4 ways poor network security could disrupt your business
Keeping your network safe from intrusion isn’t just about protecting against data breaches or growing threats like ransomware that can disrupt your business.
Today’s firms have a wide range of digital touchpoints and this offers many different opportunities for harm should someone gain unauthorised access. This can include the direct theft of money or data, cyber vandalism, disruption to operations or reputational damage.
Your website is your brand’s digital shop window, but as one of the most visible parts of your business, it’s also a top target for hackers. For example, tactics such as SQL injections and cross-site scripting can take advantage of vulnerabilities to gain access to databases to extract data, or plant malware that can steal data from visitors.
This can have serious consequences. For example, booking company Ticketmaster was recently fined £1.25 million by the Information Commissioner’s Office (ICO) for failing to prevent an attack on its online payment page that enabled hackers to steal the financial details of millions of customers. Tens of thousands of fraud cases were reported as a result.
Even if you’re not accepting payments or other information via your website, attacks on these resources can be very harmful to your reputation. In the recent US election, for instance, the website of Donald Trump’s campaign was defaced by cryptocurrency scammers.
While the actual damage may have been limited, this type of attack is always embarrassing and can raise questions about the security of your organisation as a whole.
Videoconferencing tools offer new opportunities
One of the big winners of 2020 has been video conferencing services. As we’ve all had to adjust to working from home more often, these tools have provided a vital lifeline for many. These tools aren’t just used to keep in touch with colleagues, but also maintain connections with customers and other users that may otherwise have been lost.
Sometimes this can be accidental or due to carelessness. In one incident recently, a journalist was able to gain access to a private meeting of EU defence ministers, after one of the participants accidentally tweeted an image containing partial login details for the meeting.
In that case, the intruder made himself known quickly, but more malicious actors could easily lurk unnoticed to eavesdrop on conversations – especially meetings with many participants. It also goes to show how human error is still a major factor in many network security incidents.
Don’t overlook social media
As well as your website, social media is another key means of communicating with customers for almost every firm, and it’s another potential channel for hackers to do damage. However, this is also an area that can be abused by people within a business.
For instance, this is what happened to a London gym recently, which unexpectedly started tweeting a string of angry, profanity-laced messages at customers. This was initially blamed on a hack, before it was revealed to be down to a “disgruntled employee” with access to the account.
Tools such as access management, two-factor authentication and effective monitoring solutions that can flag up unusual access or activity quickly are all useful in reducing the risk of this kind of incident.
As more firms have added new and untested services in 2020 in response to a swiftly-changing environment, this can present new opportunities for hackers to take advantage of implementations or new third-party tools that may not have been fully scrutinised.
In October, for example, it was reported that criminals had managed to compromise a remote payments service being used by schools to take cashless payments for things like meals and exam fees. They did this by accessing a payments page, enabling them to steal credit and debit card information in real time as it was being entered into the system.
This is the same type of attack that affected British Airways in 2018, which resulted in around 400,000 people having financial details stolen. The airline is currently facing a fine of £183 million from the ICO in response to this, though the final figure has yet to be confirmed.
No company should consider itself beneath the attention of hackers, which is why it’s essential for every firm to have a comprehensive, well-integrated network security solution that can protect all parts of the business.
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.