Does it ever seem to you like there are fads when it comes to crime? You begin to hear about it more in the news, it becomes a buzzword, then a new crime wave plagues society and gets all the attention?
Crime seems to have existed in many ever-changing forms throughout all of human history. I get the sense that any individual, when they put their mind to it, can create criminal schemes that rival a rocket scientist for ingenuity. Regardless of one’s station in life, education, or background, the perceived payoff of crime brings out a dark inner genius.
From buccaneering to train and bank robberies, heists, racketeering and pyramid/ponzi schemes, it seems that certain crimes build in momentum, are innovated and perfected, until some new threat jumps out from around the corner at our society.
We are now well into the digital age, and with it has come a new wave of crimes – identity theft, phishing pop-ups or emails that have people give credit card information to a fraudster masquerading as a Microsoft employee (my 71 year old father lost over $1,000 from that scam). In spite of how much we may mock the Nigerian prince scam, it still continues to work, robbing people of their hard earned money.
In my role as an IT Services & Security Consultant at Nerds On Site, the crime trend we’ve observed with a very rapid increase in frequency, sophistication and scale, is cybercrime.
Some alarming statistics:
- In 2018 cybercrime generated more than $1.5 trillion of profit
- If cybercrime were a country, it would have the 13th highest GDP in the world
- Cybercrime is now more profitable than the illegal drug trade
There’s money to be made in cybercrime, and if you operate a business, you’re the target. Ransomware attacks (where a hacker gains access to a network and holds data hostage unless a ransom is paid) are being made on thousands of companies every single day, with great success.
With this backdrop in mind, here are three ways we encourage companies to protect their network and their data.
1. Use a security appliance with egress control (And what is “egress”??)
A security appliance is your firewall. This device stands as a guardian between your modem and your network to protect your systems from intrusion. The challenge is identifying and stopping the intrusion. Approximately 30,000 new domains are registered every day in the USA alone. 85% of new domains are registered with malicious intent. Attempting to create a blacklist of all the “bad” websites out there is not possible or sustainable.
At Nerds On Site we use a firewall philosophy called Whitelisting. Simply put, we treat the entire internet as if it is bad and untrustworthy, and only allow the accessing of sites that are essential to the business operation, or are deemed safe (not infected with malware.)
Our focus is on egress control, which is a fancy way of saying that what leaves your network is just as important as what enters the network. For example, when a phishing email is clicked by accident, whitelisting stops the signal getting back to the attacker, and ends the chain of attack, saving your network and data.
2. Backup your data
The second biggest reason ransomware attacks succeed is due to a company not having a working backup of their data. This results in a ransom Bitcoin transaction being sent to the attackers, with fingers crossed tight that the data will be returned (that doesn’t always happen.)
At Nerds On Site when it comes to client data, we use the 3-2-1 rule that says:
- 3 copies of your data should exist at the same time, on
- 2 types of storage media
- 1 copy off site, either physically or in the cloud
This process should be automated, and every single day the backups should be verified to make sure they are complete, working and ready to use in the case of a critical issue with the original source of the data, such as a ransomware attack.
3. Get an IT Security Specialist on your team
Everyone wants one, not everyone can afford one, especially in a smaller operation. Normally the person who knows how to get hooked up to the wifi or can install a new printer gets the mantle of being the IT person. Those people are a huge asset for a company that cannot carry the overheads of a solo IT person.
However, when it comes to cyber security, it cannot be something an employee dabbles in. There is too much at stake.
Of course I am biased, but I’m a big believer in outsourcing to companies that specialize in their profession. Companies subcontract many other roles because businesses understand they need a very specific skill, as staff don’t have the time, skills, abilities, training or certification for that role. Think about what you subcontract out: cleaners, snow removal, legal advice, but when it comes to IT services and security (now one of the most critical components of every single business in the world), companies try to wing it and hope they will be ok.
Even if you are large enough to have your own IT staff member, they may know a lot about networking, hardware, software, the workflow of your employees and how to help them, but are they up to date on the newest security trends, threats, or best practices? IT Service Providers such as ours seek to partner with existing IT staff to protect your company from this ever increasing risk.
“There are two types of companies: Those that have been hacked, and those that will be hacked” ~ Robert Mueller, Former FBI Director
Don’t tell yourself ‘we are too small to be a target’, or ‘I think we are ok’, or ‘that sounds like it could be expensive’. Indifference is the biggest asset to cyber criminals, and hindsight is the most painful and costly way to be educated on the importance of cyber security vigilance. Ask any company that has experienced a data breach as a result of cybercrime.
The fiscal, legal and reputational damage from having client and company data exposed are difficult to recover from. Don’t be the next victim.
Now is the time to make a change.