3 minute read
BUSINESS CRIME & PROTECTION
How can businesses stay safe?
Joe Burns is a certified ethical hacker and co-founder of Ilkeston-based Reformed IT, a cyber security and IT solutions company. He sees first-hand the damage being inflicted on businesses from cyber-criminals – noticing an increase in SMEs suffering financial losses – and often works alongside police forces to help with breach remediation. Now on a campaign educate businesses of these risks and how to avoid becoming another victim, he speaks to Business Network about some of the questions he’s frequently asked.
WHAT IS THE LARGEST LOSS YOU’VE SEEN A BUSINESS SUFFER IN THE EAST MIDLANDS?
In late 2019, I was called in to help investigate a sophisticated social engineering attack on a business that led to someone transferring in excess of £100,000 to fraudsters from the company bank account.
Social engineering is where the attackers mislead individuals within the business in a way to encourage them to do something they shouldn’t typically do. This could be to reveal a password or information, buy vouchers from a store or, in this case, transfer large sums of money.
The fraudsters usually do this by impersonating trusted people either within the organisation or external authoritative organisations such as banks and IT companies.
THERE HAVE BEEN SOME HIGH-PROFILE RANSOMWARE ATTACKS IN RECENT YEARS. HAVE YOU SEEN ANYTHING SIMILAR WITHIN THE EAST MIDLANDS?
plan, it can cause a lot of business interruption.
Ransomware is a method that has been used by hackers for decades but has become more prevalent in the past 10 years.
It typically works by getting someone in the organisation to run a piece of software on a computer, which then encrypts all data on the network to make files unreadable without a password.
This password will have been set by the attackers and instructions left for the victim to pay a ransom in order to get access to their files again.
Recently, I have dealt with a case where a business in Derbyshire had its server hacked into. The hackers then encrypted all the data and because they had full access to the system, they encrypted the backups as well – leaving the business with no access to its critical files and customer information.
The hackers demanded nine bitcoin (which is valued at £363,000 at the time of writing) to return access to the company’s systems and data.
In the meantime, the business was unable to correctly service its customers without resorting to pen and paper.
HOW CAN BUSINESSES AVOID ISSUES LIKE THIS?
Unfortunately, there is no silver bullet to prevent all the risks from cyber-criminals. Defending against modern cyber threats requires a layered approach to IT security.
If you think of it like protecting a physical building, you start by locking doors and windows, but you may add additional layers like an alarm, CCTV cameras and maybe even a safe for valuables.
Here are some steps all businesses should be taking:
• Ensure people can only set long, complex passwords for systems
• Enable multi-factor authentication, meaning you need more than just a username and password to gain access to systems, such as a one-time code • Keep all systems and applications updated, including computers, servers and mobile phones
• Educate all employees on the modern threats and, in particular, social engineering techniques
• Ensure backups are taken regularly (multiple times per day) and at least one backup is offsite, so it’s not accessible to the systems being backed up
• Work towards the Cyber Essentials standards and certification.
For more information about steps your business should take to defend itself, visit www.ncsc.gov.uk
