Dave Kinsey 2013-06-12 00:43:29
Do You Know Your Cybercrime Risk? How To Get Inside the Mind of a Criminal to Protect Yourself and Your Clients Crime is Business We no longer need to just worry about a teenager in his bedroom hacking into our computer systems. Organized crime now operates and innovates like any other profitable business. Criminals had cell phones and pagers long before the general public. Today they are creating their own encrypted national telephone networks in Mexico. According to the UN, organized crime was a $2 trillion dollar business in 2011. Criminal businesses today have offices, LinkedIn pages, technical support and employees. As the computer technology around us continues to advance, so too does the development of opportunities for the bad guys to infect and hack into your systems. Technology development is growing exponentially. The iPhone has more computing capacity than NASA had when travelling to the moon. It is projected that in the 21st century, we will not experience 100 years of progress, but it will be more like 20,000 years of progress (at today’s rate). This is how one individual can hack into Sony PlayStation and affect over 100 million victims in an instant. Understand Your risk What would be the implications - reputation, legal, regulatory, or personal - if your firm’s data were compromised? The more data we store and produce, the more organized crime can steal. Consider these statistics: • Cyber attacks cost small to medium businesses an average of $188,242, and almost two-thirds of those victimized go out of business within six months (Symantec/ NCSA, 2011). • The average cost per record lost or stolen is $214 (according to Symantec and the Ponemon Institute) – to cover investigation, recovery, lawsuits, containment, customer churn, stock value, etc. • McAfee identifies 2 million unique pieces of malware every month. • All of the major cloud providers have been hacked. • Visa estimates that 95% of the credit-card data breaches it discovers are with small business customers. Eight steps to reduce Your risk While it’s not possible to guarantee complete protection from criminals, there are steps you can implement to dramatically reduce your risk. 1. Implement policy at your firm regarding passwords – including voicemail and mobile devices. Passwords should be stored in encrypted format. Consider policies that enforce long and complex passwords that are difficult to guess and forbid password sharing. Ensure that your accounts are locked out after a reasonable number of bad login attempts. Avoid setting password reminders that are easy to decipher (as these password reminders are easier for hackers to locate). 2. Match the right people with the right privileges. Minimizing the number of administrative accounts makes it more difficult for intrusions to spread, hide or obtain sensitive data. 3. Establish rules and safeguards for remote workers. 4. Be very careful about what you are storing in the cloud. Hackers, malware, and spyware remain serious issues for cloud environments, so you should review the security and encryption policies of your cloud provider. Be especially careful with password selection and storage for cloud accounts. Ensure that the transfer and storage of files are fully encrypted. 5. Stay current. Ensure that your network and computers are regularly patched. Security holes are regularly uncovered and software updates are released to plug those holes. Deploying good, regularly updated anti-virus/malware is also a good logical step and should be part of your security strategy. 6. Employ a network-based security layer. Web content filtering technology substantially enhances protection by eliminating connections between your network and the most likely malware sources. Known distribution sites for malware can be blocked by sophisticated network devices, effectively preventing malware from reaching your systems. Be sure your subscription is routinely updated and properly configured. 7. Encrypt data stored on laptops and USB drives. Thumb drives have been banned by the military because they can easily be lost and can spread malware. 8. Be aware of malware and ransomware precautions. Most viruses and spyware are inadvertently installed by system users. Educate your employees on proper precautions: A. Don’t click on links from emails you don’t recognize; B. Never provide personal information or pay money in response to phishing emails or ransomware. C. Download and install software only from websites you know and trust. Have a question for the IT Expert? Email firstname.lastname@example.org Dave Kinsey is the owner and president of Total Networks. Total Networks is the technology partner to many law firms throughout Arizona. Services include document management, backup and disaster recovery, business communications, and general IT support (for firms with or without in-house technical staff).
Published by Target Market Media . View All Articles.
This page can be found at http://digitaleditions.walsworthprintgroup.com/article/TECHNOLOGY/1428011/163134/article.html.