Worried About Cybercrime? Here Are 3 Steps To Cybersecurity Heaven

Are you worried about cybercrime? In this guest article, Alexandra Hayter from SmartVault shares 3 steps you can take to become more cyber secure today!

Going digital is a great way to save ourselves time through automation of tasks and communication. But, when we move to a digital-first strategy, we need to first ensure our security procedures are watertight to avoid cyberattacks or data leaks.

According to a recent government survey, 2 in 5 UK businesses have been subject to some kind of cybercrime within the past twelve months. That’s a shocking statistic, and Accountants are particularly at risk of cyberattacks as they hold high levels of confidential data and financial information.

Of course, cybersecurity is a huge topic which is almost impossible to cover in one article, so we’ll focus on the three steps you can take to be more cyber secure today.

Step One – Awareness

The first stage of improving cybersecurity is simply to be aware of the main types of cyberattacks seen online. Once you understand the types of attacks, we can look at the risk factors associated with these.

Phishing

• The fraudulent attempt to obtain sensitive information, or money
• Typically carried out via email correspondence – impersonates people, or legitimate sites to obtain information

Malware (Malicious Software)

• A piece of software written with the intent of doing harm to the computer
• Installed on your PC (usually without you knowing). Includes: Trojans. Worms. Rootkits, Viruses

Ransomware

• Threatens to block or lock a system, or publish data unless a ‘ransom’ is paid
• Installed in much the same way as ‘Malware’
• Paying the ‘ransom’ resulted in the ransomware being removed in less than 19% of reported cases (CyberEdge Group)

Man-in-the-Middle or Eavesdropping

• Interception, or altering, of communications between two parties
• Used to steal information, modify or re-route communications
• Could be used to intercept a banking transaction and re-route the funds

Step Two – Understand the risks

Now that you’re aware of the types of cyberattacks that are most common online, it’s time to think about the risks that are associated with these. That means understanding what you should be thinking about when assessing your current practices, in order to discover where the weak links are in your business.

Passwords

We all know that passwords can be a weak link in your business. A great example is sharing log-in information, which is a big no-no. This habit can actually cause issues around audit trails, which are important for GDPR compliance. Going back to basics, we should also remember that having the same password for multiple sites or having a password that is easy to crack are all issues that can be easily fixed and managed.

Human Error

The biggest cause of cyberattacks is actually human error. Two of the most common errors are emailing a sensitive file to the wrong person, or accidentally giving out financial information through phishing emails. Lack of knowledge or understanding is usually the cause. Remember: if someone emails asking for sensitive information, never give it out without checking the person is who they say they are. Even if an email comes ‘from your client’, it may actually be coming from cybercriminals that have hacked into their account.

Technology

Keep your software and hardware up to date, many of the updates that apps or programs issue are actually to fix bugs or security issues within the software. Ensure all the systems you use are up to scratch and compliant, do they have two-factor authentication or are they GDPR compliant?

Emails

Most emails are sent unsecured, which means they are vulnerable to cyberattack and interception. Any sensitive documents should always be sent through a secure file transfer solution (such as SmartVault – other options are also available but beware of ‘free’ versions as their security is often not up to par). Sending in this way also means that if we do accidentally send an important email to the wrong person, whoever receives the email must have a username and password to access the documents.

Step Three – Implement solutions

Finally, once you are aware of the risks it is important to assess your current situation and implement any necessary solutions. This should be done in stages;

Assess your current processes

• Map out your data, apps and workflow.
• Check the security of all the apps you use.
• Document who has access and why – can you restrict access to some documents or apps?
• Carry out a password audit.
• Write policies and process for dealing with cybercrime, such as how to handle phishing emails and attachments.

Educate

• Train your team in best practices and what to look out for.
• Help your clients understand the risks so they are on board with any new processes you need to implement.
• Use available resources from the government and your professional body to stay up to date.

Easy solutions to use now

• Use approved cloud back-up as disaster recovery, protecting you from some of the effects of ransomware.
• Use a client portal so documents are not shared over email.
• Implement a password manager – e.g. LastPass, which is both free and secure. You can use it to generate secure passwords and then save them for each website you log onto. Do not use the password manager built-in with your browser, it is much less secure.
• Ensure no one has access to technology or accounts that shouldn’t (leavers, ex-clients etc)
• Use two-factor authentication where possible
• Encrypt local data – e.g Bitlocker (for Windows 10)