Cybersafe for Business
eBook - ePub

Cybersafe for Business

The Anti-Hack Handbook for SMEs

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Cybersafe for Business

The Anti-Hack Handbook for SMEs

Book details
Book preview
Table of contents
Citations

About This Book

By the time you finish reading this, your business could be a victim of one of the hundreds of cyber attacks that are likely to have occured in businesses just like yours.

Are you ready to protect your business online but don't know where to start?

These days, if you want to stay in business, you pretty much have to be online. From keeping your finances safe from fraudsters on the internet to stopping your business being held to ransom by cybercrooks, Cybersafe For Business gives you examples and practical, actionable advice on cybersecurity and how to keep your business safe online.

The world of cybersecurity tends to be full of impenetrable jargon and solutions that are impractical or too expensive for small businesses.

Cybersafe For Business will help you to demystify the world of cybersecurity and make it easy to protect your online business from increasingly sophisticated cybercriminals.

If you think your business is secure online and don't need this book, you REALLY need it!

Frequently asked questions

Simply head over to the account section in settings and click on ā€œCancel Subscriptionā€ - itā€™s as simple as that. After you cancel, your membership will stay active for the remainder of the time youā€™ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoā€™s features. The only differences are the price and subscription period: With the annual plan youā€™ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Cybersafe for Business by Patrick Acheampong in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
PublishDrive
Year
2021
ISBN
9789887596202
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Chapter 1: The Threat

C1

The rate at which Cyber attacks are growing is astonishing. In 2016, McAfee labs estimated Cyber attacks were running at about 400,000 per day. Only a decade earlier, it was just 25!
A billion personal records are now stolen each year, degrading trust in the organisations victimised, and in the internet itself. The scope of cyber attacks has broadened exponentially too. Where once individual retailers or banks were targeted, now entire supply chains, financial networks, and stock markets may be targets, potentially affecting the integrity of international financial systems, or the GDP of an entire country.
Small and medium-sized enterprises (SMEs) like yours and mine are a popular target for hackers and ransomware because we tend to have fewer resources available to battle cyber security than large organisations do. Over 150,000 U.S. SME websites are infected by malware at any one time, and have been involved in nearly 45% of all data breaches. It's fair to say the numbers are unlikely to be better internationally.
Many SMEs falsely believe they're too small to be targeted. If thatā€™s what you think, remember this ā€“ even a 'smaller' ransom of a few hundred dollars is still highly profitable for cyber criminals. Remember, they are targeting large numbers of SMEs.
As a director and/or owner of a business, you know you have a legal and moral responsibility to clearly understand how you are protecting your business, customers, and staff from online risks., e.g. harassment, copyright/IP usage, customer data privacy, improper material being sent or received. However, thatā€™s not all. Financially, European Union courts can hit you with a fine of up to 4% of your total revenue for a data breach involving their citizens, regardless of where your business is based!
If thereā€™s one thing that you should keep in mind when thinking about internet threats, itā€™s this: assume that you WILL get attacked at some time. With that in mind, you need to be very clear on governance in your business, i.e. who is responsible for your businessā€™s cyber security? You need to ensure you have a very clear policy on escalation when there is a cyber issue, and when to call in external entities, e.g. law enforcement, lawyers, PR, I.T. security firms, etc.
Many businesses neglect this, but if you use third party vendors for your critical systems or supply chain, then you also need to assess the cyber risk factors associated with these vendors. This may be challenging to do, but even a rudimentary audit should catch the most glaring issues. If your company is unable or unwilling to do it yourself, then you can use a company like CyberGRX to audit your third party vendors. If a supplier is unwilling to provide this information, then it is worth your while to rethink whether you want to be in that business relationship.
The rise of the mobile workforce has made it challenging for I.T. teams in larger enterprises, let alone SMEs, to protect data that is created outside of the businessā€™s firewall. Simplifying data protection for laptops and mobile devices begins with providing backup to your mobile workforce, and giving I.T. one place to manage all of your business deviceā€™s data protection needs, regardless of whether it is a business supplied device or a personal device used under a Bring Your Own Device (BYOD) scheme.
An increasing area of threat for SMEs is the Internet of Things (IoT). As IoT devices are always connected and always on, they go through a one-time authentication process, making them perfect sources of infiltration into an organisationā€™s network. As a result, these IoT gateways need to be better secured to improve the security of your overall business cyber infrastructure.
There are software tools such as WhiteOps that monitor the network data flow, identify malicious bots, flag suspicious files, and analyse them for destructive or malicious intentions; invest in them. These may seem like small measures, but they play a big role in the overall IoT security strategy.
If all else fails, at least be prepared for potential security breaches. Eventually, they will happen, to you or someone else (preferably a competitor who hasnā€™t read this book). Always have an exit strategy, a way of securing as much data as possible, and rendering compromised data useless without wrecking your I.T infrastructure. You should also educate customers, employees, and everyone else involved in the process about the risks of such breaches. Instruct them on what to do in case of a breach, and what to do to avoid one. Employees (in particular any employee that touches data), should take a cyber-awareness course to increase their awareness of the risks, and to improve the cyber security of your business.
Of course, a good disclaimer and Terms of Service (TOS) will also help if you end up dealing with the worst-case scenario.
Before we jump into the various strategies to help keep you safe and secure online, I need to give you a better idea of the threats you face online. The online world is full of various terms relating to the nefarious acts of online neā€™er-do-wells out to do you cyber harm. You will come across these terms on the news, while surfing, or just in conversations with friends and colleagues. This is what some of them mean.

Viruses

Viruses are harmful computer programs that can be transmitted in a number of ways. Although they differ in many ways, all are designed to spread themselves from one computer to another through the Internet and cause havoc. Most commonly, they are designed to give the criminals who create them some sort of access to those infected computers.

Spyware

The terms "spyware" and "adware" apply to several different technologies. The two important things to know about them are that:
  1. They can download themselves onto your computer without your permission. This typically happens when you visit an unsafe website or by way of an attachment
  2. They can make your computer do things you don't want it to do. That might be as simple as opening an advertisement you didn't want to see. In the worst cases, spyware can track your online movements, steal your passwords, and compromise your accounts

Botnets

Botnets are networks of computers infected by malware (computer virus, key loggers, and other malicious software) and controlled remotely by criminals, usually for financial gain or to launch attacks on websites or networks.
If your computer is infected with botnet malware, it communicates and receives instructions about what itā€™s supposed to do from ā€œcommand and controlā€ computers located anywhere around the globe. What your computer does depends on what the cyber-criminals are trying to accomplish.
Many botnets are designed to harvest data such as passwords, social security numbers, credit card numbers, addresses, telephone numbers, and other personal information. The data is then used for nefarious purposes such as identity theft, credit card fraud, spamming (sending junk email), website attacks, and malware distribution.

Phishing

To summarise Wikipedia, ā€œPhishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising oneself as a trustworthy entity in an electronic communication.ā€ The word sounds like fishing due to the similarity of using bait in an attempt to catch a victim.
According to research by Verizon, about 30% of phishing mails get opened, while approximately 11% of attachments in these emails also get opened. The average marketing email gets opened less than 1% of the time. How the villains behind these emails are getting this level of open rate should be the subject of a case study on marketing! There appears to be a clear mismatch between the false confidence people have over their ability to spot a phishing email, and reality. Interestingly, according to a Webroot survey, fully 79% of people claimed they would be able to distinguish between a phishing message and a genuine one, but then nearly half (49%) also admitted to clicking on a link from an unknown sender. A further 48% said they had experience of their personal or financial data being compromised by a phishing message. This level of hubris is what leads to bad outcomes for people at a personal and professional level. Thatā€™s why I wrote this book, to help you combat this.
Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to a legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors, or IT administrators are often used to lure victims. Phishing emails may also contain links to websites that are infected with malware.
The emails cyber-criminals send often urge you to act quickly, because, for example, your account has been compromised, your order cannot be fulfilled, or some other seemingly logical reason.
Two other types of phishing attack that are gaining in popularity are Zombie Phishing, and the use of URL shorteners. Zombie Phishing happens when attackers take over an email account and reply to an old email conversation with a phishing link. Because both the sender and subject are familiar to the recipient, the recipient is more likely to accept the email as being genuine.
URL shortening is a service provided by companies such as Bitly or TinyURL. These services allow users to shorten really long URLs, typically to blogs, offers, etc., so they take up less space. You may have seen URLs that look like this example of URL shortening: https://tinyurl.com/m3q2xt. These links are rarely blocked by URL content filters as they donā€™t reveal the true destination of the link. Also, users who are generally vigilant and wary about suspect domain names might be less likely to identify a shortened link as malicious.
While email is still the number one form of phishing attack, cybercriminals are also using a variety of other methods to trick their intended victims into giving up personal information, revealing login credentials, or even sending money. Increasingly, phishing involves SMS texting attacks against mobiles, or the use of messaging on social media and gaming platforms. The first half of 2019 alone saw a 50% increase in attacks by mobile banking malware compared to 2018. This malware ...

Table of contents

  1. (Untitled)
  2. Copyright
  3. (Untitled)
  4. Foreword
  5. (Untitled)
  6. Introduction
  7. Chapter 1: The Threat
  8. Chapter 2: Keeping It Simple
  9. Chapter 3: You are the Weakest Link
  10. Chapter 4: Secure Your Gates
  11. Chapter 5: Secure Your Stored Data
  12. Chapter 6: Letā€™s Backup A Bit
  13. Chapter 7: Email
  14. Chapter 8: Secure Communications
  15. Chapter 9: Is Your Business Being Held To Ransom?
  16. Chapter 10: Safe Commerce
  17. Chapter 11: Donā€™t Be Denied Service
  18. Chapter 12: Ensure Youā€™re Insured
  19. The Last Word
  20. (Untitled)
  21. CyberSafe Checklist For SMEs
  22. Further Reading
  23. (Untitled)
  24. Additional Resources
  25. Tools And References
  26. About The Author
  27. (Untitled)
  28. Glossary & Index