Cyber security: are you exposed?

Hamish White

WHAT do you know about your online footprint? When you google yourself, what do you find? Increasingly our lifestyles are being digitalised and our information that was once private is now in the global public domain. What are the risks of living in the digital age and what can you do to protect yourself and your business?

External threats

The 2016 business monitor survey from MYOB found that 44 percent of small businesses were concerned about hackers gaining access to their business data. Similarly, 37 percent of respondents were concerned about losing their data. With more of our personal information and financial data being stored in the cloud, there is a greater understanding from the business community about the effects that cyber security threats pose.

Two of the most common cyber security threats that can have the largest impact are virus and malware attacks, and different forms of phishing to try to trick people into providing sensitive information.

Viruses will often be sent to you through email attachments or spam. Once you open the email attachment, the virus will infect your computer — often with devastating effects. You need to be very cautious about downloading or opening attachments from untrusted sources. Even be cautious about downloading from trusted sources, as these can sometimes be compromised.

If you have been infected by a virus or similar cyber-attack then most of the time the only way you can get your data back will be restoring from backups. If you perform regular backups, make sure you test the backup periodically to ensure the data you have backed up is recoverable. If you do not do backups, or the backups are not recoverable, then your data could be lost forever.

One of the best and most cost-effective forms of protection against threats is to make sure you have up-to-date, high-quality security software from a reputable company.

Phishing is very similar to the fishing that you would do on the ocean. It is about baiting a hook to make it look attractive then, once the target’s attention has been gained and they take the bait, they slowly get reeled in. Hackers and scam artists can become masters at phishing, with some making a career out of it.

A common form of phishing is the internet pop-up that says “Congratulations you have won $10,000, click here to receive your prize!” The scam will then usually involve you entering your credit card details or something similar so the “prize” can be posted to you. Once the scammers have your credit card details they will take you to the cleaners.

Another common one around the Gisborne region is a phone call from someone who would like to help fix the virus in your computer. They don’t want to help you, they just want to steal your information and your money.

There are a number of phishing techniques used to obtain personal or company information. As technology becomes more advanced, the phishing techniques being used are also becoming more sophisticated. Remember, if it sounds too good to be true then it probably is.

Internal threatsHollywood often portrays hackers and cyber criminals as super-smart geeks who sit in a dark room in front of a computer creating viruses to attack computers and steal information. Yes, there are people like that out there but more often than not it can be people closer to your organisation who pose the biggest threat.

Activities may not necessarily be malicious, they could be down to processing mistakes or lapses of judgement. The best line of defence you have to protect yourself from fraud or errors within your organisation is to ensure that you have strong internal-control procedures.

Restricting access to sensitive systems is a key part of lowering your IT security risks. If someone has access to everything in your system, the opportunity they have to manipulate information significantly increases.

Segregation-of-duty controls are important in any organisation. For example, the person who is creating payment batches should not be the person who is authorising the payments in the banking application. Simple steps like this help lower your risks of being a target.

Top tips for lowering your cyber security threat level:

• Make sure you have up-to-date security software

• Back up data on a regular basis and test that your backed-up data can be recovered

• Don’t download email attachments if you question the trust of the source

• Use unique passwords for your online banking and email accounts

• Lock your computer when you walk away from it

• Always have a passcode on your smartphone

• Don’t change supplier bank account details without confirming through following up with a phone call

• Design internal controls in your organisation to prevent the opportunity for fraud and processing errors

• If you are unsure on how to protect your business then seek advice from professionals.

Following the simple tips above will help to decrease the risk of being a target or victim of cyber crime. Just like normal criminals, “cyber criminals” are always on the lookout for the weakest link. At its core, cyber security is no different to real-world security — criminals will always take the path of least resistance. Ensuring you are properly protected virtually is no different to securing your home or business with physical security measures.

Hamish White is a certified information systems auditor and chartered accountant at BDO Gisborne, where he heads their information systems team.