Big data, online software, sensitive client data, and most of all: large invoices and orders being communicated mostly by email. All these make you particularly vulnerable to cyber attack.
Cyber breaches are so common now they are almost not even news-worthy. All businesses and individuals are targeted with millions of attempted attacks occurring on a daily basis. You may not think your architectural, engineering or planning firm is particularly at risk, but unfortunately you are a primary target, particularly if you are a small to medium business.
Customer information, intellectual property and your firm’s financial information are all at risk. Social engineering and phishing scams can defraud your company of thousands of dollars. Your firm could experience damage to your reputation, business interruption or project delays, and legal action by affected clients.
Small to medium businesses are particularly at risk: There are so many SMEs, employing the majority of the workforce in Australia, and unfortunately, less likely to invest in security. This makes SMEs primary targets.
Social engineering and Phishing
Social engineering and phishing attacks are now the most common form of cyber attack – and the most successful, netting the cyber crooks multi-millions and increasing every year.
These attacks pose a significant threat to data and systems because anti-virus software often can’t protect against them as they work by tricking people into handing over sensitive information.
Some basics on these attacks:
- Phishing emails trick you into clicking on links that can infect their computers or take you to a web page that looks real, but is a fake.
- Social engineers troll social networks to learn personal information and then use this information to gain access to your accounts, and to plausibly impersonate you.
- Common social engineering tactics include:
– Links in emails that take you to malicious websites
– Fake application update notices with embedded malware
– Messages offering rewards for contests you did not enter
– Fake social media profiles, pages or groups
– Apps or games requesting access to your profile information
– Social engineering attacks also happen over the phone
Protect Your Mobile Devices
Mobile devices used for business often contain highly valuable data including email accounts, messages, client information.
Here are tips to protect these little extensions of your corporate network:
- Use a PIN, and clean the screen regularly to clear off tell-tale finger trails.
- Back up your device to a computer or cloud service. Use encrypted backup options for added security.
- Setup remote wipe for all company mobile devices so if lost, the device can be automatically cleaned.
- Turn off Bluetooth except when you are purposely connecting to a known device, otherwise you may be giving those nearby access to your device when you connect.
Get Cyber Insurance:
Carefully confirm the policy you are thinking of getting covers:
- Breaches of corporate confidential information.
- Funds stolen from your customers’ bank accounts.
- Restoring your data including the cost of IT support
- Business interruption
Pay Attention To Legislation:
Australia is stepping up on asking businesses to take cyber threats seriously. Legislation now requires businesses to comply: anti-encryption, Australian Privacy Principles, Notifiable Breach Reporting and more mean those in vulnerable and high risk industries need to take their obligations seriously. Your firm needs a properly designed IT Security and Data Management Policy that all staff understand and comply with.
10 Point Safety Check
These are guidelines you can use to keep your firm and your clients safe.
If you follow these company wide, you will minimise the chance of compromise as these simple guidelines cover over 90% of the likely scenarios to help prevent data breaches and protect yourself.
- Ignore ANY email asking for your login and password. These ALWAYS have criminal intent. NEVER respond to these no matter how genuine they look
- Don’t disable the Anti-Virus or the update processes on your computer
- Don’t respond to requests to update your credit card details – if a supplier needs your cc details, confirm you have the right company by a second method – go to the genuine site yourself
- Prove emails are genuine: Slow down and check where it really came from.
- Confirm with the genuine source – did this really come from the boss? Client?
- Be URL aware – read addresses from right to left
- Be aware of unusual behaviour of your computer – if in doubt, call support
- Your friends or contacts may be infected – be suspicious of everyone
- Don’t overshare on Social Media – its not private
- Use unique, complex passwords and if possible 2 factor authentication
The Right IT Partner
2019 is under way. As you gear up for a fabulous year, look carefully at your IT and your IT support: both need to be up to speed.
Any half-qualified IT consultant can set up a server, source your laptops, install a network switch and help you setup your email. Your firm needs much more than this, your IT Partner should:
- Understand your business
- Have real skills and experience with business risk and IT security
- Have a breadth of skills and experience across all the technologies your firm uses.
- Focus on aligning IT with your business
Frances Russell is an expert on IT and Risk Management with 20 years experience managing technology, security and risk for businesses. Practical, real world experience working with organisations to improve their IT and reduce risk is backed up by solid academic qualifications and relevant industry certifications.
FooForce can work with you to minimise your IT risk. If you would like a chat about any aspect of your IT, feel free to call/email anytime.
Phone: 1300 366 367