Cyber security is an ongoing process, not a product

 In Security

I write, and speak, a lot about cyber security. Sometimes I feel like a broken record; but I can’t stop! The hackers and scammers don’t stop; so why should I?

Last week, my team had to help a client out with a payment redirection scam which nearly cost one of their customers a substantial sum (it turned out the breach was on the customer’s end, not our client’s, so I can still hold my head up high). This week another of my clients informed me that one of their distributors – a reputable and important local company of more than 25 years standing in their industry – had been forced into voluntary administration after failing to recover from a catastrophic systems hack.

These are real stories affecting people I know and work closely with; and they’re just the tip of the iceberg. How could I not speak out about cyber security ad nauseam?

The fact of the matter is that no matter what we do to step up our cyber security game – with better systems and more awareness and vigilance – cyber criminals just keep stepping up their own.

Cyber criminals target SMEs

It’s in the nature of smaller companies to be less rigid and bureaucratic; and their flatter management structures often mean that more employees have a wider range of access to critical information and systems.

The increasing emphasis on cybersecurity in large companies, coupled with the smaller spend by many SMEs in the same area, has seen a surge in attacks on small business owners.

You may recall a story from earlier this month about Australian online retailer Sage and Clare who lost $10k in a targeted false billing scam. It was a textbook example of email cybercrime. The criminals hacked Sage and Clare’s email, biding their time until they could insert themselves into a string of correspondence with a supplier to give false bank account details so that the company unwittingly sent their money directly to the criminals.

This case and others like it, including the near miss with my client last week, is part of a recent surge in online fraud targeting small business; but you don’t have to feel completely helpless in the face of all this malicious activity.

All you have to do is plan, act and follow through – just like the larger companies do.

How do you protect your business?

Lowering the risk of cybercrime to your business requires a mix of technological solutions and education. The process looks like this:

  • Plug up all the holes in your technology,
  • enact policies and processes to systematically manage your IT security risks, and
  • then train your people to be vigilant.

Here’s a quick how-to:

 

For more information on this topic, check out my article on how to keep your business IT secure.

You can also take my Business IT Security Quiz to find out how your business stacks up against leading IT security practices.

As always, if it all seems too hard, I’m here to help. Just drop me a line.

Cover image designed by Freepik.

Recommended Posts
Hacker graphicSticker on a lamp post reads "BIG DATA IS WATCHING YOU"