It’s a myth that cyber criminals only target large corporations. Our increasing reliance on ever-advancing technology also brings with it threats to businesses, regardless of their size or industry.
A computer environment includes hardware such as physical computers, servers and network equipment, and software that is used to run the business such as Windows, databases and Microsoft applications. Usually the computers are networked through a local area network which may be within the same business premises. Alternatively, the computers could be networked to a larger network (wide area network – WAN), for example for multi-location offices, or warehouses and administration offices located away from the core operations of the business such as a factory. Lastly, the computers could be linked to a global network – the internet (world wide web). This is where the greatest risk lies.
So How Is The Business Exposed To Risks?
The more complex the computer environment, the greater the risk because there are multiple points through which an unauthorised person can access valuable business information. Threats can come from within the organisation, for example disgruntled employees, and also through external means such as hackers. Hackers aim to get into a business and extract information which they use for:
- Vandalism for pleasure by deleting business information
- Exposing system weaknesses
- Malicious damage
Every network has an address, and without adequate security hackers can access any network they obtain the address of.
How Can You Protect Your Business From Internal Threats?
- Proper recruitment practice and undertaking background checks at the employee recruitment stage
- Use of authentication software and unique user passwords to access the network and applications
- Audit trails through the use of exception reports that identify attempts to access privileged information
- Encouraging and training staff on the importance of information security and client confidentiality
- Physical controls on computer hardware
- Data encryption
- Encryption on mobile phones which access the business network and have business emails and information
- Implement appropriate controls if the company allows “Bring Your Own Device” which can access the network
How To Protect Your Business From Intruders: “Hackers”
Hackers pose the most dangerous cyber risk, and normally affect systems which are linked to the internet. They design sophisticated software which they use to penetrate the networks. They can infiltrate a network by sending emails which, when opened, download software in the business computers which they can then use to access the computer network. These emails are called “phishing” – email messages. Once in, the hackers can get access to information enabling them to empty bank accounts. It is therefore vital to have secure controls which prevent intruders from accessing the computer network from any access point. This can be done through the use of software called a “fire wall”. Regular updates to this firewall for new technology protection will reduce the chances of your business being accessed. This is, however, not 100% effective. It is also important to have the computer information stored in a format which cannot be read and understood by third party applications, called encryption. When the data is extracted from the business network it will appear as meaningless, scrambled information.
Other protection measures businesses can take include:
- Having adequate and tested disaster recovery procedures
- Toughening access controls
- Regular secured back-ups of data
- Follow-ups on reviews of penetration attempts to the network
- Having web surfing controls on employees
- Deleting hard drives of data correctly. When you press ‘delete’, it does not mean that the data is gone. Proper hard drive scrubbing procedures will prevent access and abuse of confidential information
- Protection of computer admin pages
UHY Haines Norton’s Business Manager Audit and Assurance, Tadius Munapeyi, has years of experience in cyber risk, helping businesses to manage and protect their data. For more information please contact Tadius on (09) 839-2059 or email firstname.lastname@example.org.