Please configure

7 tips to protect your business from Mr. Robot ©

Subscribe now for insights, opinion and advice to inspire you and your team on your digital journey.
 
The TV series Mr. Robot has given us a view of what the hackers’ world is really like and shown us that their key weapon is social capability as much as it is technical. It’s this social side of cybersecurity that can cause much distress to New Zealand businesses.

So what’s your idea of a hacker? Young, probably male, socially inept, lives in his mother’s basement where he takes down mega-corporations’ data networks for fun and profit by night, right?

 

Mr. Robot has shown us there’s a bit of truth in that stereotype but there are other groups - including organised crime syndicates - using charisma and psychology to cause trouble.

 

Could this happen to you?

 

Take Tony Krzyzewski (TonyK.nz). He’s spent 30 years helping IT managers explain the problem of cybersecurity to senior management. Tony is what most people picture when they think of an IT manager.

 

       Key learnings

 

  • Technology isn’t enough. You need to understand the social elements as well.

 

  •  Back up your data offsite so if you are hacked you can carry on.

 

  •  Verify, validate, fact check. If in doubt about a request, ask someone.

 

  • Policy and procedure are your friend. Many businesses tend not to have these. Get some.

 

By pretending to be someone you aren’t, called  ‘pretexting’, you gain access when you shouldn’t. In Mr. Robot, Elliot  uses pretexting to gather information about another character over the  phone.

 

Tony continues, “I’ll print something from HR and take it to my meeting. When the client says they don’t believe they have any security problems, I show them everyone’s pay rates - or whatever - and  that generally has the desired effect.” Tony believes there’s good news and bad for small and medium business owners today.

 

So how hackable is your business?

 

“The good news is people are generally more switched on about security than  ever before. The bad news is this is the scariest year I’ve ever seen and it’s only getting worse,” says Tony.

 

SMEs are particularly vulnerable because they tend not to have professional  help and have lumped all their data, files, apps and so on into one pot  which everyone in the company has access to.

 

“That means you’re more at risk from an attack than a larger corporate which will have put in place policies and procedures to prevent attacks from being successful.”

 

Every business can be a target

 

Ling Hou is Spark’s portfolio director for security and he says social media has provided yet another vector for attacks on company data.

 

As Elliot  demonstrates in the show, access to social media means you have access  to all the clues you need to solve the puzzle of who your target is.

 

“If you wanted to, you could find a friend’s LinkedIn profile, copy it, set up a new profile using that name and all those details and start  inviting people you know to join. You’ll get a lot of people connecting  to your account.”

 

While a fake  LinkedIn account may not sound like a major problem, the real fraud  occurs when the hacker asks one of these duped people for a connection  into a company or senior manager and from there you have an access point and a relationship that appears to be based on trust but is fraudulent.“

 

They may not use this connection immediately. Much better to sit on it and wait and treat it as an asset.”

 

Ling says technology encourages this kind of behaviour. There are benefits to turning on location services on your mobile device but at the same time you’re letting everyone know you’re not at home or at the office and that means you’re vulnerable.

 

How to help yourself and your business stay secure

 

It’s not all gloom and doom though. Our experts say there are a number of things to do to protect your business.

1. Keep your system up to date. Don’t leave a computer with yesterday’s security settings.

2. Be careful with USB sticks, or as Tony calls them, ‘Uncontrolled Security Breaches’. Institute a policy about copying and sharing files.

3. Policies and procedures are your friend. The company procedure for setting up a new account or paying an invoice should be followed at all times – if someone’s asking you to work around the process, that’s a red flag.

4. Social engineering comes in all forms. Just because the caller says they’re from tech support doesn’t mean they really are. Check with their manager first.

5. If there’s any doubt, act on it. Don’t think ‘Oh I’m sure it’ll be OK’. Double check.

6. Back all your data up off site. That way if or when you are attacked, you can walk away from the infected machine and start again with your saved data.

7. Don’t use the same password for multiple services because if one gets hacked you’re exposed in others as a result.

 

What’s next for you?

If you want to better protect your company’s security systems, get in touch. We can review the tools you’re using and suggest the right services for your company’s size and requirements. And if you haven’t yet seen Mr. Robot, you can find out more about it and watch seasons one and two on Lightbox.

With 24/7 connectivity, how do you create a balance between work and life when you’re always ‘switched on’? We asked some busy people for tips on how to both get away from technology and use it to a balanced advantage.  

 

The issues getting in the way

“Before smartphones and email syncing, we tended to have greater separation between work and non-work time. As that separation has diminished, many feel like they never have time to recharge the batteries,” says Simon Moutter, Managing Director of Spark New Zealand. “We’re not going to change the reality of the online world, so we need to manage the balance through discipline combined with flexibility, as paradoxical as that sounds.”

RATE:
Thanks! We're sorry to hear that!

Please configure