Cyber security is something that concerns us all. If you yourself have not been a victim of a cyber-attack, there is every chance that you know someone, or a firm, that has. From headline breaches in cyber security such as those suffered by Tesco and Talk Talk, the chain of victims runs all the way from governments and multinational corporations down to small firms and individuals.
Where there is data there is a threat
Hackers, by stealing or encrypting your data, can monetise it for their own gain. Simply by withholding your data from you, they can cause huge disruption to your business.
Ransomware is one of the most prevalent attacks. In short, hackers will access files on your system and encrypt them (password protect them). They will then demand payment of a ransom for the return of the data.
This type of attack is something that has befallen many advice firms. The hackers are not interested in the data in these instances – they generally couldn’t care less where your clients are investing their money, nor what their personal details are. Rather, they are interested in disrupting your business.
It’s really a kind of cyber torture. They apply the pain and you pay the price to ease it. And this is a route we have seen some people go down, out of desperation; pay the ransom and hope for the best.
This, in reality, is one of the worst things that you can do. You are at the mercy of criminals and displaying a clear weakness to them. In many cases, the activation key to unlock your data contains further viruses. You become something of a cash cow to the criminals and will be repeatedly targeted.
As ever, prevention is better than the cure. Once your data has been hacked or encrypted, your options are pretty limited. So, how can you prevent the attack?
Full scale prevention is very difficult, but to minimise the disruption to your business, it is imperative that all of your data is regularly backed up on a separate server or cloud. That way, in the event that you do get hacked, you can switch to your back up servers and resume business – the only loss to you will be the time taken to do this and to update the backup data.
Where are your weak spots?
This is the first step. The next step is identify the weak spots in your business. How can hackers gain access to your data?
The answer, invariably, is your staff: you are only as strong as your weakest link. If your staff fall foul of phishing, malicious email, attempts and giveaway their login details, then your system can be compromised.
It is imperative that you train your staff so that they can identify potentially fraudulent contact points. The enduring popularity of email as a means of contact between and within firms, makes this the likeliest point at which you can be attacked.
It is very easy for hackers to identify key personnel at a firm, research their habits on social media and attempt to pose as them. If your staff are receiving emails seemingly from your MD requesting their login details, what are they likely to do at this moment in time?
Ascertaining a firstname.lastname@example.org is as straightforward as it gets, as is posing as that person. Indeed Snapchat, the messaging app, had the details of over 700 current and former employees compromised in such fashion in February 2016 – a hacker simply posed as the company’s CEO and emailed a request for their payroll details.
Given this inherent weakness in every company (human error is almost entirely unavoidable), it is imperative to take steps to limit the likelihood of compromised information.
Beyond training, two-factor authentication is another means of limiting the impact of individual error. Whilst everyone has to enter their login credentials and password to access their work system, two-factor authentication requires the addition of another security step to satisfy before login is granted. Most banks use this system, whereby you enter your login details and then have to use a separate method, such an app on a phone or the carrying of a separate dongle, to create the further password.
Whilst this is not a silver bullet, it lessens the damage that can be done by staff falling foul of unscrupulous contact and makes it significantly harder for hackers to access your system.
Assume the worse
So, you should always assume that you’re going to get hacked, back up your data separately and very regularly, train your staff to spot the difference between official and fraudulent emails and support their inherent weakness with two-factor authentication.
That will take you a lot closer to a secure cyber environment and help you to deal with any breaches as efficiently as possible.
How does Intelliflo help?
The data that is stored in Simply Intelliflo Plus is kept safe by Intelliflo. We keep regular backups of your data and it can only be accessed by a very limited pool of individuals who need to execute certain instructions before accessing it. Beyond that, we constantly run penetration tests on our systems and use mirrored systems to combat attacks.
For more information on our cyber security measures, please call us on 0203 814 2870 or contact your Intelliflo account manager.
Full details of what cookies are, why we use them and how you can manage them can be found by reading our Cookies page.