But in the past week, I’ve been inundated with phishing emails. Which got me thinking; cyber criminals are smart enough to know that right now, we might well be less vigilant. If a criminal hacked into your personal finances it would be very upsetting and disruptive. But if they exposed your business, the impact of potential losses could close your doors for good.

But I’ve got a Mac!

It’s a common misconception that Mac computers are impervious to viruses, malware and other cyber threats. Perhaps in the past, but as Macs became more popular, criminals began actively targeting Apple devices. And, many threats are now browser, email and cloud-based, so even if you’re running on Macs, it’s important to take steps to ensure that your company is adequately protected.

What’s the risk to your business?

I’m not trying to give you sleepless nights, but online crime targeting small businesses is on the increase. You wouldn’t leave the door to your office unlocked at night, or allow an unexpected visitor to wander in off the street. Taking a common sense approach to securing your Mac computers and network will go a long way to deter potential criminals and prevent theft.

At Dr Logic, clients often ask us about security issues. Here’s my advice about what to watch out for, and what steps you can take to protect your business.

Cyber Crime: Phishing emails

I’d be very surprised if you haven’t seen an email pretending to be from your credit card, bank, or HMRC. I’ve even had a client who received an email that looked like it had come from someone in their company, asking them to make an online payment. The email was a fake. The criminals are getting better because they are able to make lots of money!

What to do about it

The best defence is to avoid clicking on any links in an email that you think looks suspicious. If you’re at all concerned about your account, navigate to the main website of your bank and log in via that route. If you get an email that seems odd, even if it appears to be from someone you know, trust your instincts and check with them first.

Similarly, no bank will call you up and ask for PIN numbers or complete passwords. If in doubt, hang up and call the main number you normally use. But make sure you use another line. If challenged some fraudsters will give you a number to call back on to verify them. You hang up, but they’ve kept the line open. So when you pick up the phone to dial the new number, you’re straight back to criminals.

Cyber Crime: Spyware, Ransomware & Malware

This is software which could open up your company network to theft. They’re looking to obtain passwords for online accounts, or your data will be held to “ransom” unless you pay to get it back. And by the way, it’s unlikely you will.

What to do about it

A decent Antivirus installed on all your company machines is a must. And you’ll also want a firewall to insulate your network from the internet. At Dr Logic, we use Webroot Antivirus for our clients, as we think it offers an excellent broad spectrum of protection and is affordable across multiple users. We also recommend that our clients use Cisco Meraki routers and access points. This allows us to remotely monitor a client’s network. So for example, this means we can spot unusual bandwidth use, which could indicate someone is viewing inappropriate content. We’re also able to set schedules on the network, or restrict access out of hours.

Above all, make sure that you have a proper backup for your Mac desktops, laptops and servers. That way, if you’re infected with Malware, you can restore to the last version. Then wipe any affected machines and devices with minimal data loss.

Device theft

Businesses now rely on a variety of devices to keep their staff connected, many of those are smartphones, iPads and laptops. Crime data from the Metropolitan Police showed that thieves stole 2,000 smartphones every day (between August 2012 and January 2014), and another study estimates that in the last year, 10% of laptops were stolen.

What to do about it

It’s easier to steal a laptop than it is to hack into a database, so make sure that your staff only keep essential data on devices that they use away from the office. If employees need work on files remotely, ensure that there is a backup on your server, or better still, use a cloud-based system such as Google Drive. Encrypt all of your company devices and use strong passwords.

If, like me, you’ve got a million and one passwords, then I recommend using 1Password https://1password.com/ which will generate and store robust passwords. Where possible, use 2-Step Verification. I use Google Authenticator which is available from the App Store https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8

If you’ve got Mac computers, iPhones and iPads, configure Mobile Device Management (MDM) when setting them up. We use MDM with the majority of our clients, so if client lost their laptop, we can schedule a command so that when it reconnects to the internet, it will immediately wipe all the data. Last, but by no means least, ensure that employees know how to report the loss of their device. The sooner the better.

Cyber Crime: Hacking

Even the biggest organisations have experienced hacking attempts. Whilst you might think your company isn’t a likely target, how would your business cope if your IT system was shut down for days, or if all your customer data was lost?

What to do about it

Make sure that only authorised people visit your office. A common way to access a network is to get someone into a building who then plugs a device into the network. Our intrusion prevention systems will automatically monitor and alert us of any suspicious activity. But you can also get in the habit of regularly checking your equipment to see if anything looks out of place.

Staff data theft

A member of staff resigns. They then decide to make a copy your client database, take work they’ve done for your clients. Even worse, a disgruntled employee might vandalise data on the server.

What to do about it

Only give employees access to the data they need. You can do this by organising your files in such a way that people can only access what’s relevant to their day-to-day role. Your IT policy should make clear that only essential files or work are stored on individual computers. Everything else should be on your server, or in your cloud.

It’s even possible to monitor and identify file movement and end-user behaviour to see when users transfer data to removable media such as USBs, external hard drives, or to personal cloud storage applications like Dropbox.

In summary

Much of what I’ve talked about here isn’t rocket science. But it does require business owners to take a look at how their IT system is set up and make the appropriate changes. Our engineers work with clients to address any security weaknesses. And we also develop business continuity and disaster recovery plans. If you already work with us, please talk to your account manager if you’d like more advice.

If you’re reading this and thinking, where do I start, we’d be happy to talk to you about how Dr Logic could help your business protect against cyber crime. Until the end of the year, we’re offering a free 30-minute cyber security consultation. To find out more, get in touch.

Further reading

The Metropolitan Police has written a great guide to cyber crime

http://www.met.police.uk/docs/little-book-cyber-scams.pdf

The Cyber Essentials Scheme allows businesses to demonstrate they’ve met government endorsed standards of cyber security

https://www.cyberaware.gov.uk/cyberessentials/