8 ways British SMEs can fight hackers and prevent cyber crime

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://realbusiness.co.uk/article/32581-8-ways-british-smes-can-fight-hackers-and-prevent-cyber-crime

Few people could believe that TalkTalk, the communications network, could
be taken down by a 15-year old boy beavering away in his bedroom. But with
the extra marital dating site Ashley Madison being taken down and Mumsnet
being hacked into over the summer, it is clear that few businesses can
totally protect themselves from cyber crime.

SMEs are an attractive prospect for cyber criminals; they can often hold a
mass of client data and/or provide client services online, often through
interactive websites or retail sites.

But what actions can you take to prevent a hacker accessing your site
and/or redirecting your customers elsewhere? How can you ensure that
customer data is protected? And what can be done to minimise the potential
for a data breach?

Ask the chief information officer of any blue chip company what would be on
their top ten list of strategic priorities lists, and most would list big
data and cyber crime among the top items.

Your business should take the same approach. The increasing amount of
customer-sensitive data and the move to an ‘everything online’ digitisation
model has put the management of ‘big data’ firmly on every business’s risk
register.

Buying disk space is part of the equation but making this data safe is a
critical issue, which means understanding the data and ensuring it is
secure.

Furthermore, best practice policies in relation to security need to be
overlaid to ensure that should a regulator, such as the Information
Commissioner’s Office, come knocking there is not too much or too little
information buried in disks spread across your business.

Cyber crime is not just about businesses being under threat from fraudsters
or those looking to cause heavy disruption, there are some other
interesting crimes using wired and wireless access.

Eight new users join the internet every second and 250,000 new viruses are
reportedly being released daily, cybercrime is now a well organised and
highly professional industry. It’s even possible to buy services to launch
denial of service attacks (DDOS) on others’ websites.

The Information Commissioner’s Office serves civil monetary penalties to
organisations, large and small, for failing to take the necessary measures
to keep personal information secure. Where reputation is a significant
asset, a fine for a lack of professional diligence around confidentiality
can be devastating.

But what can businesses do to protect themselves?

1. Make one person responsible for reviewing and managing risks within your
business and do not ignore data management or security issues.

2. Establish ownership for data protection and information security and
make that person responsible to you as the business owner.

3. Put in place some simple but effective data access policies and controls
to systems and key data, as well as detailing who should have access to
what.

4. Understand your data. Where is your business data and your client data?
Design a data strategy or, at least, start with a workable retention policy
which covers both paper and electronic material.

5. Ensure password policies are implemented across the business.

6. Train staff to be aware of potential threats, including bogus emails and
suspicious requests for information.

7. Take advice from a specialist and review your IT security position to
ensure you have a reasonable level of defences against external attacks and
malware, ensuring that penetration tests on your systems are a regular
event.

8. Take an honest view of your capability and consider moving data and
applications to a secure hosted environment.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!