Hacking Scams – who is liable?

Hacking attempts occur more often than is realised, especially in smaller business environment.

It would be foolish to assume that SMME’s are not targets for cyber-attacks and hacking scams. Sure, it may have a smaller impact than it would have on a Fortune 500 company, but it is all relative. SMMEs are often an entry point into these larger businesses since the security investment by smaller companies is far less than their larger counterparts. It is said “Show me your budget and I will tell you what your priorities are” and nothing rings truer when it comes to investment in security.

So, the big question is: Who is liable should a hacker violate my clients’ data?

In a recent investigation into a cyber-attacks which affected many millions of US Federal Citizens’ private information, it was not clear where the blame would reside when Chinese hackers managed to infiltrate what was supposedly tight firewalls.

How to prevent confusion about who is liable?

It needs to be clear before you sign up a client – who is liable for lost data, stolen data, and heaven forbid, data used in the process of identity fraud.

Every day we, as individuals, are opening ourselves up to the potential risk of having our personal information hacked.

Let us take Facebook as an example. How many people do you know that have had their profile copied – maybe two? Are the owners of FB held responsible? No – because their policies are very clear.

You cannot afford to be known as the company that won’t take responsibility for your customer’s data being at risk or carry the reputation damage from being hacked.

What are hackers looking for?

• Email addresses
• Profile details, whether it be Skype, Facebook, gaming profiles, software license information
• Payment information, obtained from companies such as PayPal, Amazon, eBay, bank accounts and others
• Invoices and methods to impersonate your suppliers which result in payments into the wrong bank accounts
Hackers will also encrypt servers and files with the promise of decrypting the data if their ransom is paid, commonly known as Ransomware (normally in a digital currency such as Bitcoin).

How to avoid the “who is liable” dilemma?

It is crucial for companies to take responsibility for managing their security risk. A layered approach is the only solution.

Evolv Networks has partnered with the best in industry protection to create S1 Advanced Threat Protection which provides the layers of protection needed.

This protection includes application behaviour monitoring to disable trusted applications which behave in a malicious manner. It further provides security update management for Windows and 3rd party products such as Java and Adobe which are easy entry points into systems when they are not updated. Weaponized attachment and web link scanning provides further protection for email-borne attacks, including CEO fraud attempts which impersonate senior management to affect payments to suppliers.

The last layer is the human element where proper training provides staff with the knowledge to be the final barrier.

No solution is immune to attacks, but it is the responsibility of business to make it as difficult as possible.

If you don’t know how you would handle a hacking scam, then you need to consider a professional partner who does. Evolv Networks can ensure that your current setup is full-proof, so that you don’t need to worry about who is liable or not. Contact us today for your free assessment.

Subscribe

Stay up to date with the latest industry developments.