A recent survey by Symantec claims that this year, cyber crime will cost the UK economy an estimated £1.9 billion, or £103 per cyber crime victim, and that an estimated 19 million Brits – almost a third of the population – will be affected by cyber crime in some that during 2011.
Cyber crime has already come to the North-east with at least one company receiving an email ransom demand after a hacker accessed its computer system and encrypted 50 gigabytes of data.
“This probably happens more often but it isn’t spoken about much because people are embarrassed to admit their security is so lax that they have been hacked, and the amount of money demanded isn’t very high,” according to Bruce Skinner, managing director of Pisys Net, who managed to rescue almost all the “kidnapped” data. It’s the first time in eight years of working in IT that Bruce has experienced this.
“We had recently taken on the company and were sorting out a lot of their IT issues,” he explained. “But before we persuaded them to address all the security needs, their system was hacked into. The weakness of the company passwords and use of internal remote access software meant that hacking was possible.”
The hacker, who could be based anywhere in the world, had logged on and managed to access the server to see how it had been set up, realised there was an operations system on one drive and all the company data on the other. “So all he had to do was install some encryption software which is available to buy on the internet for about $20, create an encryption folder and drag all the data into it. If you don’t have the encryption password you’re never going to get that data back. It’s still there on the server, you just can’t get into it.”
The hacker then sent an email (attached) with his terms and conditions. “But the risk is, if you pay up will you get the key? Will you be seen as an easy target? And if you pay you are giving in to cyber crime.”
In this case, Bruce and the Pisys-net team managed to recover virtually all the data because so much of it had been backed up and printed off.
“The way to avoid being hacked like this is to be protected by firewall and a VPN connection if you need remote access. Have a backup that’s changed over every day at an offsite backup centre. VPN stands for Virtual Private Network and can be set up for about £400 a site.
“The other essential is to have secure passwords. They should always contain a mixture of upper and lower case letters and at least one number. It’s very unlikely that password cracking software will work that out. If someone uses the word “password” as their password, that’s asking for trouble but even my making it a word more memorable to you with one upper case letter and one number in it should protect your system.”