In 2022, the war on cybercrime is continuing as criminals get savvier and continue to seek new ways to exploit businesses and the public online. Back in 2016, we noted here at Acquisition International that cybercrime was a looming threat. It’s therefore no surprise to our loyal readers that the fight against bad online actors continues.
With this in mind, how can you respond as a business owner or a high-level manager? There are a number of relatively simple steps you can take to protect your employees, business, and consumers.
Utilise digital tools
There is a wide range of different digital tools out there that can be used to effectively root out cybercrime and fraud, as well as prevent them from happening. For example, seon.io’s software can identify a user’s IP, which can give companies valuable information on where a user is located, if they have been blacklisted, or if there is something suspicious going on.
By identifying the IP, a merchant can decide whether they want to proceed with the transaction or whether more information is required from the user. There are also other tools that analyse transactions and can flag any that seem out of character for a user or exhibit an unusual pattern of behaviour. These tools and many others utilise big data, AI, machine learning and even the IoT to crack down on cybercrime, particularly fraud.
Educate yourself and your team
One of your best lines of defence in the fight against cybercrime is awareness, according to the following article from Chubb. If you empower your employees with the knowledge they need to identify suspicious behaviour, criminal activity, and unusual behaviour, they will be able to respond to issues in a much more efficient manner. Additionally, you need to maintain a general awareness of all risks and trends regarding cybercrime to react at a decision-maker level quickly and without jeopardising further damage to the company. This education can take the form of courses and qualifications, online webinars, in-person talks, reading, audio, video, or sessions with cyber professionals. In terms of keeping up to date, you can include updates and things to be aware of in periodic communications to employees, along with resources so they can continue their research on their own accord.
When it comes to developing your staff’s knowledge, you can start with essential guides such as flagging suspicious emails, not clicking on unusual ads and links, ensuring websites are trustworthy before entering credentials, and limiting the use of company networks while using public wi-fi networks. This can then be developed into more technical and sector-specific guidance, depending on their needs and your business challenges.
But it is essential to ensure you stay up to date. The world of cybercrime changes incredibly quickly, and criminals are always looking for ways to circumvent the system and find new ways to exploit vulnerabilities. This means that the education process should be ongoing, including for you and your team.
Collect and evaluate security logs
The information and data contained in your security logs are a great tool at your disposal. A great best practice for you to adopt is to collect them and ensure they are thoroughly analysed to identify any suspicious activities. Looking at the information in these logs is an excellent way for your to spot untoward things that are happening, including logins, application executions, activity during non-business hours, and PsExec executions, which could all highlight something is wrong. Using these logs is valuable not just in terms of identifying cybercrime but when trying to catch perpetrators, compile evidence, and develop processes and measures to prevent it from happening again.
Keep patches up to date
You can have all the best tools, software, and digital solutions to protect you from fraud and cybercrime, but if you don’t keep them up to date, they are useless. Your IT team needs to stay on top of all updates and patches to be sure that the software will be as effective as possible. Cybercriminals and hackers will often seek to exploit vulnerabilities in systems, and when they do, the developer must close that loop. If you do not stay up to date with these matters, it gives nefarious actors an open door into your precious network, system, and company.
Practice good password habits
When was the last time you changed your password? When was the last time your employees changed their passwords? The answer is likely, not long ago, and no idea. It is extremely important to get into the habit of practising good password habits, as CNET notes. This should include choosing a completely unique password by means of a random password generator. It should consist of upper and lower case characters, numbers, and symbols and should not be any kind of word that is easy to guess. Employees should not reuse passwords between platforms and should change them every few months. You can set up internal reminders on choosing passwords and when to change them to help your employees remember to do so. It might even be possible for some systems to trigger password changes automatically after a certain time frame has elapsed.
Restrict unapproved app installations
Downloading unauthorised programs or applications can be a significant hazard for companies as many can include malware or other forms of viruses. The employee may not even realise their system has been compromised until it is too late. These viruses can spy, delete data, download sensitive information, and generally cause havoc, bringing essential systems and networks to a standstill. Many companies will put a ban on downloading anything without permission from the IT department or use powerful anti-virus services like Norton that pre-installed on desktops to prevent malicious cases from occurring. In many cases, this can be set automatically, with a popup appearing and preventing any downloads from happening. But you should also urge employees to be careful with downloading apps on their phones, mainly if they use them for work communications and other purposes.
Have a backup and recovery plan
Having a backup of all systems that are refreshed regularly is essential. Furthermore, this should accompany a full recovery plan that kicks in if something goes wrong. If your system is compromised somehow, you do not want to risk losing everything; therefore, backing up all data, settings, and systems daily is vital. Then, should something go wrong, you simply revert to the most recent backup, limiting the damage and being able to return to operations with minimal interference. Ensuring this plan and the backup system are in place will save you time and money, as well as protect your business interests.