Battling Cyber Crime for PR Scotland.
The Internet, whilst allowing businesses of all sizes and any location to reach new and larger markets and providing opportunities to work more efficiently, theft of digital information has become the most commonly reported fraud, surpassing physical theft.
Whether a business is thinking of adopting cloud computing or just using email and maintaining a website, it is vital for cyber security be a part of the plan. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence.
The Scottish Business Crime Centre is working closely with the Scottish Government in developing the Scottish Cyber Security Action Plan, a multi sector approach to ensuring Scotland is cyber resilient.
Following on from the UK Government announcement of the 10 Step Guide for Cyber Security aimed at getting cyber security recognised at Board Room level, and as part of the Scottish Cyber Security Action Plan, Gary Ritchie, Assistant Director of the Scottish Business Crime Centre, offers his top ten tips on how businesses can protect their own business, customers and their data from becoming a victim of e-crime.
The Glasgow Chamber of Commerce featured the full top ten tips to help raise awareness to how businesses by simply instilling a series of simple practices, can save themselves the grief and financial harm of the consequences of cyber crime. These are listed below:
TRAIN EMPLOYEES IN SECURITY PRINCIPLES
Establish basic security practices to protect sensitive business information and communicate them to all employees on a regular basis. Establish rules of behavior describing how to handle and protect customer information and other vital data. Clearly explain the legal and personal consequences of failing to comply with business policies.
Anti-virus software is essential to ensure you are protected against e-crime. Install, use and regularly update antivirus and antispyware software on every computer used in your business. Software packages are available online from a variety of vendors with many now offering subscriptions to “security service” applications, which provide additional layers of protection. Where possible set the antivirus software to automatically check for updates at a scheduled time of low computer usage-midnight for example-and then set the software to scan the system after the software update.
Also, when applicable ensure your operating system vendors updates are always uploaded which correct security problems and improve functionality.
KEEP PASSWORDS SAFE
One of the simplest ways to prevent e-crime is to regularly change and keep your password numbers safe. For ease we are often guilty of using the same or similar passwords for everything we need to log on to. Although this is convenient, it is bad practice as passwords that stay the same, will, over time, be shared and become common knowledge to coworkers and can be easily hacked.
Passwords should be changed at least every three months and use a mixture of upper and lower case, symbols and numbers for strength.
It may also sound blatantly obvious but it is common for people to save their passwords in a folder named passwords-needless to say criminals will have landed a jackpot if this is found.
Firewalls should be switched on and updated on a regular basis to prevent outsiders accessing data on a private network. They are easily switched on through the control panel facility and significantly reduce the extent to which cyber criminals can gain access to your computer.
Firewalls should be installed on all computers – including laptops – used in conducting your business and maintain their use between your internal network and the internet. If employees work from home, ensure that their home systems are protected by firewalls.
SECURE YOUR WIFI
You should password protect your wifi network with a complex phrase. Not only will this reduce the likelihood of you being a victim of e-crime, it will stop neighbours tapping into an internet network that you pay for -and who would want that?
To hide your Wi-Fi network, set-up your wireless access point or router so it does not broadcast the network name also known as the Service Set Identifier (SSID). In addition, make sure to turn on the encryption so that passwords are required for access. Lastly, it is critical to change the administrative password that was on the device when it was first purchased.
BACK IT UP
Regularly backup the data on every computer used in your business. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files and accounts receivable/payable files. It is advisable to make sure this is done automatically if possible, or at least weekly.
USER ACCOUNTS & DATA ACCESS
Setup a separate account for each individual and require that strong passwords be used for each account. Administrative privileges should only be given to trusted IT staff and key personnel.
Additionally, don’t provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.
CONTROL PHYSICAL ACCESS
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft, so make sure they are stored and locked up when unattended.
Removable storage devices such as USB sticks are a popular tool for storage but also easily lost. In order to eliminate any panic after losing any such device, place a password on it. It will take seconds to do, will save you a lot of grief and certainly annoy any thief who thought they were on to a winner.
THINK BEFORE YOU CLICK
The way you use your mobile phones needs to be taken into account. iPhones, Blackberrys and other smartphones serve as mini computers which have the potential to hold masses of personal information. Increase the safety of using smartphones by placing a password on it to restrict access to personal information.
Facebook and Twitter are now frequently used in the work place both personally and as a key medium for businesses to communicate with their audiences. With employees having access to social media business accounts and also using their own personal accounts social media is becoming a major channel for cybercriminals.
It is easy to become complacent due to its inherent place in our lives but it’s important to remain critical and use social media sensibly.