The importance of cyber security: Part two

Why is cyber security so important for your business?
iStock

By understanding the basics of cyber security, you can increase your company’s defences against viruses and hackers.

In the first instalment of our three-part series, we discussed the most common ways to infect a computer, plus the easiest ways to prevent a virus via a phishing site, a fake email or a risky site.

Our second instalment will focus on the rise of ransomware and how you can prevent company data falling into the wrong hands if your laptop were to go missing.

So, what do you need to know?

Why is my screen black?

Situation: Your laptop won’t switch on. You attempt to turn it on several times and suddenly your screen flickers. You receive one of two messages: “Send five bitcoins immediately to mrx@yahoo.co.uk or risk losing your data forever” or, “We have detected that you have been visiting illegal sites, the local authorities have been called. To resolve this, send five bitcoins to mrx@yahoo.com.” These are examples of ransomware and messages can vary. Hackers will use intelligent malware to encrypt your files. These files will turn into an unreadable document, and you will be prevented from successfully opening these files.

Additionally, the malware used can detect your Internet Protocol (IP) address. Hackers will use this information to send you a ransom message in your language, or, in the second example, hackers will use this information to include a photo of your local authority to make the message look ‘authentic’.

What not to do: In most situations, ransomware messages should be ignored, however, this is not always an option for some (in the US, hospitals became a prime target for hackers. They ultimately chose to pay the ‘ransom’ so that the ramifications of losing patient details were minimised ). Although ransomware is a scam, some are ‘happy to pay any price’ for their data. In most cases, you should never send money for access to your data, extortion will only lead to further extortion. It may never end, and you may never see your data again via that route.

Solution: Unfortunately, there are no easy or free solutions to this problem. Your laptop may be infected to the point of no return, but at least you have your back-up, right? However, if you are in the UK and you have sent money to a ‘hacker’, you should contact Action Fraud for further advice on what your next steps should be.

Mitigating the risk: There are multiple ways to mitigate the backlash from ransomware.

  • Back up everything! Do it now! Whether you do this via a cloud backup or via an external drive, there are no excuses. You should make sure that you have multiple versions of each document so that if your data becomes encrypted by malware, you won’t lose your data completely.
  • Only visit sites that have valid SSL certificates. This can be found in the green part of the URL (which you can see below *there will be a picture of a website with the green part of the URL*).
  • Additionally, think before you click, and steer clear of pop-ups. This will decrease your chances of downloading malware and encountering ransomware.

Furthermore, remember to consider the price; is the solution worth more than the data itself? If so, you may need to rethink your strategy.

My laptop is stolen … what about my confidential information?

Situation: Your laptop is missing, or stolen out of your bag. It contains private data, and you’re the only one who should have access to it. This can cause trouble for both you and your company.

Solution: Unless someone is kind enough to turn in your laptop, there is little hope of recovering your lost device and the data on it. If you encrypt your disks, you reduce the chances of anyone else accessing your data, so the laptop becomes useless to anyone without the password. Unfortunately, if you have not encrypted your disk ahead of time, there is no way to do so after it is gone. 

Mitigating the risk: All major operating systems should give you an option to encrypt your disk. This is the best way to prevent your data landing in the wrong hands.

Remember, this is just a basic overview on cyber security. The solutions you see here are not guaranteed to work. Each situation is different and if for any reason, you believe your company will be a target of an attack, you should hire an information security firm to do a risk assessment and mitigate the risks in a professional way.  

This has been the second instalment in our series covering Cybersecurity. Our first instalment covered methods to decrease the risk in the event of a virus via a phishing site, a fake email or a risky site. In our last instalment, we’ll examine how to protect your social media accounts from hackers. 

Written on in Business Insights
Senior Devops Engineer & Junior Python Developer