14 November 2019

5 doorways to cybercrime that you need to close now

Businesses that would never dream of leaving their premises unsecured often leave themselves vulnerable to cyber intruders. Here’s how to put sturdy locks on your digital doorways.

Cyber threats are accelerating. By one estimate, the global economy is now losing $2.9m to cybercrime every minute1. A third of UK businesses were affected last year, suffering financial loss, disruption and reputational damage2.

Yet simple precautions could thwart the majority of attacks, as business leaders heard at a recent Strategies for Growth event held by HSBC.

1. Email – still the main frontier

Over 90% of cyber attacks are launched by email, according to Barry Searle of cybersecurity consultancy Int-Qual Pro. Increasingly this takes the form of fake invoices that appear to come from a known and trusted email address.

“Businesses that are hit may believe their systems have been hacked, but often it turns out that the business has simply been manipulated into paying things they shouldn’t have paid,” Searle told event delegates.

To counter email threats:

  • Enforce processes to verify invoices before payment – especially where a supplier has apparently changed their bank details. Check with a call to a pre-approved contact
  • Install free SPF and DMARC tools, which alert you to unauthorised use of your email domain – and encourage supply chain partners to do the same
  • Ensure your email and financial systems are separate, so that even a successful email hack doesn’t leave your finances compromised

2. Social media – a feast for criminals

Cyber criminals exploit social media profiles to mount targeted ‘spear-phishing’ exercises. “Smaller businesses are the most heavily targeted sector, because they often lack the staff and experience to deal with organised crime,” Searle said.

His recommended actions include:

  • Review social media policies to ensure profiles include only relevant details. For instance, the fact that an individual is responsible for authorising invoices should not be featured on their profile
  • Be discreet on personal social media accounts, such as Facebook and Instagram. This makes it hard for criminals to cross-reference from company websites or LinkedIn profiles. For example, business leaders should use an abbreviated name on their personal accounts, and a profile picture that doesn’t identify them

Smaller businesses are the most heavily targeted sector, because they often lack the staff and experience to deal with organised crime.

Barry Searle, Int-Qual Pro

3. Data – when fallbacks fail

Rather than go to the effort of stealing business information, cyber criminals can focus on denying access, in the hope that businesses will pay to have their data restored.

Searle warns that some businesses affected find themselves faced with fees and delays to retrieve data from their cloud providers. In some cases this is so prohibitive that victims have chosen to pay the criminals instead.

  • Check your cloud contract to ensure the terms of data retrieval are acceptable
  • Keep printed back-ups of continuity plans, so you can execute them without digital access

4. Devices – unlikely access points

The Internet of Things is the fastest-growing vulnerability to be exploited by hackers.

A plug-in air freshener and an aquarium thermometer are among the connected devices used by criminals to breach business defences, Searle told delegates.

  • Replace default manufacturers’ passwords with new ones on any connected device your business installs – and do this retrospectively for any existing devices

5. Wi-fi – who’s on your network?

“Public wi-fi is never secure, even when you use a password,” Searle warned. “Your personal data services provide far more security, and mobile hotspots are a more secure alternative.”

  • Use public wi-fi only in an emergency, and never for sensitive or financial communications
  • Turn off business wi-fi and Bluetooth when not in use

Searle urged business leaders to see cyber threats in the same way as physical ones. “These decisions are as simple as putting an alarm on your premises and deciding to lock the door when you leave,” he said.

 

1https://www.riskiq.com/infographic/evil-internet-minute-2019/
2https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/813599/Cyber_Security_Breaches_Survey_2019_-_Main_Report.pdf

Related Articles

Keep your business safe

Find out additional ways to protect you and your business.

What is the best way to train my team for cybersecurity?

Protection comes down to training and communication.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.