IT expert issues a warning to SMEs that ignoring security risks could be disastrous and shares his hack prevention tips
Tesco Bank’s online hacking attack has prompted the boss of a Scottish IT firm to issue a stark warning that cybercrime must be taken very seriously – and not just by national and international brands and corporations.
Small and medium enterprises are just as vulnerable and this latest attack is simply another indication of the damage that can be wreaked by hackers, according to Austen Clark, managing director of Clark Integrated Technologies, which works with companies throughout Scotland, including in Edinburgh and the Lothians.
Tesco Bank has more than 7 million customers accounts and confirmed “fraudulent criminal activity” was first identified late on Saturday with about 20,000 customers have had money taken from their accounts, with “suspicious activity” identified in another 20,000.
Clark, a leading voice in the campaign to ensure owners of SMES defend against cyber criminals, has urged businesses to wake up to the realities, saying that the fast-paced and ever changing nature of information technology meaning new potential online risks are arising all the time.
He said: “Many firms may not realise the risk they face from cybercrime. Governments and multinational corporations are large targets but their increase in awareness and investment in defence against cyberattacks are leading to SMEs producing a more viable focus for hackers.
“There is a serious and important message for companies of all sizes that store and handle personal data. People’s personal information must be securely protected at all times.
“While under-reporting is massive, Federation of Small Business statistics show that two thirds of small businesses have been the victim to cybercrime in the past two years, while over a third of small businesses do not report crimes against their business. It’s time for small businesses to sit up, appreciate the potential severity of cyber-attacks and implement good risk management.”
Cloud computing has resulted in work no longer being a place but a task as flexible and home working options increase in the work place. With reliance on multiple internet connected devices only set to rise as well, cybercrime is something that everyone needs to guard against.
“We’ve observed that attackers are exploiting the new opportunities that these new ways of working creates,” adds Clark.
“Attackers are now aware of your weakest locations, such as off-network devices and remote offices, furthermore they now target specific systems and users.
“Attackers have the patience to acquire multiple footholds so then can launch an attack at the proper time – and are more motivated and sophisticated than ever to target company’s data. Data has been the driving force behind the latest attacks and is viewed as the world’s newest currency.”
Clark says businesses can increase their security online by securing their IT, having up to date malware protection, managing user privileges and working towards educating workers and raising awareness to of good practice.
Some of the most basic measures he suggests include:
Allow your software and applications to be updated as soon as possible. These updates often contain vital security updates to protect your devices from new threats.
Never use obvious passwords like ‘password’. Add symbols and numbers and a mix of upper and lower case letters to ensure a strong password.
Delete and block suspicious e-mails and never open attachments or follow links contained within.
Don’t forget smartphones and tablets are at just as much risk from viruses and other forms of malware as computers. Install anti-virus protection, keep it up to date and use it regularly.
Educate your staff on the dangers of cybercrime, both to the business and them as an individual and encourage them to use best practice
Clark added: “The internet brings huge business opportunities but it also brings risks and every single day businesses face cyber-attacks, with attempts to steal information and money, or disrupt business. It is increasingly important to manage these risks to take advantage of the internet whilst protecting your business.
“Focus on protecting data and standardisation and use independent advisers to manage your interests.
“If your business does become the victim of hacking, it’s important to dissect a breach after it has occurred as this can help understand how to prevent it from happening again. However, like most things, prevention is so much better than cure.
“There’s really no such thing as a silver bullet – all systems have weaknesses and vulnerabilities – but there is help and guidance available to help prevent against becoming the next victim of cybercrime.”