T he latest news that hackers are now targeting cargo vessels is just another example of the devious ways that cyber criminals are using to illegally extract money. The criminals in this case hacked into the systems of a shipping firm and planted a virus which enabled them to monitor all emails to and from the firm’s finance department. Whenever one of the shipping firm’s fuel suppliers sent an email request for payment, the virus was programmed to change the payment details within the incoming email. This meant that the bank account number of the hackers was given out, rather than that of the fuel supplier, so the shipping company unwittingly paid every invoice into this bogus account. The fraud amounted to several million dollars before the company realised what was going on, and was perhaps a textbook example of phishing. Instances of cybercrime are happening in every sector of industry, and latest figures report that 61% of data breached this year happened in businesses with fewer than 1,000 employees. The days of “It’ll never happen to us, we’re pretty safe, there’s no need to do anything” are long gone. So – what are the main things that businesses need to do? This is our basic list of things to check to protect you and your colleagues: Make sure all your passwords are strong It’s estimated that 80% of hacking breaches relate to stolen or weak (ie hackable) passwords. Educate everyone in your business to use strong passwords using unrelated words and numbers. For example: ‘thunder Coffee oxygen 1550’ is a much stronger password than ‘Andrew1234’. Test how long it would take to hack your password at www.howsecureismypassword. net
Encrypt your data If a security breach does take place, you must ensure that any data the hackers can access is securely encrypted ie they cannot understand any of the information on your hard drive and databases. A modern encryption algorithm such as AES256 is quick and easy to install and will protect your data should the worst happen. Consider cyber insurance Since the WanaCry attacks, the demand for cyber insurance for businesses has accelerated, as firms have realised this is something they cannot ignore. However if you are considering getting this form of protection it is very important to use an independent broker, and one with specialist knowledge, who can guide you through the options from across the market, rather than from a limited number of suppliers. Scrutton Bland’s insurance brokers can provide independent advice from across the whole market ad can guide you through the right options for you and your business. Insurance cover to consider: Breach costs - this can offer support if your systems are broken into, or if you are subject to cyber extortion where the hackers threaten to damage or release data unless money is paid. Business interruption cover – this may include compensation if you have suffered a loss of income, and also damage to your reputation. Damage to your website and other communications – covers repairs or replacement if your website, intranet and other systems Reputational damage – if the breach of data means that your business loses customers or intellectual property Contact Tim Mulley at tim.mulley@ scruttonbland.co.uk or tel 01473 838404
Know how to spot a phishing email Phishing is one of the most common ways to commit cyber crime. The hackers get you to click on a link in their email and this then installs malware that corrupts your systems – as in the case of the shipping company at the beginning of this article. Look out for emails with poor spelling and punctuation, and which begin ‘Dear Customer’ despite the fact that they ‘contain’ personal information specific to you. If a message from someone claiming to be a ‘professional business’ but doesn’t ring true then trust your instincts and proceed with caution. Be aware of the personal data you have already shared Many criminals rely on the information people have already shared on social media. Earlier this year footballer John Terry had over £400k of possessions stolen when he posted holiday pictures on Instagram, thus indicating to burglars that his house was unoccupied. Your computer security is equally vulnerable, so don’t post public Facebook pictures of your cute dog Archie, and then have a secret password question of ‘what is the name of my dog?’ http or https? If the url address of a web page begins with ‘http’ then the page is unencrypted and any communications you make from that page could be read by a hacker. Whenever you are entering any personal information, and especially if you are entering bank or credit card details, make sure the web page address begins with ‘https’. Keep updating your software The WanaCry attack earlier this year infected large numbers of computers in companies across the world, including the NHS in England. The WanaCry hackers targeted computers which had a vulnerability arising from users failing to update their security software. Once the hackers had found a way in, they infiltrated the central server on the computer system, encrypted all the files and then demanded a ransom to get them unlocked. So the moral of the story is to install updates from your software provider as soon as they are offered.
3 0 | S C R U T T O N B L A N D | L I F E S T Y L E
I N S U R A N C E | S C R U T T O N B L A N D | 3 1
Made with FlippingBook HTML5