Every human invention, regardless of its positive contributions to the advancement of society, comes with some negative sides. What could we have done without airplanes? But every now and then, we suffer devastating air crashes. What could we have done without electricity? Yet, people get electrocuted.
The same applies to the Internet, the World Wide Web and social media networks. Undoubtedly, these systems have made living and life a lot easier; but like all human creations, they have come with their own worries and fears. This is so because many people are wrecking havoc using these same technologies we applaud for making our lives a lot easier. These havoc wreckers are called cyber attackers or cyber criminals.
Let’s put it in perspective, a couple of weeks back, a client invited me to a roundtable conference; but the requisite for entry was my acceptance of the invitation must be sent via the organisation’s official email address. Of course, that wasn’t a problem, but I really got worried when I tried severally and the mail kept bouncing back. After more attempts, I called my client to complain.
You know what? My client’s website had been hacked into by cyber criminals, and as if that wasn’t enough, they stole vital information and infested their network with viruses, which corrupted their database. And what did they do? They shut the system and started a rigorous clean-up process. Because this was going on at that time, they couldn’t receive or send mails.
That’s one organisation. There’re lots of financial institutions, multinationals, conglomerates, and government agencies that have suffered worse fates in the hands of cyber criminals. So, the issue today is how or what should such organisations do to secure or protect themselves from daredevil hackers? This is important considering what one United Kingdom accounting firm said: ‘cyber crime is on the upswing.’
Again, let’s put in perspective. In October, 2012, FoxNews.com reported that ‘White House sources partly confirmed an alarming report that US government’s computers – reportedly including systems used by the military for nuclear commands – were breached by Chinese hackers. This was a spear phishing attack … and it should make every American think hard about cyber security.’
Last week, we gave tips on how individuals could secure themselves against cyber attacks or cyber criminals. Today, we are shifting our focus to organisations, financial institutions, multinational conglomerates and government agencies, among others.
How do you secure or shield your investments from cyber attackers or cyber criminals? Here are a few tips:
Be security conscious
As an organisation, you must be security conscious; and as one Information Technology expert puts it, you are as secure as you want to be. Therefore, ensuring your passwords are never compromised and using up-to-date anti-virus and anti-malware programmes are a good way to begin. But this may amount to nothing if there is no institutionalised strategy to consciously secure your systems and keep employees alert.
Security awareness
Knowing that a problem exists or is likely to happen is half way to solving the problem. I recall one company I once worked with. Fair enough, they had fire extinguishers scattered everywhere in the facility, but it took one fire outbreak for management to realise that having fire extinguishers scattered everywhere amounts to nothing if workers didn’t know how to use them or what to do in the event of a fire outbreak.
In other words, organisations must ensure that their employees, regardless of whether they work in the IT department or not, are trained to observe best computer practices as well as on cyber security issues. They don’t have to wait until they attacked by cyber criminals. The damage may be too colossal at that point.
System security monitoring
Again, securing your systems shouldn’t end with passwords and installing up-to-date anti-virus programmes. You should come up with hard strategies for monitoring your systems. If you don’t, one second is enough for a cyber attack or a data breach to happen. Monitoring means that your eyes are wide open 24/7 with in-built mechanisms to checkmate cyber attackers and cyber criminals.
Advising financial institutions in the UK, a UK-based firm of chartered accountants, Lattimore Black Morgan & Cain, PC said, “Many organisations believe that they don’t have a security problem because they know of no breaches. The fact is that cyber criminals don’t want to make their presence in a network known and unless an organisation has effective monitoring system, it may not find out about a problem until it hears from a customer, law enforcement or the media. But the good news is that 80 per cent of attacks are preventable.”
Open your eyes when choosing IT company to work with
These days, organisations don’t just acquire software, they ask for a demo. They ask for references and speak to current users of the software just to be doubly sure they aren’t acquiring a piece of trouble. Similarly, when choosing an IT company to work with, be as humanly possible that it wouldn’t comprise your systems.
Ask for references, seek out their current customers and question them thoroughly. More importantly, ascertain that they understand issues of security.
Configuration and patch management
Lattimore Black Morgan & Cain in their article titled: ‘How to protect yourself from the rising tide of cyber attacks on financial institutions’ advised organisations to ‘create a system to ensure that security patches are applied in a timely manner to all systems and applications, whether they are at the infrastructure level or the end-user level.’
Secure web applications
Again, Lattimore warns that ‘web applications with holes are major points of entry for cyber criminals, particularly for those committing credit card frauds.’
Therefore, they urge organisations ‘to make sure developers follow security protocols when they create web applications and that the applications are fully tested.’ They advised organisations to perform a hostile security test; in other words, to try to break into their own system through the web application.
On a parting note, let me share with you what David Willson of FoxNews said in his article entitled ‘How to protect yourself and your business from cyber attack’. This is in the hope that it will help you to become more security conscious -
• Using your smartphone for banking can be risky.
• When banking online, close all other windows and ensure the bank window URL comes up as Https.
• If using public Wi-Fi like hotel, coffee shop, airport and library, use a proxy that allows you to encrypt all your data so hackers cannot steal it.
• If the information you collect, process, and store is sensitive, encrypt it.
• If emailing sensitive data like financial information, use secure or encrypted email.
• Always log out of any account, especially banks, and social media, among others. Simply closing the window leaves you logged in and hackers can potentially get in.
• Do not click on links in emails. Many are not genuine and will take you to a fake site, like a fake Facebook site where hackers will steal your data.
• Do not click on the “unsubscribe” link in emails. In many cases, the email may be fake and by clicking unsubscribe you are legitimising your email and will be put on a spam list.
• Protect all mobile devices with password.
• Always remember that prevention is better than cure.
The future of the Internet is no doubt threatened, but it can become a safer place if we collectively become more security conscious in our homes and offices and also teach others why they should become security conscious.
