Cybercrime’s everywhere. Is your business prepared?
Find out in nine questions ...
Absolutely no idea
OK, no problem. Have another go – the answer’s here somewhere.
A convincing but fake email, asking you to send to ten other people or else
Nope. That’s just one of those annoying ‘you’ll have bad luck for life if you don’t do this’ nonsenses for the gullible. Try again.
A convincing but fake email, tricking you into sharing personal or confidential info such as a password or credit card number
Bingo. Being suspicious of every unsolicited email, while not always practical, is the best way to avoid compromising your data.
That’s not how you spell fishing
Right, OK. Tiny misunderstanding. Best try again.
A looks-legit email from your CEO asks you to transfer £12,000 to a new account. Do you:
Do it, no question. It’s from your CEO, after all
Oops. You’ve just been a victim of spear phishing. That’s twelve grand you’ll never see again (and you might want to start looking for a new job, too).
Forward the email to accounts to deal with
Logical but unwise. Passing on a spear-phishing email like this can make it look OK. Send it on by all means but suggest accounts speak to the CEO directly too, just in case.
Speak to your CEO and double-check the details
Good job. You’ve just sidestepped a spear-phishing landmine and saved your company twelve grand.
Do nothing and flag the email to IT
Sound idea. Assuming your IT guys are on the ball, they should be able to spot a spear-phishing email like this and give everyone a heads up.
Choosing a new password?
Select the three things that’ll make it more secure
A combination of uppercase and lowercase letters
Your pet’s name/fav holiday destination/child’s name
Your surname with your birth year on the end
A random collection of symbols, letters and numbers
A single, recognisable word
Using at least eight characters
You can’t access your systems or software, but you do have an ominous email demanding 10 bitcoin (roughly £10,000) to restore everything. What do you do first?
Call your solicitor, your IT guys, your cyber liability insurer and anyone else you think can help
Not a bad place to start, and you’ll certainly need professional help at some point. Might be worthwhile seeing if you can get past the ransomware first, though.
Contact the police
Cybercrime is well named. You’ve just become a victim of ransomware and you’ll have to report it at some point, but there are more urgent things to take care of first. Have another go.
Unplug from the internet and isolate infected machines
Good choice. Physically disconnecting from networks can help limit the ransomware’s impact, and restoring from backup can be effective. You’ll need IT expertise to remove any traces of the ransomware from your system though.
Turn everything off and on again
Yeah, that’s not going to work. Try again.
And then what do you do?
Delete the email
You could, but it’s just scratching the surface. The ransomware has already disabled your systems and deleting the email won’t change anything. Try again.
Reply and negotiate
Don’t engage. At all. There are ways around ransomware and talking to the perpetrators is just wasting the time you’ve got to do it. Try again.
Ransomware won’t go away if you pretend it isn’t there. Besides which, if nothing’s working, business as usual isn’t really possible. Try again.
Absolutely not. Ransomware can be dealt with and paying up is a last resort. Try again.
Sorry, this one’s a bit of a trick question. Truth is, all these have the potential to make things worse not better. If you’re not sure, it’s best to wait for advice from the experts before doing anything else.
Roughly how much does a small business need to fix a hack?
Drag the necessary task to its likely cost.
Legal help to tell regulators & customers
System & website repairs
PR & crisis management (1 month)
Investigating the attack
Your business gets an email from a supplier trumpeting their new website. There’s a shortened link in the email. Do you:
Go ahead and click the link
Oops. Neither the link nor the email were genuine. You’ve just opened the door to a particularly nasty virus and it’s spreading throughout your network. Time to call IT.
Delete the email and tell everyone else to do the same
Overkill perhaps, but you can’t be too careful. And you can always go direct to the website to have a look.
Go direct to their website without clicking the link
A sound option. If their website has changed you still get to see it.
Ask IT to have a look before doing anything
Sensible. Always get an expert’s opinion if you’re not sure.
Malevolent firmware – permanently installed software that prevents access to your data
Nope, try again.
Malicious hardware – equipment that breaks down after a preset time to disable other systems
Close but not quite. Try again.
Malicious software – software designed to infiltrate, damage and disable computers
Well done. But do you know how to spot it?
Malodorous cookware – a pan that always seems to smell of curry no matter how many times you wash it
Possibly, yes. But not quite where we’re going with this. Try again.
Uh-oh, you've been hacked!
You need to do something, and quickly.
Put the following tasks in priority order, most urgent first. They turn green when they’re right.
Be quick, the clock’s ticking ...
Phew, good job.
And just in time, too.
Thankfully, in real life, you don't need to be such an expert because cyber liability insurance takes care of these things for you. Not quite in 45 seconds, granted, but it's definitely the quick and easy option.
This cyber stuff's tougher than it looks.
Thankfully, in real life, cyber liability insurance takes care of these things for you.
Not quite in 45 seconds, granted, but it's definitely the quick and easy option.