When I started working in IT over 20 years ago, the internet was still in its infancy, businesses were using modems to connect or expensive leased lines and it was more of a novelty than a business enabler. Cyber-crime was also in its infancy. If you wanted to know how to make longer distance phone calls then you had to dial into a BBS (Bulletin Board System) and navigate your way around looking for information on phreaking (the art of phone hacking).
Fast forward 20 years and the internet has changed. Like the strands of a web (hence the name World Wide Web) the world has become hyper connected, always on, where the possibilities are endless. Businesses of all sizes now benefit from this digital world, whether it’s increasing your marketing reach, making use of cloud services to lower your costs or just providing new and innovative ways to connect with your customers.
With all the benefits that this new exciting world brings, it also carries a darker side. Cyber-crime has also evolved, and in some ways, it has evolved quicker and more efficiently than some large organisations. To a lot of people, a cyber-criminal is a faceless, nameless single entity that is trying to take something from you. Cyber-criminals are now faceless global corporations that use the same methods, techniques and tactics as modern businesses to steal on a scale that was never before possible.
Take, for example, the traditional burglar. They work on the principle of opportunity. Leave a window or door unlocked and they will exploit that opportunity. Cyber-criminals also work on opportunity but the scale is much greater, as they no longer have to be physically present to exploit it –now they just need a laptop and an internet connection. In some ways, we as individuals and as businesses are enabling this criminal behaviour and often without even realising it.
In a digital world, information (data) is valuable and as a society we have become accustomed to giving it away without considering the impact. Take, for example, your favourite social media site: when you created your account, did you read the terms and conditions? Did you understand what happens to the data that you give so freely to share your life with your friends and family? The harsh reality is that when you sign up for a “free” account, you become the product, your data is stored, processed, profiled and in a lot of cases sold onto data brokers who then sell to other businesses.
Businesses can also fall victim to this mass data collection. The rapid adoption of cloud services to “enable” employees to work quicker, smarter, and from anywhere is often not considered from a security point of view. Where is your business data being stored, who has access to it and how seriously do they take the security of your data? Without understanding these things, we are creating opportunities for cyber-criminals to exploit. If, as a business, you don’t understand where your data is, how can you protect it and prevent it from being used against you?
In a world where security breaches are now commonplace, we need to stop giving cyber-criminals the opportunities that can (and have) destroyed businesses. The solution doesn’t always have to be expensive or the latest “next generation” appliance; it can be more about education and awareness.
You don’t need to tell people to lock their front door when they leave home, they do it at an instinctual level because they understand the risks if they don’t. Within businesses this kind of instinct is often forgotten because there is a drive to deliver something, meet targets or because for some people they believe that someone else will take care of it.
We as both individuals and as businesses need to pause and ask ourselves what opportunities we are creating for cyber-criminals when we use, share, store data or take advantage of some new “service” that offers to solve an immediate need. Take the time to consider the risks and you will start to take away the opportunities that cyber-criminals can exploit.