At Atlanticus Digital we love the concept of Inbound Marketing and recommend many techniques to attract and convert new visitors to your business.
However, when building a campaign, you also need to think about web security. Neglecting the security aspect of your campaign can involve risks for both you and your customers.
This week we have Cyber Security expert, Ed Montgomery who will give you some essential cyber security tips for your business. Ed has 20 years experience working for various organisations and 8 years working in the cyber security sector. Ed is currently the Account Director for software security firm Uleska.
"I have been working in the cyber security industry for almost 8 years and one thing is for certain, the situation is not getting any better for consumers or business owners. Having spent time in both software and hardware security jobs, we are seeing the same attacks being recycled as new technologies emerge. However, there is hope and by following some very simple and cost-effective measures, we can reduce the threat of cyber risk to our businesses."
Criminals follow the money (online)
IN 2012, I was part of a team that launched a new feature called Banking Protection for consumers – essentially a secure a connection between the user’s device and the banking server. This was to combat the threat from banking trojans, designed to steal your log-in details and then ultimately your money. We had some good soundbites for our marketing collateral, one of which was – Criminals follow the money, which sadly resonates as true today, as it did almost 6 years ago.
Who are the Online Criminals?
Well anyone who has nefarious motive – technically minded pre/post teenagers who are bored and have internet access, free lance hackers who sell their services to other groups on the dark web. Then we have larger scale entities from organised criminal gangs to international terrorist groups, using funds to finance terrorism. The final ‘group’ would be APT, Advanced Persistent Threats, or nation states, who are engaged in international espionage, or even state sponsored ransomware attacks.
Ransom-what? Ransomware attacks
As we said earlier in this article, criminals follow the money. In a ransomware attack, the unwitting worker will download a file with a malicious payload (file with malware) or click on a URL with the same evil properties. The payload will execute and encrypt the files on your machine or worse, spread across the company network, infecting everything and holding your data to ransom! This is happening in Belfast and companies are being asked for tens of thousands of pounds to get their critical business data back. Pay up, or else.
Who is at risk?
Unfortunately anyone who goes online, or has a presence online is a target. The majority of attacks on businesses are BEC – Business Email Compromise. Our reliance on email is the driving force for attackers.
C-Level SPAM
The C Suite are an obvious target – they have public profiles, presenting interesting facts about their personal lives which inadvertently can give a social engineer, critical facts about how to launch an attack on them and which pressure points they are likely to respond to. One very disappointing fact is how criminals (or security pen-testers assessing vulnerabilities) target the charitably minded as they figure they are most likely to say ‘yes’ to a cry for help or quick favour.
What are the 5 steps to make my time online more secure?
1. Backup, Backup, Backup
make sure you back up your information and incorporate this into your business practices, ideally daily. If you suffer a ransomware attack and don’t pay the ransom (usually in the form a crypto currency) you will not get your files back. Even if you do pay the ransom, one recent story from Germany reveals the depressingly inevitable evolutionary step for online criminals to take your money and still wipe your data.
2. Use a password manager
How many passwords do we now use? Far too many to count and remember, so pick a password manager and then you only have to remember one password, as this program will pick strong passwords for you. One option is Key from Finnish cyber security company, F-Secure.
3, Install a VPN on your mobile and desktop gadgets.
A VPN is a virtual private network – private being the key word here to protect your internet traffic from being spied upon on public Wi-Fi networks. We blindly trust Wi-Fi network names like “Shopping Mall XX FREE Wi-Fi" but how we actually know this is a legitimate network? So I use a VPN to encrypt my traffic and make it much harder for the average criminal to compromise my traffic.
4. Install your Updates
Now that we have mobile apps, we are used to having them update themselves regularly and without fuss. You should always apply your patches/updates to your programs as soon as they are available to prevent hackers from taking advantage of vulnerabilities caused by unpatched machines. Recent news alerts from the NSA in the US will confirm how important it is to do this, given the BlueKeep/Wannacry virus just continually re-appearing and leading to Ransomware attacks on US cities. Microsoft had previously stopped supporting Windows XP back in 2014 but had to issue updates in May 2019 because of BlueKeep.
5. IoT/Smart Devices
As consumers we still have the choice about buying smart/internet connected gadgets, or not. If you do feel the need to buy something, make sure you do your research to understand as there are all sorts of security, privacy and obsolescence risks. If the password is hard-coded into the unit, therefore can’t be changed, or not. You want to be able to change the access details yourself after purchase to prevent malicious use of your gadget, its computing power/your electricity or to be used in cyber-attacks. If you can’t change the access credentials, don’t buy it. If you are worried about the device listening in to you, that’s because it probably is, or has been. A smart speaker is connected to the internet, anything connected to the internet can be compromised and you cannot be sure when it is passive versus active. At RSA (a major security conference in the USA), a security researcher was saying in 2018 that 8/10 US CEO’s had a smart speaker in their office – I would suggest, if they haven’t don’t so already, they should be removing them.
Stay Cyber-Frosty!