Let’s be careful out there.
Not a day passes without a new compromise of confidential account and personal information on the internet, possibly yours!
Millions of account details have been leaked or hacked over the last few years from highly respected internet sites. Brands you will probably have heard of that have been hacked include Yahoo, Virgin, Sony, MySpace, eBay, AOL, LinkedIn, Tumbler, DropBox, the NHS, to name but a tiny few . Researchers continue to regularly find security holes in software and electronic devices (including but not limited to mobile phones, tablets and IOT mechanisms).
So, if your business relies on IT of any kind, from on-premise to hosting and the cloud, you cannot avoid the possibility of being attacked by malware of one form or another. It is no longer a question of if, but when, cyber criminals may decide to focus their efforts on you or your business.
Phishing and Whaling are attempts to convince you or members of your staff to click through an email link to a malicious website, often with very convincing and authentic looking content. The malicious website begins to infect your PC or laptop with Trojans or viruses that can render your machine inaccessible, possibly deface your company website.
And this is just the tip of the iceberg, with the cybercriminals becoming ever more sophisticated in their methods.
So? What can you do to protect yourself from this threat? Having an effective and tested security policy that is approved by senior management is the begining for a growing business.
Training your staff to recognise phishing emails and other suspicious behaviour, ensuring you have an effective backup regime, encrypting your most important information are all good mitigations.
Antivirus software can protect your servers and endpoints from known virus and trojan infections. Intrusion detection/prevention systems (IDS) can monitor your endpoints or network for suspicious activity. Regular (bi-anual) penetration testing or vulnerability scanning can help reveal weaknesses in a businesses IT infrastructure or configuration.
However, the majority of these prevention and detection systems rely on known signatures and activity patterns, what they can’t always recognise are new (zero day) malware that has yet to be identified.
So, in truth there will always be a small risk of malware infection, no matter how hard you work to protect your network, systems and staff. Over the last few years, insurance companies have begun to design new Cyber Insurance products specifically for businesses, who have done their best to phsically protect themselves, but want to cover the residual financial cost of an attack or zero day malware infection.