In May 2017, the criminal underworld successfully masterminded a hit on a scale that we possibly haven’t seen before.
No one saw the perpetrators. No one used a weapon. No one was hurt.
Yet it managed to bring huge organisations in Russia, Spain and the UK—notably our NHS—to their knees.
It was the WannaCry ransomware attack. Cybercrime. Malware that infects Windows PCs by making them unusable, before demanding payment through a digital currency to allow you to access it again.
Without resorting to scaremongering, not only is every business fair game for attack, we all are. We live in a digital world, where we give away some of our most personal information willingly online.
Crime is intelligent. It can get that data. So who can protect you?
The law isn’t strong
Most offences come under the Computer Misuse Act 1990.
Despite constant amendments since its creation, the year 1990 in the Act’s name should give you a clue as to why current legislation is struggling to address the problem.
Technology moves faster than the law. As the old saying goes, criminals are always one step ahead. Together, they make a dangerous, lightning quick, and mostly untraceable combination.
So, the law is there but it’s ill equipped to deter criminals. That means you are responsible for protecting both yourself and your business against attack.
Upgrade business system security
Start by thinking about the types of crime you’re at risk of falling victim to, who might commit them and why. And don’t forget, cybercrime can be an inside job, too. Some reasons for attack could be:
- Stealing your data for monetary gain via blackmail, fraud, industrial espionage or identity theft.
- Extortion by removing or making your data unavailable (ransomware).
- Vandalising your computer software or data for no reason.
- Hacking for fun—some just enjoy the challenge.
Once you understand the profiles of your business’s potential cybercriminals, put in place some best practice rules, including:
- Install up-to-date virus protection software.
- Always be on the lookout for suspicious behaviour.
- Restrict staff access only to necessary internal business systems and information.
- Control the hardware and software your staff can bring into your company.
- Control the data staff can send outside of your company network.
- Plan how to continue to operate after a major cybercrime attack.
- Get insurance to cover any losses and the cost of recovering.
- Plan how you’ll explain data losses to customers and regulatory bodies.
Don’t wait. Act now.
Protecting your business against cybercrime should be a top priority.
If you’re lucky, an attack will let you get away with minor disturbance to your normal day. Otherwise, you could lose everything. And, if that includes customer or client data, you can face big fines from regulatory bodies.
Cybercriminals never stop, so make sure every protective measure you take is the newest and most secure available to you.
In fact, hot on the heels of the WannaCry ransomware attack came another in June, called NotPetya. Originating in Ukraine, it shut down IT systems for huge companies including Danish logistics giants, Maersk.
If cybercriminals can take down multinationals with the best security budgets, think what they can do to smaller businesses. Do everything you can to stop them, before it’s too late.
Alastair Brown is Chief Technical Officer of people management software company, BrightHR.