There are simple ways to safeguard against the serious threat of hackers penetrating your network, writes Paul Richer, senior partner, Genesys Digital Transformation – contributing to the first of our new series TTI Tech Talk
Every week, I receive four or five phishing emails that are attempts to inject a virus or some other malware into our IT network. The emails are very plausible: click here to view our invoice; your PayPal account has been debited with £550; or thanks for making the purchase – if you didn’t click here.
We are all vulnerable to attack and businesses need to be careful to guard against this. The scariest stories involve cybercriminals managing to bring your entire IT environment to a halt or infiltrating business IT systems, hijacking customer data and holding this to ransom. A recent study by IBM Security found that the average cost of lost business to US companies was $1.52 million.
The stories told seem to indicate that, for many businesses, once their systems are breached, they have no choice but to pay the ransoms being demanded and hope that the hackers will then release their systems or agree not to put their customer data on the open market.
The more successful hackers are those that build a “business” reputation for releasing locked-up systems or destroying stolen copies of customer data once ransoms have been paid. Victims are more likely to pay ransoms if hackers are known to respond to payment positively.
An association to which I belong lost 69,000 to confidence tricksters who phoned their office, masquerading as their bank, and persuaded an unwitting employee to transfer money out of the association’s bank account.
In a subsequent independent inquiry commissioned by the association, it found that no anti-fraud training had been given to employees. So my first suggestion to you is that, if you have not done so already, you provide training to your staff and management so that they understand when not to open an email, when not to click on a link, when not to respond to unusual requests on the telephone. This will straight away slam shut quite a few doors that hackers and tricksters are trying to open.
Of course, hackers may still get into your system. I have heard stories of disgruntled employees providing hackers with passwords into systems, allowing them easy access to create havoc by shutting down systems until a ransom is paid. It is very difficult to guard against this but there is a simple way to remedy it.
If you are old enough, you will remember when you had a computer server in your offices. At the end of each day, you would run a back-up onto a tape cassette. You would take the tape home, just in case the offices burnt down that night. If you were thorough in your back-up procedures, you would have, perhaps, five or seven tapes, one for every day of the week.
Nowadays, our software is mostly in the cloud but it can still be hacked. Your data will likely be backed-up every day but if this is being done by your system provider, do you know what their backup strategy is? You should follow the strategy of old and have a series of daily back-ups, at least seven.
In the event of being hacked, you can restore successively older back-ups until you find the one that was recorded before the hack took place. You can then restore this and get your business back into action. You may lose a few days’ work but that is far, far better than the business being shut down whilst IT specialists work away at trying to cleanse your system of its malware infection. Make sure the back-ups are being recorded on a separate server to the one serving your business so that they stay hack free.
Cybersecurity needs to be taken very, very seriously but there are some quite simple actions you can take to keep your data and your systems safe.
Travel Technology Initiative (TTI) is a not-for-profit organisation providing members with the latest thinking on technology as well as developing industry-wide standards for travel. For more information, visit tti.org
The TTI Travel Tech Summit on 23 March will examine cybersecurity, artificial intelligence and how digital payments are shaping the industry. For more details about the event taking place at the Holiday Inn London – Regent’s Park and to register, click here.