At a recent accountants’ seminar, one of the offline discussions was on the subject of firewalls and general email software security and one of the accountants asked what is a cyberattack? A number of explanations were proffered, all correct but all different.
In light of the most recent cyberattack on Carphone Warehouse where the personal details of over 2 million customers were stolen by hackers, we thought it prescient to lay down a clear explanation of what a cyberattack is and provide some handy tips to help safeguard your small business against the threat of cyberattacks.
Please do not be complacent and think that ‘they’re only after the big guys’, every small business that transacts online is a potential target for cyber criminals.
A cyberattack is an attempt by hackers to damage or destroy a computer network or system, or to penetrate and steal information from it. Online software security experts break the cyberattacks into three key categories – Cyber Crime, Hacktivism and Cyber Espionage. Hackmageddon is an excellent resource for tracking the numbers of actual attacks across the three categories and comes with good commentary too.
Kapersky Labs’ Cyberthreat real-time map is an incredible interactive map that shows in real time the scale of various cyber activities taking place across the globe. It rates the UK at the 13th most attacked country in the world and Ireland ranks at a lowly 86. Sometimes – it’s good to be bottom of the class.
In 2014 the online shopping giant eBay was hacked in the United States and the records of some 233 million users was stolen, including usernames, passwords, phone numbers and home addresses. What’s interesting about this cyberattack is that a hacker group called the Syrian Electronic Army claimed responsibility. The same fate befell Domino’s Pizza when another hacker group, Rex Mundi, stole over 600,000 Belgian and French records.
Cyberattacks are not necessarily complicated. We wrote back in April how one of our customers fell foul of a combined phone / phishing scam. In the greater scheme of things her $250 loss was modest but it gave rise to a deep sense of insecurity and fear of where the next online threat would come from.
The threat of cyberattacks is very real for small businesses particularly so as they generally do not have the support systems in place that larger companies do. Their online software security tends to be weaker. Why, well small businesses tend not to have a full time resource dealing with their hardware and software systems. They don’t have the budget either. This role is generally outsourced to a third party company whose responsibility it is to maintain the small businesses’ systems.
But here’s the key – you don’t need your expert IT third party to help you defend against the most common cyberattack threats 24/7. You just need to rigorously and assiduously pursue the following two points and you’ll go a long way to protecting your business from outside attack:
- Make sure that all your electronic communications are encrypted. From the off, encrypt all emails. This is easily done and once set up provides a layer of protection that is very difficult to penetrate.
- Encryption is of little use unless we use strong passwords. Document and communicate to all staff a strict password policy. We’ve championed password security in a previous blog such is its importance. If we take the path of least resistance we’ll let our staff use short, repeatable and very weak passwords. If we are to do the right thing then we must enforce longer, complex and more difficult passwords that are changed on the quarter. Also make sure that no one uses the same password across multiple platforms. Document your password security protocol and communicate it. It’s the only way.
As sure as night follows days the threat of cyberattacks will remain. As software and security specialists come to market with new improved software security products, the cyber criminals in turn, will up the ante and look to find ways to continue their illegal activities.
As small businesses we watch in awe at the scale and volume of the big software cyberattacks on companies such as Carphone Warehouse. As the bigger hacker groups target these larger companies, there are thousands of ‘bedsit’ hackers that are busy preparing cyberattacks on the millions of busy small businesses across Ireland and the UK.
Be vigilant, be prepared, be safe.