Head of Business Security and Fraud, Global Liquidity and Cash Management, notes that basic precautions to protect your company’s financial systems and identify potential breaches include “multi-level approvals, secure integration between internal and bank systems, and daily account reconciliation to avoid or quickly identify unauthorized payments.”
Processes and internal controls must be consistent across the organization and tested regularly.
Technology, yes, and training too
There are many tools that provide strong lines of defence against cybercrime – from security intelligence systems and advanced perimeter controls to deploying encryption technologies.
Just as important is training. As Ram notes, “most unauthorized access is committed using impersonation fraud…or [through] phishing where it is user behaviour rather than controls on infrastructure that creates the vulnerability.”
This means all staff must be encouraged to adopt a healthy suspicion towards any out-of-the-ordinary emails, Internet links, USB drives and more.
Vigilance is key. Practical tips for preventing cybercrime include:
- Never opening attachments, clicking on links or downloading software from unknown sources or questionable websites
- Reporting unusual behaviour such as pop-ups, long periods with no response or repeated requests to enter security codes
- Using different passwords for different business logins, and changing them frequently
- Not using WiFi on public networks when conducting corporate work
- Taking care to protect your laptop or mobile devices from theft
If a security breach does occur and an employee suspects that they may have inadvertently been the victim of a cybercrime, they must be encouraged to share this information immediately, without fear of repercussion. The faster the breach is identified, the more options you have for resolving the issue and preventing further damage.