This page contains a Flash digital edition of a book.
FEATURE


BUSINESS CRIME & PROTECTION


The importance of


good cyber hygiene


By COLIN ROBBINS, Managing Consultant at Qonex


Computer hacking has evolved considerably over the past 20 years. What was once a “hobby” to demonstrate technical


prowess, by breaking into systems and putting graffiti on websites, then evolved into stealing as a way of gaining criminal financial reward. One of the main targets was credit card numbers,


which could be sold on the black market to criminal gangs. However, the ease and success rate by which credit card numbers have been stolen has led to such a surplus that the value of each stolen number is now very low. The effect is that criminals are looking for new ways of


extracting value from their victims. Until recently, it was difficult for attackers to directly


extort money, as it was too traceable. However, the advent of bitcoin, an untraceable electronic


currency, has changed this. It is now possible to request bitcoins, and spend them in


exchange for material value, in a way that cannot be traced back to the act of extortion – making bitcoins the perfect tool for money laundering. As a result, criminals are now using bitcoin to extract


value from their victims using ‘ransomware’. Ransomware works by infecting a computer and


performing a reversible act, such as encrypting all the files and requesting a ransom is paid for the files’ safe return. The victim pays the attacker in bitcoin and is given the


information needed to unencrypt the files. However, although at this point the business may have


its files back, the attacker is likely to still have access to the computers. The firm would need to assess how the hackers ‘broke in’


and perform a thorough clean up to prevent them simply coming back for more bitcoin in the future This assessment is a job for experts, one for which you


could contact a cyber incident response expert for assistance.


36 business network June 2016 How can firms protect themselves from ransomware in


the first place? At a business level, firms need to implement a basic set


of cyber security controls. The Government has defined a standard called Cyber Essentials which will help prevent many of the common modes of attack, and is the recommended starting point. A home computer is just as vulnerable as a business one.


Learning from Cyber Essentials, there are a few key pieces of advice to follow: • Change the default password of the broadband router • Make sure personal firewalls on your PC are installed and switched on


• Uninstall software you no longer use • Configure the user accounts on a PC so one person is not routinely logged-in as the administrator. Only log in as the administrator if there is a need to carry out administrative functions. Do not use the internet as an administrator


• Use up to date antivirus software on all PCs and laptops • Keep applying all those updates – it might be a pain and take time, but it’s vital.


Colin Robbins, Managing Consultant at Qonex


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56