September 18, 2016

Legal Corner: Protection Against Cyber-Crime

legal scales

Protection against Cyber-Crime

Many members have reported a recent increase in unsolicited (and potentially harmful) spam emails from unconnected third parties. Such activity is part and parcel of the interconnected world in which we live and do business in. Cyber-crime can range from opportunistic attempts to extort money through spam emails to malicious cyber-attacks, capable of bringing down entire businesses.

Cyber-criminals are finding increasingly novel ways to insert themselves and their capabilities into the mainframes of target businesses. It is not just the large multi-nationals that are susceptible to attack (although clearly they get their fair share): the SME market is ripe for the picking for cyber-criminals. Unfortunately the reality is that cyber-crime is a problem that will never go away.

 

However, there are plenty of things that you can do to mitigate the risk of falling foul of an attack. Below is a (non-exhaustive) list of ideas you can adopt to ensure that you are best prepared to deal with a targeted cyber-attack:

  1. Install appropriate anti-malware software/firewalls. Whilst not completely fool-proof, as a means of first defence, such software should, if installed correctly, capture and/or filter out malicious content. Whilst general anti-malware packages can offer a degree of protection, it would be prudent to acquire more robust, dedicated software/firewall.
  2. Develop an acceptable use of technology policy for your business. You may know which items in your inbox should be left well alone or what to do in the event your laptop/smart phone is lost or stolen, however your staff might not. Such a policy should provide your staff with the necessary information. Additionally, by implementing an appropriate policy, you can ensure that your staff have a better understanding of the relevant problems and concerns along with suggestions about what they can do to overcome them.
  3. Train your staff. As a means of rolling out and providing appropriate understanding of your policy, you should also make every effort to properly train your staff. Make them aware of the risks associated with cyber-crime, tell them where your vulnerabilities are and let them know what you expect from them in dealing with these concerns. Training should be continuous and not simply a one-off session.
  4. Purchase appropriate insurance cover. Sometimes, even the best laid plans go awry. It is then a case of damage limitation. Cyber risk insurance is a rapidly developing line of insurance cover which can assist you and your business in the event of mishap. Policies can be tailored to offer everything from the simple replacement of infected hardware to the recovery of losses associated with the interruption of your business. Many providers also offer incident response packages, providing you with the peace of mind that a dedicated team can assist you and your business in the immediate aftermath of a cyber-attack.

And lastly, but no means any less importantly, be wary of any email received from an unknown sender. Never open an attachment to an email if you do not know the source of it. All manner of malware can be embedded into simple, every day programs. Often the trigger can be something as routine as clicking on and opening an otherwise unassuming document. Unfortunately that simple action could have catastrophic consequences. It is always best to think twice.