UK businesses need forums from which they can learn and protect themselves against e-crime, according to ICT security leaders who attended an e-Crime Summit in North Wales yesterday.
Organised by e-Crime Wales – the Summit brought five leading digital security experts from firms like Cisco and Symantec together with around 200 businesses to discuss how business can take advantage of emerging trends in technology while ensuring they stay secure online.
The speakers stressed the importance of forums like e-Crime Wales in educating businesses and consumers about the latest threats from cyberspace.
David Hald from authentication provider SMS Passcode spoke on the importance of multi-factor authentication, stressing it is no longer enough to rely on two-factor authentication techniques due to the increasingly sophisticated capabilities of e-criminals.
Hald stressed the scale of the problem, stating that identity theft is rife across the world and that part of the problem is the ease through which this crime can be committed.
Hald pointed to the fact that the skills needed to commit identity theft can be gained online and then carried out from the comfort of a criminal’s own home.
Andy Deacon from network security firm Sophos performed a live hacking exercise on stage; using his laptop to steal data from an iPad in the audience to demonstrate the ease through which such a cyber-attack could be performed.
He said: “All businesses, regardless of their size, need to have a plan in place for handling their online presence – be that their website or however else they use the internet for business.
“This can be done through simple steps, such as ensuring you have the correct security products in place and educating your staff on how to behave when using online technology.
In practical terms this could also mean having different passwords for different online accounts, and ensuring you’re not disclosing sensitive information to people you don’t know.”
Richard Hollis from interactive safety centre The Risk Factory spoke on the importance of companies ensuring they are Payment Card Industry Data Security Standard (PCI DSS) compliant, to manage their risk and ensure they’re handling customers’ credit card details securely.
Hollis asked members of the audience to pass their credit cards to strangers in the auditorium to demonstrate the significance of consumers passing credit card details to companies.
He encouraged businesses themselves to lower risk by ensuring they minimise the amount of data they store on customers.
Later, Hollis delivered a session on mobile device security, during which he said: “These are not just phones we own, they are extremely powerful devices with a wealth of data stored on them. Security therefore must be a constant; it’s basic risk management we’re talking about.
“Businesses who have employees using mobile devices need to undertake a basic audit to make sure they quantify the scale of the issue. They must then implement clear policies to ensure a robust incident response strategy exists in case the security of a mobile device is compromised.”
Martin Lee from IT security specialists Symantec explored how small and medium-sized enterprises (SMEs) can stay safe in the Cloud – With 89% of global organisations at least discussing cloud, Martin advised that businesses establish a data policy and a criteria for a ‘safe’ cloud, whilst evaluating rogue and proposed cloud against said criteria.
Other speakers included Justin Woolen from Cisco, who spoke on the security implications of the Bring Your Own Device (BYOD) workplace trend. He said: “The ubiquity of technology has resulted in a sharp increase in threats from cyberspace which can place a real strain on the ability of organisations to ensure they are not vulnerable to e-Crime.
“Staying ahead of increasingly sophisticated and complex cyber hazards is a growing challenge, but targeted awareness-raising through initiatives like the e-Crime Wales Summit will aid efforts to combat cybercrime.
“Educating businesses and consumers on the importance of IT security has become a necessity in our digital age and it’s great to be part of the e-Crime Summit today.