Cyber crime is not just an issue for large tech companies but also for any organisation that collects and maintains personal customer records, like property managers and agents.
Increasingly, companies that store customer addresses and contact details, and potentially bank details, are being attacked by cyber criminals. Recently, HR software group PageUp said that thousands of jobseekers’ details were exposed due to a data breach.
According to figures from the Global Economic Crime Survey, 32 per cent of organisations have been affected by cyber crime, which is now the second most reported economic crime.
The implications of cyber crime are huge, said Daniel Weis of Kiandra IT at the National Insurance Brokers Convention.
Mr Weis said that breaches would have privacy implications, but to a business, the loss of revenue and reputation associated with a breach is a more important issue.
Fortunately, the marketplace is responding, with companies like Gratex International and EBM helping businesses to understand and mitigate their risks to cyber crimes.
Michal Gonos, director of IT & Infrastructure Services at Gratex, has five standard tips for businesses looking to combat these risks.
“Firstly, partner with a reputable IT organisation with expertise in security to develop a plan to mitigate cyber risk within the organisation and regularly review this plan. This is particularly important for organisations with limited internal IT resources,” Mr Gonos said.
Mr Gonos added that it was important to look around for the best one as some will also offer behaviour monitoring tools to locate suspicious activity.
“Secondly, perform regular security audits and penetration tests. It is important to understand that this only gives insight at a single point in time and new threats are emerging on a daily basis.”
Mr Gonos said that educating management and staff on common risks and data protection was an obvious step but was often missed by businesses.
His next tip was to categorise data based on how sensitive the information is and the consequences of its misuse.
“Put in place policies and controls to determine who has access to what information and how they can use it, as well as seeking options to integrate those policies and controls within line of business application,” the IT director said.
Lastly, Mr Gonos said that companies need to remember that cyber security takes work as the IT world is rapidly changing and businesses need to be aware that today’s security protocols may not work tomorrow.
“Businesses need to be constantly monitoring and adapting the strategies they use to prevent security breaches and protect their organisation and clients,” Mr Gonos said.