Are you infecting your customers?
Do you know what you are sending out?
Earlier in the year mobile provide O2 had marketing campaign where they were promoting an e-book. To distribute their e-book they sent out free USB memory sticks to their customers. Unfortunately for them the e-book wasn’t the only thing on the USB sticks and unwitting customers that plugged the USB sticks into a windows devices found themselves infect with a virus.
This incident highlights what is becoming an increasingly common problem, businesses accidentally putting their customers at risk. If it can happen to big organisations like O2 then it can happen to any business big or small.
These incidents can have serious consequences for a business beyond the reputation damage and negative PR that are irreversible the business could face legal action, fines and lose accreditation. With GDPR on the horizon possible the fines about to get a lot bigger can your business afford a £16000000 fine?
So how does it happen?
- The first step to infecting your customers is your system being compromised. Either a hacker gains access to your system or your system gets a malware infection.
- Next any method you use to communicate with customers can be exploited to spread malware. Emails can contain links to infected websites or infected attachments, systems that your customers use such your websites or your apps can be used to infect whatever device connect in. Social media can be used spam your customers with links to malicious or phishing website.
- The problem is identified your business begin the costly process of damage control, investigation, possible litigation and fixing.
- Finally, if the problem from step one is not properly rectified then step two will be repeated again.
How can I stop it?
The best way to stop infections from spreading to you customers is not to get them in the first place and to
- Security software: This helps secure the devices on network
- Staff training: This makes your staff aware of the risk and the best practices to follow to make themselves more secure.
- Comprehensive policies: Much like training this ensure that staff under the risk and use businesses devices safely and securely.
- Software updates: It is important keep your software update to remove vulnerabilities as they are discovered.
To stop hackers exploiting vulnerabilities you should first identity what vulnerabilities you have through audits, scans and penetration tests. Once you have found the vulnerabilities you can take action to fix them before they are exploited.