“There is no agenda more critical today than security” IFSEC
It is predicted that by 2019, cybercrime damages will cost 2 trillion annually. To put this in to context, that’s enough to buy tech giants Microsoft, Apple & e-commerce site Amazon. With a comfortable 165 billion left over in spare cash.
Whilst we witnessed a number of different security threats in 2017, the topic of cyber security and keeping our online data secure remains a growing concern.
As of the end of 2017, over half of the world’s population are now online (that’s over 3.5 billion of us). With more and more of us connecting and sharing information online through our smart phones, laptops and wearable tech, we are opening ourselves up to vulnerabilities if our data is not stored securely.
In the words of Steven Bucci “Unless we get cyber crime under control, it will mutate into a very real, very dangerous national security issue with potentially catastrophic ramifications”
So, what do you need to prepare for in 2018?
1. Is your company GDPR Compliant?
Do your employees know that there will be an update to the Data Protection Act in May 2018 where the EU General Data Protection Regulation will come into effect?
If your business processes data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR.
The GDPR sets out a series of new guidelines for the storage and handing of data. This aims to give people more control over the use of their data, and provide new rights to move or delete personal data”.
Ensuring that your company meets the GDPR’s requirements is a great starting point for preparing for the year ahead. Not sure if you’re compliant or don’t know where to start? Take a look at the ICO (Information Commissioner’s Office) guide to preparing for GDPR
But what about Brexit?
Unfortunately for any of you who are thinking about it, the General Data Protection Regulation will still apply to UK companies who store EU data, irrespective of the UK leaving the EU. You can find out more on the official GDPR website
3. Prepare for Ransomware
“Ransomware attacks in 2017 have not lessened since 2016. Ransomware isn’t going anywhere, so protecting yourself is important”. – CNET
Ransomeware is a malicious software that infects your system by blocking access to your computer’s files until a sum of money has been paid to decrypt it. This means that without you paying the ransom, you can lose access to all your data instantly.
Preventing this kind of attack is difficult as there are multiple ways an intruder could infect your system. However, there are some good practices that can protect you in the event of such an attack.
How you can minimise risk:
- Backup. Backup. Backup. If you keep a backup of your system, then in the event of a ransomware attack, you’ll be able to restore your system back to full health.
- Ensure your firewalls are on and operating.
- Train your colleagues or employees to be wary of attachments. If they aren’t sure what they are opening they shouldn’t be opening it.
- Understand that paying the ransom does not always result in your files being returned.
The “WannaCry” ransomware which plagued the NHS computer network earlier in 2017, held files for ransom and charged around $300 worth of cryptocurrency to get them back.
What is surprising about this attack is that the ransomware was fairly unsophisticated. However, “WannaCry” managed to use vulnerabilities through specific computer’s which had not installed the update for their latest Windows operating system.
4. Update your software
Keeping your software up to date is always best practice when it comes to cyber security. More hacks and attacks are being developed every day and if you want to stay protected you need to keep up.
Companies, such as Microsoft, regularly provide updates for their software packages which you should install as soon as possible. These updates include critical security fixes for issues which have been discovered since the previous version.
Two months prior to the “WannaCry” ransomware attack, Microsoft had released a patch to protect their systems. If the NHS had carried out simple security measures, such as updating their software, there is a possibility the attack could have been avoided.