How to protect your business from cybercrime

Cybercrime is an evolving challenge that Irish businesses need to plan for, developing a cybercrime strategy and processes to combat attacks such as malware, ransomware and phishing. In Ireland, cybercrime outpaces global averages for businesses. Research by PWC found that incidences of cybercrime in Ireland (69%) are double that experienced by international companies (34%). The study found that the high level of cybercrime is a concern for potential investors evaluating Irish businesses for investment.

As well as reassuring stakeholders, there are plenty of reasons to implement a cybercrime strategy. Data protection legislation such as the General Data Protection Regulations (GDPR) requires customer data to be securely stored, with significant fines for non-compliance. Customers expect data to be protected from data breaches, while attacks such as ransomware can see companies have to pay considerable funds to access their scrambled data. Cybercrimes such as hacking and illegal access to IT systems and networks can also expose intellectual property, commercial data and sensitive information to data theft and exploitation.

Protecting your business from cybercrime demonstrates to stakeholders you can be trusted when protecting data and clients’ information. Certification such as Cyber Essentials demonstrates an industry-standard approach to data security and may be a requirement for some commercial tenders, such as UK government bids.

Cybercrime strategy - network hack

Common types of cybercrime

Cybercrime can take many forms. and may be carried out by individuals, hacking groups or even state actors.

  • Hacking – Where a person gains access to network and data, applications or systems to compromise them or steal data. Hackers can use a variety of approaches to access systems, such as unpatched operating systems to social engineering methods. For example, a hacker could place a USB stick near an organisation with the label ‘staff salaries’ on it. An unsuspecting employee could plug it into an unprotected network, where malware could self-install and be used to compromise systems.
  • Phishing – An attack on your network where someone poses as a trusted person or business and tries to trick people into sharing sensitive personal information. A common phishing tactic uses a fake email disguised as a genuine email from someone within your organisation, such as a request to reset your password and a link to what appears to be a credible website.
  • Malware – An umbrella term used to define malicious software that targets networks. Malware can disable computers and networks or stay hidden on a network and monitor network activity, such as keystrokes and passwords. Malware is commonly installed by opening an attachment on a fake email.
  • Ransomware – A type of malware, it prevents an organisation from accessing devices such as laptops and data storage, often scrambling data and making it unreadable. Ransomware gangs will often demand payment, usually in a cryptocurrency, to unscramble and restore access to data and devices. However, information may be left unusable even once a hefty ransom has been paid.

How to protect your business against cybercrime

There are ways you can strengthen your businesses’ protection against cybercrime and develop a cybercrime strategy for employees to follow. From updating your business’s network security systems to setting up robust access controls to determine who can access data, boosting your cyber security can minimise downtime and reduce productivity.

Keep software up-to-date

Keeping your software, such as applications and operating systems, updated can help protect your organisation against malicious software or viruses. Software updates routinely fix security flaws in software, denying criminals the opportunity to exploit security holes and access your network. Outdated software was a key finding in the aftermath of the cyberattack on HSE Ireland that occurred in May 2021. Many of HSE’s systems were still using Windows 7 software, despite Windows 10 being available.

Interested in GDPR and data protection? Read our guide to who is responsible for demonstrating GDPR compliance.

Install and maintain security software

Install anti-virus and anti-malware software on all devices and keep it up-to-date. Commercial security software can scan files, such as email attachments and prevent them from being opened if they contain malware. Look for features such as daily updates to virus definitions, the ability to recognise previously undetected malware, and user alerts that help prevent users from accessing malware websites or responding to a phishing scam.

Cybercrime strategy - ransomware and malware

Password policies

Enforce strong passwords for all users. The Cyber Essentials 2022 update mandates that all administrative users of cloud-based services have multi-factor authentication in place. Use a combination of tools to control access, such as a strong password, a security number and an access code sent to the user’s mobile device.

The Cyber Essentials 2022 update requires organisations to use commercial password generators when choosing passwords and enforce a policy of regularly changing passwords.

Data back up

Routinely back up data to a separate, secure storage location – ideally offsite – so data can be restored in the event of a security breach or ransomware attack. Ensure employees store data in a way that allows it to be backed up, and do not allow the storing or processing of organisational data on personal devices that may have lower security thresholds and prevent routine back ups.

Implement strong firewalls

Firewalls monitor incoming and outgoing network traffic on a system and prevent unauthorised devices from accessing your network. Firewalls and routers should have a strong password (at least eight characters, symbols and numbers) and 2FA to prevent unauthorised users from circumventing a firewall. Ideally, an organisation should whitelist the IP and devices of authorised devices that can access the network remotely or limit access to internal network devices.

Create a BYOD asset register

Bring your own devices (BYOD) can enhance organisational flexibility but introduces new security challenges. Create a BYOD register and ‘onboard’ any device from staff, such as ensuring it has robust security software, passwords, 6-character PIN and 2FA access.

Cyber crime strategy

Certification Europe Cyber Essentials

Our Cyber Essentials certification can strengthen your organisation’s cyber security management systems and demonstrate robust IT and data security systems to build customer trust. Certification in Cyber Essentials from an internationally accredited certification body can enhance your data security assets and help you protect organisational assets.

Our Cyber Essentials certification is the first step to strengthening your organisation’s cyber security management systems and demonstrating robust IT and data security systems to build customer trust. Certification in Cyber Essentials from an internationally accredited certification body can enhance your data security assets and help you protect organisational assets.

We also independently assess information security management systems (ISMS) to ensure it meets the criteria required for certification in ISO 27001.

Cybercrime - main image

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…
Previous
Next