You don’t have to run faster than cyber crooks – just faster than other businesses
Wednesday, July 10th, 2013
A version of this article first appeared in the Daily Record’s Edinburgh Now supplement
Pssst. Wanna buy a used password? One careless owner. Guaranteed access to Facebook and email – and for a smart, web-savvy buyer, that’s like being handed the keys to the safe. Yours for a fiver.
The black market trade in your online information has never been bigger. Your data is under siege and the cost to Scottish business is a mind-boggling £5 billion a year and rising.
Despite that figure – £158 lost to cyber crime in Scotland every second – the problem still feels like one of those vague issues that only happens to other people, right?
The kind of gullible fools who believe an exiled Nigerian prince really does want to transfer a large sum of cash into their bank account, or that HMRC wants to give them a whopping tax refund.
Think about this then: how would your business measure the cost when days or weeks worth of emails didn’t get through, because your web address was blacklisted for spamming?
Likewise, many small or medium businesses can’t put a clear cost on those all too frequent IT meltdowns and failures that can be caused by viruses and malware. An ICM Survey estimated that such tech interruptions cost SMEs an average of £1540.
Still not convinced? Maybe you reckon the shadowy threat of cyber crime is only a worry for the big players?
Understandable, since Edinburgh’s major banks and financial institutions need dedicated teams of experts working round the clock to prevent malicious online attacks which can come from major foreign powers or highly-organised global crime gangs.
It could well be that the perceived foreign provenance of this problem is what makes so many of us look the other way. If cyber crime is the work of gangs in Eastern Europe or China then how is a moderately-sized enterprise in Dalkeith, Haddington or Livingston ever going to blip on their radar?
Wrong on both counts.
For one, size doesn’t matter to the online bad guys. The Federation of Small Businesses in Scotland says four in 10 of its members have been targeted by cybercriminals in the past year, suffering an average of £4000 in losses each time. Ooyah.
And business people now have to look much closer to home. At a recent cyber crime summit in Edinburgh, Detective Superintendent Steven Wilson, Head of e-Crime, Specialist Crime Division, with the Police Service of Scotland, said:
“We are seeing a significant increase in this activity at home, with Scottish gangs heavily involved. These are organised criminals who may also be involved in the drug trade and other such activities.”
Threats aren’t only from outside. Slapdash and cavalier attitudes to online security from your own people can be the biggest hurdle to beating cyber crime.
No matter how hard you work to educate staff and colleagues, there is always going to be the doofus who sets their secure sign in information as ‘password’, the digital equivalent of putting out a welcome mat for cyber crooks.
There’s no real reward for workers who practice good digital habits. Balance that against the annoyance of trying to remember regularly changing passwords and the inconvenience of forgetting them and being locked out of your PC.
But there is some cause for optimism, as I found out at a recent E-Crime Scotland Summit, hosted by RBS at Gogarburn where I learned the 80:20 rule. Any SME which puts in a 20% improvement in anti-virus software and firewall will reduce the risk of online crime by 80%.
That was backed by the man from Microsoft who told delegates that 99.9% of attacks exploit loopholes and vulnerabilities that are already well-known. Simple housekeeping – updating ‘patches’ for your computer operating system – can make a massive difference.
Personally I had a wee lightbulb moment at that point and stopped thinking about online security as a relentless rearguard action I was destined never to win – and more like a case of business ‘bear sprinting’.
As in the old joke about the two hikers who find themselves being chased by a bear. One of them stops to take of his boots and pull on a pair of trainers. in disbelief the second hiker says: “They won’t help you run faster than the bear.”
To which the first man retorts: “I don’t have to run faster than the bear, I only have to run faster than you.”
So how can we help?
If you have any comments or questions, please contact us.