The digital age is revealing its wickedness as we stagger our way through a global pandemic. Granted, businesses have long used the web to expand their presence to reach and engage with their markets. But there’s also the recognition that cyber threats and attacks come unprecedented. Just look at what happened with PLDT and Facebook.

Although the pandemic highlighted the benefits of digital technology, more companies are becoming susceptible to the perils of cyber insecurity. The Securities and Exchange Commission recently urged local businesses to create more robust cyber security systems as the industry undergoes an accelerated digital transformation and online transactions proliferate in the market.

The clear message here is that rising online insecurity is launching everyone, not just businesses, into a world that is very different from the one in which many are accustomed to. While acting on these emerging threats and beefing up defenses are the right moves, these likely won’t happen overnight. And they may require a pragmatic investment that entrepreneurs shouldn’t shy away from. 

Here, we sat down with Gene Yu, CEO of digital forensic and cyber crisis firm Blackpanda to give us a masterclass on cyber security and how you can make it work for your business. 

What is cyber security?

Cyber security is a field dedicated to protecting your business from unwanted digital disruption. It helps secure and maintain access to digital information, whether credit card details, confidential emails, private customer data, intellectual property or any other digital information to which you or your customers require private and reliable access.

As offices reopen and employees return to their previous posts, cyber attackers will take advantage of a new transitionary period, imitating on-boarding teams, phishing for confidential information, and causing further loss to businesses.

However, cyber security is actually a very broad field of security with many separate specializations dedicated to developing your security infrastructure, actively defending your business, detecting and responding to those intrusions, and helping you recover from a breach. You can think of cyber security like defending a castle—some people specialize in building walls, some monitor traffic at gates, some stand guard in the watchtowers, and some stand by at the ready to fend off an active attack.

The collective job of these specialists is to keep your business running smoothly, with secure access to digital information you need to manage operations, process payments, communicate with others, and responsibly handle sensitive information of your people and your customers. 

What roles does cyber security play in this crisis?

Cyber crime was already on the rise; COVID-19 has only compounded the problem. The global pandemic has created a lot of uncertainty for businesses. Many firms are being forced to manage teams remotely for the first time and navigate new means of conducting business without a complete understanding of how these changes affect their security. All of this uncertainty provides the ideal situation for opportunistic cybercriminals.

For instance, current work-from-home policies worldwide mean we have a large percentage of the global workforce operating on home networks and computers that are far less secure than the managed security environments of their offices. Furthermore, many firms have become almost 100 percent reliant on digital platforms for all communication, providing further opportunities for the intrusion and infectious spread of malware across networks. 

Due to this combination of uncertainty and reduced security, we have seen a significant uptick in cyberattacks taking advantage of people’s fears surrounding the pandemic. Hackers continue to impersonate government healthcare websites. Infection trackers and other fake “advisory” content trick users into unknowingly downloading harmful malware onto their computers (and the computers of their colleagues). 

Some sophisticated attackers even use malware to silently monitor email communications—sometimes for months—carefully studying a team’s managerial structure and processes to fabricate very convincing fund transfer requests or steal other valuable private information.

Is social media still a good platform for businesses?

There are many reasons why organizations and individuals are victims of privacy breaches. In the recent rise of fake Facebook accounts, these impersonated profiles may attempt to spread misinformation about their target or, in the case of PLDT’s hacked Twitter account, make antagonistic statements to damage a firm’s reputation and stir a real-world response.

That said, social media can still be incredibly valuable for businesses. It is a fantastic medium for reaching a large audience with little-to-no-capital investment. It has the unique ability to exponentially spread information through likes and shares, and it is virtually instantaneous. However, there are obviously risks associated with its use. For example, credentials can be stolen and accounts manipulated or falsified. Disgruntled individuals, business competitors or “hacktivists” may try to impersonate and embarrass their targets by misleading or lying to social media users.

Small to medium enterprises are often targeted precisely because this false assumption of invisibility usually belies a lower standard of cyber security, an easier target.

To ensure your business is able to safely enjoy the benefits of social media, firms must implement higher grade security measures such as multi-factor authentication and complex passwords. For example, never use the same passwords for social media sites as you do for any work accounts—a common mistake seen in many large-scale credential leaks. Only trusted professionals should be left in charge of business social media accounts, and businesses should configure their accounts to enable as much logging as possible to serve as an audit trail, only logging onto accounts from trusted devices.

If you do experience a breach, immediately contact a specialized digital forensics incident response team to analyze these logs and other relevant activity. By uncovering the source of the breach, you can quickly remove any unauthorized users or malware and restore normal operations before any significant damage takes place.

How can a business strengthen its cyber security?

The US-based National Institute of Standards Technology’s (NIST) cyber security framework provides guidelines, standards, and best practices for companies to better manage and protect themselves from cyber attacks in five steps: Identify, Protect, Detect, Respond, and Recover. The NIST framework is well regarded because it adopts a risk-based approach and is adaptable to various sectors and their needs. Most importantly, it is continuously updated and revised as technology and threats evolve.

Identify

This first step is crucial to developing an organizational understanding of critical digital assets and their use in business processes. Know where to focus your efforts strategically and most cost-effectively. Key questions to consider include:

  • Where are your assets located? Keep an inventory of all hard and software. 
  • Who are they assigned to? Clearly define roles and responsibilities for use, management, and protection. 
Protect

Protection is about developing and implementing safeguards to keep your business safe with the appropriate tools and checkups. These include the basics like firewalls, maintaining up-to-date antivirus and application software, and conducting the necessary awareness training for employees—humans (not computers) are the weakest endpoint.

According to a 2019 Verizon report, 43 percent of small to medium enterprises fall victim to cyber attacks annually.

Detect

Detection concerns knowing when you’ve been attacked. Some sophisticated tools use artificial intelligence to detect unusual behaviors and flag suspicious activity for review. Some firms offer managed detection as a service. Perhaps most importantly, employee training keeps your people on their guard to detect suspicious websites, email requests, and other signs of compromise.

Respond

Respond to attacks with the right people at the right time with a plan that takes into account your business and operational priorities. Do this by working with your internal team or third-party consultants to build a response plan that covers roles and responsibilities, methodologies, communication procedures, business continuity, and steps to remediation. For modern businesses, experiencing a cyberattack is not a matter of if, but when. Be sure you have a team with the requisite skills on hand to investigate the cause of attack and help restore operations more quickly.

Recover

Recovery includes not only resuming operations as quickly as possible but also restoring any lost or stolen data, implementing lessons learned, and recouping any financial losses through risk transfer products such as cyber insurance. Cyber insurance is a fast-growing space more firms should take advantage of, often covering both first- and third-party losses such as business interruption, regulatory fines and fees, legal or public relations consulting, and hiring an incident response team—significantly reducing both time and costs of managing the various facets of a breach.

Ask your preferred third-party responders (cyber, legal, PR, or otherwise) if their services are covered under any available cyber insurance policies. If they are, you could benefit from significantly decreased costs as opposed to a traditional services retainer.

Should a small business invest in cyber security?

Every business should invest in cyber security. Small businesses operate under the false assumption that they are not the target of cyber attacks. In fact, according to a 2019 Verizon report, 43 percent of all cyber attacks are against small to medium enterprises (SMEs). SMEs are often targeted precisely because this false assumption of invisibility usually belies a lower standard of cyber security, an easier target. At any rate, cybercriminals indiscriminately develop and distribute malware-infected emails and websites at an alarming rate and scale. Your firm doesn’t have to be specifically targeted and any business can find themselves under attack.

To ensure your business is able to safely enjoy the benefits of social media, firms must implement higher grade security measures such as multi-factor authentication and complex passwords.

To start, small businesses should focus on low-hanging fruits: Is all your software consistently up-to-date? Have you enabled multi-factor authentication across all company logins? Do you at least have some sort of antivirus protection and detection software installed across your systems?

In addition to your first line of defense, firms should have a response plan in place with a team that can support them in a crisis. For SMEs, this skillset is often outsourced to digital forensics and incident response specialists. Businesses can set up these relationships and plan well before an incident occurs, either by keeping a firm on retainer or through a cyber insurance policy that includes coverage of response services—saving valuable time and money in activating a response.

What aspects of cyber security should a business first invest in?

Secure the human to prevent phishing attacks. Phishing is frequently used by threat actors to gain access to a computer. Educating the user on how to detect and report these attempts is critical to securing the enterprise. At the very least, basic training should cover how to spot fake or “spoofed” email accounts and suspicious requests as well as how to preview a link before clicking on it.

Enable multi-factor authentication (MFA) across all logins. If an attacker somehow steals your credentials, MFA is critical to blocking their use by unauthorized persons.

Maintain comprehensive logs on all security events across your network. Keeping track of security logs wherever possible will help those responsible for your cyber security detect anomalies and investigate incidents.

Have a plan for response. Know exactly who should be contacted, under what conditions, and the appropriate processes to enact following a number of potential security incidents.