CIOReview
CIOREVIEW >> Critical Infrastructure Protection >>

Cybercrime: The Importance of Knowledge, Preparation and Vigilance

Michael Mullin, President, Integrated Business Systems
Michael Mullin, President, Integrated Business Systems

Michael Mullin, President, Integrated Business Systems

Cyber-safety, a common term used to describe a set of practices, measures and/or actions that protect technology and information from attacks, is a hot topic in business these days. Every company – whether large or small – is a target for cybercrime, and being prepared and vigilant has become an absolute necessity.

Understanding security threats is a good place to start. Today’s most common issues span across five basic categories: 

• Viruses, which infect computers through email attachments and file sharing, can delete files, attack other computers and make systems run slowly.
• Hackerscan “trespass” into computers from remote locations. They then cause the breached machine to malfunction, or use it to host a website, send spam or spread viruses.
• Identity thieves can obtain unauthorized access to personal information, such as social security and financial account numbers. They then use this information to commit crimes such as fraud or theft.
• Spyware, which is software that piggybacks on programs that are downloaded, gathers information about a user’s online habits and transmits personal information without their knowledge.
• Ransomware is a more recent – and rapidly growing – threat. Perpetrators restrict access to software programs and files, most often by encrypting them, and then demand that the users pay a ransom to remove the restriction.

​  Employees should work with their company’s in-house or third-party technical support coordinator before implementing any new cyber-safety measures 

These issues are serious, and they are becoming more prevalent. Symantec, a cyber-security tool provider, reported that security breaches increased by 23 percent in 2014. More than 317 million new pieces of malware were created, averaging to nearly 1 million new threats each day.   

For businesses, the reality of a security breach can be devastating and costly. An IBM study found the “average consolidated total cost of a data breach” in 2014 was $3.8 Mn, and that the cost for each stolen or lost record containing sensitive information was $154. Additionally, consider the costs associated with downtime resulting in lost access to the computing network, or the implications of the exposure of confidential customer data, company financial information and business intelligence.   

How, then, can a company minimize its exposure? First, all devices connected to the business’ computing network should meet certain security standards. Second, and equally important, management should provide staff with the services and training needed to meet these cyber-safety standards.   

In a recently published Employee Hack Guide, IBS outlines seven actions that help protect computers and data. In most cases, the implementation of these security measures takes only a few minutes.  

1. Install OS/software updates. Updates, sometimes called patches, fix problems with an operating system (OS) (e.g., Windows XP, Windows Vista, Mac OS X) and software programs (e.g., Microsoft Office applications). Most new operating systems are set to download updates by default. After updates are downloaded, users are asked to install them. Click yes!  

2. Run anti-virus software. To avoid computer problems caused by viruses, install and run an anti-virus program like Vipre, a product from ThreatTrack. Periodically, check to see if the anti-virus is up to date by opening the anti-virus program and checking the date of the last update.  

3. Prevent identity theft. Never give out financial account numbers, Social Security numbers, driver’s license numbers or other personal identity information unless the recipient is known. Never send personal or confidential information via email or instant messages, as these can be easily intercepted. Beware of phishing scams – a form of fraud that uses email messages that appear to be from a reputable business (often a financial institution) in an attempt to gain personal or account information.   

4. Turn on personal firewalls. Check computer security settings for built-in personal firewalls – and turn them on. Firewalls act as protective barriers between computers and the internet. Hackers search the Internet by sending out pings (calls) to random computers and wait for responses. Firewalls prevent computers from responding.  

5. Avoid spyware/adware. Spyware and adware take up memory, and can slow down computers and cause other problems. Use Spybot and Ad-Aware to remove spyware/adware. Both of these programs are available online for free.  

6. Protect passwords. Never share passwords. Establish a company “safe word” that a support technician requesting your work system login must know. Do not use one of these common passwords or any variation of them: qwerty1, abc123, letmein, password1, iloveyou1, (yourname)1, baseball1. Change your password periodically. When choosing a password, mix upper and lower case letters and use a minimum of eight characters.   

7. Back up important files. Reduce the risk of losing important files to a virus, computer crash, theft or disaster by creating back-up copies. Store back-up media in a secure place away from your computer, in case of fire or theft. Test your back up media periodically to make sure the files are accessible and readable.  

Additionally, employees should work with their company’s in-house or third-party technical support coordinator before implementing any new cyber-safety measures. They should report any cyber-safety policy violations and security flaws/weaknesses they discover, as well as report any suspicious activity by unauthorized individuals in their work area. Finally, staff members should never install unnecessary programs on their work computers. Implementing these measures – and staying on top of them – can go a long way toward helping businesses fight common cyber-security threats and the resulting consequences.

Read Also

Safer, Connected, and Sustainable Transportation

Safer, Connected, and Sustainable Transportation

Tim Turvey, Global Vice President, GM Customer Care and Aftersales General Motors [NYSE: GM]
Ford’s Aluminum F150 an Internal Perspective

Ford’s Aluminum F150 an Internal Perspective

Paul Herbach, Director of Automotive Technology, Olympic Steel [NASDAQ: ZEUS]
The Digital Paradox

The Digital Paradox

Alex Carriles, Executive Vice President and Chief Digital Officer, Simmons Bank
The Promise of Mobile

The Promise of Mobile

Shawn Rose, Executive Vice President, Chief Digital Officer, Scotiabank
We Go Together (or Having It All): Combining Tech and In-Person Banking in the NeighborHub

We Go Together (or Having It All): Combining Tech and In-Person...

Nicole Sherman, SVP, Market Region Manager, Columbia Bank
Leveraging Data to Transform Customer Experience

Leveraging Data to Transform Customer Experience

Brian A. Voss, Director of Wealth Strategic Services,NBT Bank