Theft, Extortion and Blackmail - That’s Cybercrime
Many people and businesses these days use the internet to buy goods and pay for services. Payment involves disclosing credit card or bank details in conjunction with personal ‘login’ details which tell the on line seller who the buyer is. Businesses are increasingly holding sensitive data on huge numbers of people and individuals are giving sensitive data to an array of on line retailers. The methods used to transmit and store sensitive data are ingenious and robust and on-line shopping websites with the https ‘padlock’, can be considered safe. That’s where the good news stops !
A computer system may be secure but there will be human input in the management of any system. Broadband provider Talk Talk were in the news last year because hackers broke into their system and stole personal information relating to their customers. That information will be sold and shared with other criminals who will in turn use it to try and make money from you.
Software suppliers send out ‘patches and service packs’ for their clients to download and install. In this instance Talk Talk had not installed the latest service pack and that left their system vulnerable.
Typically the cyber criminal will use email to try and introduce a virus to your computer system. That virus may allow them to monitor the key strokes you make and that could include your logon and password details. Alternatively the virus may allow them to gain access to sensitive data and you will then find yourself subject to a blackmail threat. A third alternative is that your computer becomes encrypted and unusable. A ransom note will follow. A slightly different and alarmingly simple scenario is where a departing member of staff simply connects a memory stick to your system and downloads your valuable data or upload a virus to your system
By comparing stolen logon details with publicly available business listings, information gleaned from social media and company websites a criminal can gain enough knowledge to impersonate an individual. By combining credible personal knowledge with software that masks senders email addresses and phones that can be programmed to give false caller IDs the criminal is well placed to dupe your staff and members of the public into divulging sensitive information or even authorising bank transactions.
If a business holds 3rd party data it has a duty of care to keep that data secure and a hack could lead to legal proceedings. Reputational damage resulting from a hack can lead to an exodus of clients and suppliers and of course gaining new clients could become quite a struggle. Add to that the cost of recovering your data and repairing your system and you can see that it is important for every business to take cyber crime seriously. Next time we will look at how you can reduce the risk of a cyber hack on your business.