Crime, like illness, is barely a part of normal consciousness – until it happens to you. In 2017, the American Insurance Journal recorded 53% of US businesses had been maliciously targeted online. However, there remains a remarkably large percentage of business owners out there for whom it’s barely a reality. The latest computing developments – as well as the human fascination with remote storage and control – is changing that.
The reality for businesses in 2019 is online criminality is evolving at a rapid pace. In a December 2018 article, Forbes sampled a host of industry voices on the issue. Notable among many alarming emergent and persistent cyber security issues, malware accidentally introduced by staff remains the biggest threat to this day.
Crooks are also expanding the monetisation of their endeavours, finding innovative new ways to glean illicit funds from harassed, captive, or robbed business owners. Criminals are targeting smaller concerns too, for more immediate bread and butter ransom payments.
Unprotected data is a liability
No matter how glorious it is to be swimming in a data lake, if someone can pull the plug, it’s not an asset. To whatever extent your IP, systems and data are a huge aid to business, that’s how much of a crippling liability they can become under someone else’s control.
Particularly with modern leaps and bounds in cloud storage and remote access, AI is being gleefully applied to businesses large and small. AI has yet to supersede dedicated cyber security agents, however. As fast as the world advances technologically, crooks are just as fast working the same new advances and apps to siphon off funds. Indeed, up to $600 billion annually is lost to global business from online criminal activity. Computing might have become far more intelligent and intuitive overall, but human error remains. Failing to cover basics like including regular training with staff often comes back to haunt business owners.
Accidental lapses aside, cyber crooks are also finding new ways to hold businesses hostage, such as simply “contaminating” data while avoiding outright theft. Once accessed by third parties, a business’ data becomes unusable, and the criminals play the waiting game. They’re hoping the disruption to daily business and ensuing frustration prompts a payment that ensures they’ll “fix” a company’s systems and release usable data.
In a nutshell – even if it hasn’t troubled you to date – the next five years will see a huge increase in smaller, “softer” targets gobbled up online. The days of only large corporate concerns being worth the hacking hassle are over.
Common cyber security misconceptions
Are you guarding the online security gate in your business? Is your cyber security preparedness on a par with a large corporate like, for example, the Marriott Hotel group? They spend a large amount of money each year protecting their and their guests’ personal and financial information, yet they were hacked in 2018. This points to the first misconception below: that data in itself has no value unless related to immediate financial access.
- Online crime is only about stolen or ransom money. False. Cyber thieves have an entire universe operating out of sight, where trade-offs and later monetisation of hacked data come into play.
- Similarly, “hacking” is all about credit card details. This is completely untrue. Headlines aimed at consumers tend to highlight consumer issues, but that shouldn’t obscure the fact that online penetration has a host of more insidious implications than illicit spending.
- Cyber criminals only go for the big fishes – no one could possibly care about my little venture. Gains might be bigger at larger concerns, but they’re typically more sophisticated and impenetrable in their approach to online security. They also usually have the funds to pursue matters criminally, when possible. It’s simple maths, if seven smaller business breaches add up to one large hacking success! There’s an entire fraternity of cyber criminals who specialise in just such a quantitative approach, knowing full well they’ll find far easier pickings as a rule.
- If software is up to date, no hacker has a prayer of accessing me online. This contains both a truth and untruth. Looking at graduates as an analogy, it’s applying and extrapolating what’s been learned at university that will really propel a career, not the qualification itself. So too is it essential to build a personalised security system, as merely buying the latest antivirus is no guarantee that systems are impenetrable. It’s essential to build commercial cyber security just as one builds a business. The process is careful, calculated and deliberate, resulting in a tailored setup that plugs every possible outside reach.
When realising the overall success of online security rests with a small (or larger) contingent of personnel, implementing online security needs to be a strategic and professionally designed process.
Online security begins with people
Perhaps counter-intuitively, watertight online security begins with the human factor. Regular staff training needs to go hand in hand with tech updates and maintenance. Spend time on training. Develop policies such as a prohibition on opening mails that meet certain criteria. Phishing is still huge business. Indeed, canceling out the prospect of human error – whether intentionally enacted by disgruntled employees or legitimately erroneous – needs to be the first consideration in online security.
Coupled with catering for the human factor should be the optimisation of tech, systems and storage. Developing a security culture and environment can be the difference between embarrassment and collapse. When there’s flimsy backup protocol in place, or limited safe storage or irregular maintenance, a breach can literally shut a business down.
Cyber security – much like a great company mission statement – truly involves everyone online in the name of business. Phishing mails, external (personal) storage devices and suspicious activity need to trigger secure protocols in every member of the team. It needs to include up-to-the-minute professional monitoring. It needs to anticipate malicious human intent from those close and those remote. Finally, it needs constant, ongoing testing and maintenance. Only by taking this approach can you enter 2020 as a business owner who keeps intruders out and day to day commerce running smoothly.
[Image via: Google Images]