19 Dec
2022

Don’t Let Hackers Kill your Business

I don’t know about you but, every week, I receive four or five phishing emails that are attempts to inject a virus or some other malware into our IT network. The emails are very plausible: click here to view our invoice, your PayPal account has been debited with £550 or thanks for making the purchase - if you didn’t click here.

I attended a recent Travolution Cyber Summit that looked at IT security and how vulnerable we all are to attack. It really brought home to me, how careful your business needs to be to guard against this. The scariest stories related to how cyber-criminals manage to bring your entire IT environment to a halt or infiltrate business IT systems, hijack customer data and hold this to ransom. A recent study by IBM Security found that the average cost of lost business to US companies was $1.52 million.

The stories that were told at the Cyber Summit seemed to indicate that, for many businesses, once their systems were breached they had no choice but to pay the ransoms being demanded and hope that the hackers would then release their systems or agree not to put their customer data on the open market. The more successful hackers were those that built-up a ‘business’ reputation for releasing locked up systems or destroying stolen copies of customer data once ransoms had been paid. Victims were more likely to pay ransoms if hackers were known to respond to payment positively.

So, what can you do?

I am reminded of an association to which I belong. It lost £69,000 to confidence tricksters who phoned their office, masquerading as their bank and persuading an unwitting employee to transfer money out of the association’s bank account. You will have read about this kind of trick. In a subsequent independent enquiry commissioned by the association, it found that no anti-fraud training had been given to employees. So, this is my first suggestion to you that, if you have not done so already, you provide training to your staff and management so that they understand when not to open an email, when not to click on a link, when not to respond to unusual requests on the telephone. This will straight away slam shut quite a few doors that hackers and tricksters are trying to open.

Of course, hackers may still get into your system. For example, I have heard stories of disgruntled employees providing hackers with passwords into systems, allowing them easy access to create havoc by shutting down systems until a ransom is paid. It is very difficult to guard against this but there is a simple way to remedy it.

If you are old enough, you will remember when you had a computer server in your offices. At the end of each day, you would run a back-up onto a tape cassette. You would take the tape home, just in case the offices burnt down that night. If you were thorough in your back up procedures, you would have, perhaps, five or seven tapes, one for every day of the week.

Nowadays, our software is mostly in the cloud but it can still be hacked. Your data will likely be backed-up every day but if this is being done by your system provider, do you know what their back-up strategy is? I would suggest that you should follow the strategy of old and have a series of daily back-ups, at least seven. In the event of being hacked, you can restore successively older back-ups until you find the one that was recorded before the hack took place. You can then restore this and get your business back into action. You may lose a few days’ work but that is far, far better than the business being shut down whilst IT specialists work away at trying to cleanse your system of its malware infection. Do make sure the back-ups are being recorded on a separate server to the one serving your business so that they stay hack free.

Cyber security needs to be taken very, very seriously but, as I have demonstrated in my couple of examples, there are some quite simple actions you can take to keep your data and your systems safe.