How can I protect my customers data?
Cyber attacks are becoming increasingly common and those who perpetrate them have no respect for the size of the businesses involved.
Deloitte is the latest blue-chip company to fall victim to computer hackers who accessed the company's global email system and stole information belonging to the world’s biggest banks, multinational companies and government agencies.
Telefonica, the NHS, Sony, Anthem, Staples, JPMorgan Chase are among those who have been hit. The threat is obvious and ever-present, and if hackers can get to companies of this size then they can get into anybody's systems. Deloitte discovered the security breach in March 2017, but attackers may have had access to the firm’s systems as far back as October 2016. The hackers were able to get into Deloitte's systems because the company did not employ two-factor authentication, meaning they were able to access the global email system by acquiring a single username and password.
The criminals accessed Deloitte’s global email server through an administrator’s account that, according to sources, gave them unrestricted “access all areas”.
Deloitte says: “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte. Our clients need to be on guard for any suspicious emails and links that are sent to their compromised addresses, and they should extend this warning to other colleagues, family, friends and clients. Spear phishing emails can be exceptionally convincing and even the most tech-savvy need to be cautious.”
Before investing in defences, many organisations want concrete evidence that they are at risk of being targeted by specific threats. Unfortunately, in cyberspace it is often difficult to provide an accurate assessment of the threats faced by specific organisations - who would have thought that the NHS would ever have been a victim? It simply proves that every organisation is a potential victim and almost all of them have something of value that is worth something to others, regardless of size. You may be a sole trader or a small limited company - the hackers don't care.
The Information Commissioners Office has warned firms that they should be doing everything they can to keep the personal data of customers safe, as more consumers become resigned to the fact that their private information is being collected by private firms.
Here at Accountants Etc. we want you to be safe and secure, so we have come up with some practical ways that you can protect your customers' data.
- Ensure you have effective endpoint, network and email protection that filters spam, malware and dangerous file types - you would be surprised how many businesses don't, and it is a mistake.
- Train employees to be suspicious of all emails, especially those that contain attachments, and to report any unusual emails or attachments to you or to whoever is in charge of your IT - and make sure that they never open any suspicious email or attachment.
- Use a patch assessment tool to ensure your operating system and applications are up to date.
- Install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.
- Cyber attackers want to capture more than just one user’s password and confidential files – they want access to your back-end databases, your point of sale network and your testing network. Segregate your networks with firewalls that treat your internal departments as potentially hostile to each other.
- Install a device control strategy to identify and control the use of removable storage devices – not only does this prevent the nasty stuff from getting in, but it can also help stop personally identifiable information and intellectual property data from going out.
- Implement full disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.
- Use application control to keep track of, and restrict, unnecessary software that reduces security without adding any benefit.
- Ensure that you have a data protection policy that shows your staff how to keep personal data secure
- If you move to the cloud make sure that the ability to encrypt the data is a priority, both in the cloud and also when being transferred
Get a Free Online Quote today and see how much you could save each month!
Do you have a question? Speak to an accountant on Norwich 01603 931177 or Request a Call Back