Cybercrime has advanced along with technology. It doesn’t matter if you have one or 100 computers connected to the Internet – understanding the threats posed by cybercrime and training staff to spot them is a must for doing business in the 21st Century.
The scale of cybercrime
Cybercrime covers many illegal and unscrupulous activities on the internet. These include identity theft, fraud, and spreading computer viruses or malicious software known as malware.
Cybercriminals are increasingly focusing on mobile devices such as tablets and smartphones, and on social networks like Twitter® and Facebook®.
Two-thirds of adults have already been victims of cybercrime in their lifetime. You probably think it won’t happen to you but small businesses often have less sophisticated IT security measures than larger organizations, making you an easy target. Understanding the threats and developing an internet policy for employees are essential to defending your business against cyber attacks.
What are the most popular targets?
Common threats include malware and data theft – below we outline what cybercriminals are aiming to achieve in these instances.
The aim of cybercriminals here is to:
- Find out your company credit card details.
- Obtain your online banking access details to steal from your account.
- Access your customer databases – these are either sold on to other criminals or used directly to commit identity theft and fraud.
Espionage and malware
Industrial espionage and attempts to steal your intellectual property (IP) are also on the rise. These crimes are often achieved through malware downloaded without the user’s knowledge as an attachment to programs and even bogus antivirus software.
Most malware transmits data over the Internet, including your browsing habits and other personal information. More dangerous forms of malware include key logging software that records what you type on other websites, such as online banking and email passwords.
How to reduce the risks
Reduce your exposure to these risks by:
- Limiting staff access to commercially valuable information on a need-to-know basis.
- Requiring employees to get permission before downloading any programs.
- Making your staff aware of the risks of IP theft and espionage to prevent them unknowingly providing sensitive information.
Protect your business’s weak points
Cybercriminals will always attack the weak points in your internet security first.
To combat this:
- Make sure firewalls are turned on and your antivirus program is up to date.
- Require staff to review any passwords they use to access their workstations. It’s easy to become lazy about passwords and this can offer an open door for criminals.
- Ensure passwords are long (typically 7−10 characters), contain both upper and lowercase letters, along with numbers. Ensure they aren’t similar to other passwords staff use to access personal sites, like Facebook® or online banking websites.
- Make a point of changing passwords regularly.
- Install a server-based spam filter to reduce spam reaching your business’s inbox.
Two thirds of people don’t have any security solution on their portable devices, so apply all of these practices to mobile work devices with internet access, such as smartphones and tablets.
Security training should be a necessity
It’s hard to control employees using the internet at work to access personal emails or their social media accounts. But it’s important to develop some rules around the use of work computers. You need to control both wasted working time and staff infecting business computers through careless behavior.
Being aware of viruses
Many viruses are spread as email attachments that appear to be harmless. An email will often encourage the reader to open an attachment by pretending to be a joke, video clip, photograph, or some breaking news.
Train staff to avoid:
- Using their work email accounts for personal messaging.
- Opening attachments or clicking on links in emails from friends, colleagues, or unknown people. Infected files can be forwarded to contacts without the sender being aware.
- Using file-sharing networks at work to download movies, videos, or music.
- Being deceived by fake messages or fake websites (known as phishing) that try to manipulate the user into revealing sensitive information such as account details or passwords.
Impress upon staff that internet security is also critical to maintaining the confidence of customers. Compromising customer details or sensitive communications could cost the business both credibility and customers.
When working remotely
Internet security doesn’t end with work computers. Working from home or using mobile broadband or Wi-Fi hotspots also exposes your business to potential threats. Make sure every device connected to the internet has the latest software updates and antivirus protection.
The benefits of an Internet policy
Training your staff to avoid the pitfalls of inappropriate internet use can be as simple as developing a company internet policy with guidelines for safe practice. The benefits of this type of training include a reduction in the risk of security issues arising and improved IT, and online skills in your staff.
Deploying a policy
Your policy should clearly state who’s responsible for implementing the plan and carrying out ongoing monitoring.
If your business has more than a few employees or uses a departmental structure, include a timetable for security implementation so everyone stays on the same page – communication is the key.