Cyber Security in the Workplace
At a recent event Kehorne attended we had the pleasure of listening to a regional Police Detective Sergeant based in the SEROCU (South East Regional Organised Crime Unit – www.serocu.org.uk) Cyber-crime section.
From this event, we received many interesting facts about Cybercrime:-
- The cost of cybercrime to the UK economy in 2011 was £27bn
- A serious security breach costs SME’s an average of £65k to £115k
- According to the latest “State of the Internet” report from Akamai, the number of ‘Distributed Denial of Service’ attacks (DDOS is an attempt to make a machine or network resource unavailable to its intended users) in the second quarter of 2015 hit record highs, DDoS attacks grew in volume by 132% year-on-year and 7% since the previous quarter.
- 22% of company computers are currently infected with the Zeroaccess bug. Zeroaccess is a Trojan horse that uses an advanced rootkit to hide itself. It can also create a hidden file system, downloads more malware, and opens a back door on the compromised computer. (Source – http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99)
- It takes an average of 220 days from the time an employee clicks on a link that downloads a virus to the day someone discovers it.
What is important for us all to realise is that an attack of some sort is almost certainly either coming or has already been. As long as we accept that the weakest link is probably the human one and we ensure that training and an established process for acting upon a threat is in place, then this can go a long way to making resolving the issue as painless as possible.
So how should we approach the issue of making our work environments as safe as possible?
- Ensure all software is as up to date as possible – update your operating system (Windows 10 is currently free and is currently considered the safest platform).
- Have you got an Anti-virus programme and is it up to date and is it scanning regularly?
- Have you got a Firewall? Is it as well set up as it can be?
- Are your passwords strong enough? A two word phrase (unlinked words) with some numbers is better – try mine “Kehorne2016WebSpecalists”!
- Have a process in place so all staff know instantly what they should do in the event of an attack.
- Make staff aware of current scams and email viruses.
- Have control of access to your systems. If a member of staff leaves, the passwords they used (or know) should be changed.
- Back up critical data regularly (after a virus scan) and keep a copy of it away from the internet – cloud based systems often sync with PC systems on a regular basis so the virus can just spread from PC to Cloud before you realise you have one.
So in summary there are many areas that can be worked on that will drive down the exposure to the hackers and viruses out there. Minor changes to working practice can create a major change in your exposure to them.
Do one thing today – change your passwords if nothing else!