A flurry of recent high-profile – and alarming – warnings has at least given businesses the opportunity get on the front foot when it comes to averting cyber attacks.
First the UK’s National Crime Agency (NCA), along with the FBI and other cyber-crime experts, issued a stark warning after it was discovered that more than 15,000 computers in the UK, and millions more worldwide, could be infected by malicious software (malware). Companies should be ready for a hostile attack, they said, at any time.
This threat, which applies to users of Windows operating systems, could cost businesses and individuals across the country millions of pounds as the malware targets sensitive information such as bank details.
If that wasn’t enough, experts then warned that it was ‘when’, and not ‘if’, when it came to cyber attacks on North Sea oil and gas operations.
Delegates at an industry gathering in Aberdeen were told of a significant rise in the number of reported attacks, and heard that offshore platforms had already been targeted. Whether the virtual assailants were hackers, environmental activists or even hostile states, the message to companies was clear: be prepared for more of the same.
A key element to averting such attacks is to ensure that staff at all levels of the company are kept up to date on the latest guidance and procedures for minimising risk and are confident using the business’ IT systems.
Rob Hamilton, Chief Executive at Aberdeen-based IT business Dynamic Edge, said: “An in-depth strategic approach is required for overall security, however, there are straightforward steps that businesses can take to help protect themselves against external threats
“No bank or card issuer will ever contact you by email, asking you to enter all your personal and financial details online. If you receive a message like this, report it to your bank, then delete it. Your IT department or service provider should also be informed.
“If you receive an email from an unknown source, do not open it and do not click on any attachments.
“In addition, anti-virus software should be up to date; an anti-spyware package should be installed; firewalls should be used; software/operating systems should be up to date and passwords should be changed regularly.
“These rules should form part of a broader plan across the entire organisation that is continually revisited and revised as and when required.
“It may sound simplistic but often it is the fundamental dos and don’ts that need to be followed with communication between the IT team and staff vital to avoid ongoing issues.”