Aftermarket May 2022

H ardly a day goes by without mention of one organisation or another suffering some form of hack attack, but steps can be taken to protect systems. Human error is the biggest cause of security vulnerabilities so it’s important that firms instil caution within staff, ideally through a policy that covers what they can do online. This means detailing which websites can be visited, that no unauthorised software is downloaded or installed, and that email with attachments should be quarantined and scanned. Be private Staff should be made aware of ‘social engineering’ where a plausible caller aims get a staff member to give away whatever is held precious. It’s this that is behind authorised push payment fraud – where an individual is told that their account is at risk and that they should move their monies to a ‘safe’ account. The harsh reality is that these individuals will have sent their monies to a fraudster and so will have trouble getting a refund from the bank. Staff should never give any private information out without being certain of the person or organisation asking. Similarly, the advice is to be careful with what is posted online. Apply the same principles to paper-based information. All someone needs to compromise a system is enough of the right bits of information; social engineering is much easier than expending effort on hacking systems. Public WI-FI It’s so tempting to want to be online at all times and it’s just as tempting to use public, or open, WI-FI networks. However, just as a user can connect a laptop to a free WI-FI hotspot, so can anyone else. If they’re so driven, they can access business data and plant viruses. Staff devices Another threat to counter is staff who connect their own devices to the company network or their computer. Thought should be given to limiting access to the firm’s WIFI or physical network. The same applies to USB devices – it’s a well-known trick for a fraudster to drop a USB stick in a car park for an individual to pick up and connect to their computer to see what’s on it. Back-up At the end of the day, systems can and do get compromised so planning for disaster should be part of daily housekeeping. Backing up data onto several separate devices, regularly and keeping them off site at different locations is critical. Consider a combination of methods such as external hard drives, a computer elsewhere and cloud storage services such as Dropbox. In just a few decades data has become an integral component of our personal and professional lives. From personal imagery and data to core business systems, more is created every second of every year. Ensure that whatever system is put in place can grow as the business and the data created grows. Having a simple back-up is fine – it’s better than nothing. However, a more practical solution is to have in place an archive of back-ups that allow a firm to reach back in time to find items and documents that may have evolved over time or which have been deleted. Processes such as this provide added layers of security. It is important to remember that organisations should not only have a back-up strategy, but also test it regularly to determine if data is easily recoverable and accessible when needed. Lost data can destroy a firm’s brand and public trust. Easy access? Assuming that a business is unlikely to be attacked is a foolish stance and one that will lead to disaster. All it takes is a lucky find by a hacker combined with easy access for the rest to be history. For more information, visit: www.cyberessentials.ncsc.gov.uk/ advice 16 AFTERMARKET MAY 2022 BUSINESS www.aftermarketonline.net PART TWO: STOP THE HACKER In part two of his look at cyber-security, Adam offers more tips on anti- hacker self-preservation for businesses BY Adam Bernstein

RkJQdWJsaXNoZXIy MjQ0NzM=