The protection of devices, services and networks — and the information on them — from theft or damage.... is a catchy phrase but what does it really mean?
Ok, let’s go one step back. Increasingly, criminals who used to mug people or put a balaclava on and hold up a post office are choosing to carry out crime over the internet. Why? Well there is far less chance of getting caught and the rewards can be much bigger.
Instead of getting a few thousand pounds from a very risky hold up, internet (cyber) criminals now get a few thousand pounds from multiple businesses from behind the veil of the internet. More money and less risk. Why don’t the police just follow the money? Well, it’s not that simple…cyber criminals, also known as hackers, often use crypto currency which is not traceable.
Cyber Security is simply a catch all phrase that relates to anything that is put in place to protect you from criminals who use the internet to carry out crime.
How does it work?
A In mainstream use as being someone with some computer skills who uses them to break into computers, systems and networks.... will send out a huge number of emails to every email address they can see or have access to – email lists are shared amongst these groups. When somebody opens the email, clicks on a link within or opens an attached document, a small bit of code can be installed onto that computer to potentially track all the data/emails/web sites visited etc. This is call Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.... (as in fishing for information).
What next? Nothing. They sit there, typically for months capturing data and sending it to the hacker. They will then sell that data or learn your email template, your tone of voice, structure of your emails to create a fake request for money. One example might be faking an email from the boss to the finance team asking them to pay a supplier using a set of bank details. These details are of course, the hackers. Once the money is sent, it’s gone.
Another example is Malicious software that makes data or systems unusable until the victim makes a payment..... Hackers attempt to access a huge number of websites and those websites without proper protection allow them through to the main systems. They may also use the information captured above to gain access to internal systems. Taking control of the system and blocking everyone out. When anyone tries to use a computer or system they are met with a message saying ‘pay us x amount of bitcoin by clicking here to get your data back. If you don’t do it in 3 days, all your data is lost forever’. Simple. All automated. Not traceable. They ask for amounts that are small enough to pay to make it go away, which people often do.
Incidentally…20% of people that pay don’t get their data back.
Will it really affect me, though?
It’s just a teenager in their bedroom isn’t it?
They won’t target me, they go after the big boys, surely?
Well, partly yes, this does happen. It’s what happened to TalkTalk. However, most attempts to hack you are nothing to do with you. You are not being singled out. A hacker uses computers to send millions of requests a day looking for someone who responds or to find an unprotected website. They are indiscriminate. To them you are just a website address or an email address. They don’t care. Anyone that responds is a success to them. Any website that they can get through is success.
So what do I do?
The government’s National Cyber Security Centre has published a set of basic steps that should be taken by every business to protect them from cyber crime. It is called the Cyber Essentials, you can find it here This covers securing your internet connection, your computers and applications and access to your customer information.
We highly recommend that you take these simple steps to make sure that you, your business and your customer data is safe.
It doesn’t need to cost a lot, with the right supplier. This can be done with a low monthly cost that is based on the number of people in your team, so you only pay for what you use. Very cost effective, especially if you compare to the financial and emotional impact of an attack.
At YouCloudIT we specialise in helping small and medium businesses by speaking in plain language and providing tech for non-techies. You don’t need to understand the technology to get all the benefits, we’ll do it all for you at a price tailored for smaller businesses, not enterprise. Let us support you to get the protection you need to keep you safe.