To most small and medium business and non-profit organisations the idea that they are a target of cybercrime is farcical. I constantly hear “we are too small to be a target” even from organisations that have predicted revenue in the millions of dollars per year.
Cybercrime targets everyone who has a digital footprint. That includes computers and laptops as well as mobile phones and tablets. It doesn’t matter if it is for work or for home you are still a target.
The problem is “script kiddies”. These are the hacker wanna be’s. They have downloaded a hacking tool, infecting their own computer in the process, and are ready to look for people to hack. Script kiddies make up 80% of the noise on the Internet.
How do you make that target smaller?
There are a number of free and low cost strategies SME’s can employ that improve your security posture dramatically.
Train and educate your staff.
Everyone in the business should also realize that they could be targeted by a cyber-criminal. Could they recognise a spear phishing email? Or being targeted in a social engineering attack. Do they know not to use an unsecured WI-Fi connection when away from the office? They won’t know these rules unless you tell them.
This knowledge comes from training. Your awareness training should not be a one off indoctrination session. It should be augmented with additional training throughout the year.
There are other things that can be done to increase awareness:
- Run a daily security email question – first person to answer it gets a prize. Increase it to a monthly competition and have a substantial prize. Before you balk at the cost, $200 for a weekend away per month is much cheaper than cleaning up a computer or worse a network after a malware attack.
- Have posters about basic security principle around the office. They are available from the Internet at a relatively low cost.
How annoying are those update prompts from Microsoft or Apple? You haven’t got time for that, there is work to do or you have to go home.
Updates are very important to the operating system and applications that you use in your business. Updates are important; they fix problems that have been discovered. These problems allow specific malware to target your computer, tablet or phone, and the download (patch) fixes it. Without the patch you are vulnerable, with the patch you are safe from that attack. Remember the script kiddies – this is what they target.
Paranoia and common sense are your friend
It may seem silly but everyone on the Internet is not your friend. In fact there are a huge number of people out there who want to do you harm.
There are too things that everyone on the Internet need to realize – nothing is for free and see above. So when you see that search article about some celebrity with no clothes on, remember the bad guys are out there and they are after you.
Social media (twitter, Facebook, YouTube and LinkedIn) can be a major problem in this area. You need social media to get your message out there, but how do you know who to protect against.
Making your organisation a smaller target against cybercrime can be relatively cheap and easy. Yes you still need to invest in front line internet facing systems and the like. The difference is the bad guys can lose millions of times and not worry about it, but the good guys need to lose only once.
If it gets through the expensive second generation firewall, it would be a good idea to have your staff on the inside saying – “How come this weird email got through and why are the links pointing to a site in Romania” and delete it instead of clicking on it.