Cyber Security – Just another tool in your tool belt!

Business is hard—at times, very hard.  When you are in business, you have so many things to think about that sometimes less important business requirements slip through the cracks or are totally forgotten.  Cash flow and revenue are critically important for any business, but so are HR management and keeping the sales and marketing machine going.

This problem of divided attention explains the most common problem when it comes to protecting a business from cyber crime.  Businesses put cyber security on the back burner because their thinking is “we are too small to be a cyber crime target.”  This is a fallacy, and a very dangerous one when it comes to your business viability.  As a tool, technology is great, but you would not use a welding iron without goggles, or a bandsaw without ear, eye and respiratory protection.  Why do we think that this internet “tool” does not require some level of protection as well?

A cyber criminal from outside can reduce a business to a smouldering wreck in a very short space of time.  An outsider could target the business through a focussed spear phishing attack, targeting the bookkeeper or the accounts department to gain access to financial, payroll or client information.  They could target the sales and marketing department to find your price book or your business processes.  Or the Research and Development department, for original plans and blueprints of your next widget.

And don’t forget the insider threat—the disgruntled employee who is about to quit or get fired, and will take all of the sales and client information with them.  In all of these cases, the business may be able to recover, but it is going to face major losses (and wasted time) in doing so.

Most businesses don’t like to believe their information could be that valuable to a criminal, but this is the world we live in today.  It will be the way of the world in the future.  Everyone is a target; every business has information that, if used in the wrong context, can be a weapon against them.  Come to that, every person has information about themselves that could damage them if it got out in the real world.

Cyber security is an overused phrase, but it is still a subject that needs more serious discussion.  It is something that must be confronted at every level of a business; at an individual level, it should also be a primary consideration whenever you have an interaction with the great communication device called the internet.  To ensure that cyber security is included in your business processes, here are a couple of ideas

Less trust, more questions.  Everything we do on the internet involves some level of trust.  Trust is achieved in a variety of ways.  The most noticeable is followers and recommendations.  Most people trust web pages and social media pages that have a large number of followers.  In addition to this, if a product or service has a large number of recommendations and testimonials, we are more inclined to believe it is legitimate.  But the bad guys know this as well, and will often write reviews and score their products to achieve that higher level of trust.

Another trust supporter is the number of people that you know who are part of that following.  Have a look at some of your friends’ Facebook pages sometime; you will be amazed at what companies people are following, usually because of a smart piece of marketing like a viral video or “like this page to enter” contest.  Likes, comments or online reviews aren’t a good basis for unreserved trust.

Increased awareness.  You have to be aware of where you are when you are using the internet.  By that I mean that if you’re on ABC News, you have to be less cautious that if you are on download.com.  There are a number of reasons for this.

Large multinational companies understand the need to support your trust in their website, so they will put the required security systems around it to protect themselves as well as their customers.  Places like download.com do not care.  In most cases, people find them by searching for an application, song, movie or celebrity gossip.  They put you through a system of cutouts and smoke and mirrors, and without even knowing how, you’ve ended up on their site.

The creators of the site do not care about building up a customer base or repeat clients.  If you are there, you need to be aware that you are not a customer but a mark.  This is probably true of most sites you find by searching for media downloads or celebrity photos, unless you know exactly whom you’re dealing with.

Cyber Security is my problem.  The worst web sites are just a click away from you whenever you’re in front of a computer.  The internet is more dangerous than walking down a dark alley in the worst part of your town, but most people consider it completely safe.  The risk include losing vital information like your e-mail password, bank account login or social security number.  In most cases you do not even realise that you have been targeted, let alone lost something.  Paranoia is one of your best defences when it comes to cyber protection.

The mantra “cyber security is my problem” increases the awareness of the user and staff to a level where they are less inclined to follow the bait and deviate from the safe paths.

The “internet tool” is a brilliant piece of technology, and we can use it to achieve whatever goals we have in mind.  It allows small and medium enterprises to punch well above their weight through SEO and online marketing and sales.  But it’s still just another tool, and like all tools, it has to be used with the right level of training, understanding and protection.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply