Search
Close this search box.

How to avoid becoming a victim of cyber crime

We bring an excerpt of our podcast with Thomas Wong, Improsec, where we talk about threats in relation to having your data compromised.
Support talking with headset

Content

This blog post is written based on an interview with Thomas Wong, Improsec, in the podcast Regnskabets Time, season 2 episode 4
The convenience store chain 7-eleven was hit by a possible hacker attack last week, which ended up closing all of its stores in Denmark.  We feel that it must be appropriate that we bring an excerpt of our podcast with Thomas Wong from Improsec, where we got to talk about the current threat concerning having one’s data compromised by cybercriminals.

Interviewer: We talked a bit before we sat down to record today, Thomas. You told me that many Danish companies do not have the necessary level of IT security. Can you try to elaborate a bit on that?

Thomas: Yes. What I mean is that the vast majority of companies would like to focus on IT security. But when it comes to getting it incorporated into the company’s culture, it often turns out to be far more difficult to dedicate resources to it than first expected. It can, for example, be in relation to getting these basic things done, such as risk assessments or a business continuity plan, which tells you what to do if things go wrong. The day things go wrong, the snowball you have pushed in front of you has just gotten much bigger. Most businesses will be compromised at one point or another, so it’s a matter of making sure the amount of damage is as small as possible. So it is important to be well prepared for an attack.

Interviewer: Today, quite a few companies use cloud-based IT solutions. What exactly do you have to pay attention to concerning the security of a cloud solution?

Thomas: That is a very broad question. But one of the most important things to be clear about is who is responsible and when. The supplier has a responsibility. But only until their service “stops”. When a SaaS solution delivers data into a company’s operating system or the like, it is, therefore, the company’s responsibility that it is stored securely and that the system is sufficiently updated.

Interviewer: As an employee or user of a cloud solution, what can you do yourself to increase the level of security?

Thomas: Quite simply: Choose a good password. Do not reuse passwords. And this also applies in cases where you use different usernames, email accounts or the like – don’t reuse passwords. Here I also believe that you should not change your passwords according to a pattern that is easily recognisable. Last but not least, work-related and private things must also be kept separate. If everyone did that, and stopped checking their private email from their work computer, there would be fewer attacks.

Interviewer: How do you discover that you are under attack?

Thomas: First it starts as an operational disruption – there are files that can no longer be accessed, programs that no longer work and then this is usually followed up with a message which states that you can get your things back if you pay for it. Usually worded in a very nice and polite way. After this, it is quite important to be open about things. An attack can last a long time, and it’s perfectly okay to be open about it. But what should happen next, is that the company should follow the aforementioned business continuity plans. Then you know what to do in all phases of the attack and the subsequent recovery phase. It will save an incredible amount of time and ultimately money.
Some of the companies that have been hit very hard are those that do not have plans ready in advance. In many cases, the public may not even hear that there has been an attack. Because the company has acted quickly, since there was a clear plan and strategy for what to do before, during and after the attack.

Interviewer: Should companies pay the attackers in order for them to stop?

Thomas: I would not recommend that to my clients. I say that from an ethical aspect. But having said that, I can come up with examples of where it would make sense for a company to pay off the attack. It could, for example, be in a case where the company simply will not be able to continue and where bankruptcy will be the natural consequence of the attack. Here it can be difficult to say that you have a choice. But if you choose to go down that path, I would also recommend that you work with some professionals who have experience in negotiating with cybercriminals.
However, if you want to avoid being in a situation where you even have to consider paying off an attack, then risk assessment, training, preparation, penetration tests, etc. are the way forward. It sounds very sad, but it may end up being the most important investment the company has ever made.

Related articles

“Hveder” should still be enjoyed on a day off

On the last day of February this year, Store Bededag (Great Prayer Day) was abolished as a public holiday in 2024 by a majority in the Danish Parliament. However, at Visma Acubiz, we still believe that “Hveder” should be savored on a day off.

Are you ready for the new time registration law?

The new law on time registration has been adopted and will enter into force on 1 July 2024. The law outlines employees’ rights to rest periods and days off to protect them against working overtime. What does this new law mean for you as an employee or manager? We’ll try to answer that.

Visma Acubiz enters into a strategic partnership with TIMEmSYSTEM, which will elevate the offering of solutions for time registration to new heights.

Visma Acubiz and TIMEmSYSTEM are proudly introducing our partnership mTIME – the ultimate time registration system offering both high functionality and unmatched flexibility. Streamline your workflow effortlessly with features like automated holiday calculations, diverse employment term support, and seamless leave management. Say goodbye to obstacles and hello to productivity!

Opposing opinions on time registration 

While some view it as a restriction on flexibility and a form of control and surveillance of employees, others see it as a necessity to gain insight into how the company’s resources are utilized and to enable more accurate billing. Despite increased administrative costs and the required behavioral change, time tracking can provide managers and employees with a better overview of working hours and patterns.

The world’s top leaders’ predictions for 2024

PwC has asked more than 4,000 CEOs worldwide about how the future looks when speaking of economic growth, technological advancement, ai, and much more.