Image courtesy of www.bluecoat.com
Many New Year predictions point towards increased numbers of cyber attacks in 2019. It is now big business – we have heard of ransomware victims being put in touch with call centres to negotiate their ransom payments to unlock their files. Ransomware, where your files are locked and a ransom is demanded to unlock them, is on the increase. So is ID theft, where your stolen credentials can be used to empty your bank account or use your credit card for unauthorised purchases.
What I hear from many of my Cyber Security workshop attendees is “surely hackers aren’t interested in a small business or an individual like me?” Well unfortunately they will target anyone they believe they can extract cash from, however small the amount. How much would it be worth to you to retrieve all your data if it had been locked away by a criminal? They are very clever to pitch their ransom demands to fit your net worth, and typically just under what it would cost to pay a professional to attempt to unlock the files for you.
So, the best defence is to ensure that you don’t get infected in the first place by a ransomware virus, or indeed any other kind of malware, or have your credentials hijacked. Be careful and put some simple defences in place. Here are my top 5 tips for you and your small business to stay safe this year, in order of priority!
One – Only open email attachments that you are expecting from people you know. This is the most frequent method criminals use to promote a virus. Even if the email is from one of your contacts, but the attachment looks odd or unexpected, don’t open it. Their email could have been hijacked. It is the act of opening an attachment that imports the malware onto your PC, and any connected networks. There are services such as Mimecast that can ensure all attachments are tested prior to opening, but these are chargeable services. Vigilance is free. If you suspect an attachment – delete the entire email.
Two – Protect your personal email address with two-factor authentication (2FA). All the major email providers offer this for free. Why so important? Just think, your email address holds the keys to your online kingdom, because if you forget your password it is used to send you a new one. If someone has access to your email, they have access to much, much more. 2FA will ensure that if anyone tries to access your email from an unusual network location, they will be asked to enter a code sent your mobile phone before they get access, and you will be notified of the attempt. Don’t worry, you won’t be asked to do this every time you access your email as it only kicks in if the access deviates from a ‘normal’ pattern. Look at your email provider’s website to find out how to do it.
Three – Back up your important data. I use a free file-sharing service that copies all my important files to my other devices. I have a desktop, laptop, phone and tablet to which files are copied, and a copy with previous versions is also kept online (in the cloud). It is the previous versions which I can use in the event all my files are locked by malware. I don’t care about ‘system’ files, I can reformat one of my infected machines, reload the operating system and download all my versioned (good) data from the file sharing service. There are other ways to back-up your data, but do ensure the backups are stored disconnected from your PC or network and that you take backups frequently.
Four – Stop using memory sticks (or CD’s or DVDs) unless they are yours from new. Look on them as a source of infection. First reason, if a memory stick is used by someone already infected (they might not know it) the virus will transfer to the stick, and then to any PC it is plugged into. Second reason, criminals leave sticks lying around in public places with viruses loaded in the hope someone will pick them up and use them. I have stopped using them altogether.
Five – Use a password manager. We all need to remember 100s of passwords, which we can’t! So we tend to use the same password for all the sites we access. Which is not sensible, as if your credentials are stolen (and we hear about these big hacks every couple of weeks now), you need to go to all the websites you access and change your password to prevent unauthorised access. Annoying, messy and time-consuming. I use a password manager, LastPass, but there are many more out there, so I just need to remember the one password for the password manager, and it securely stores the rest which can all now be unique. For added convenience, it has a browser extension that auto-logs-in so I don’t even need to see the password. With a password manager you will be able to use complex passwords across your online world, safe in the knowledge they are all secure. You can even use 2FA on your password manager for added security.
These are my top tips, there are many more easy measures that can give you peace of mind and help you sleep at night. If you run a small business, I highly recommend adopting the Government-backed Cyber Essentials controls, all easy to implement and based upon common-sense. Stay safe out there in cyberspace!