How to avoid becoming a victim of cyber crime

We bring an excerpt of our podcast with Thomas Wong, Improsec, where we talk about threats in relation to having your data compromised.
Support talking with headset

Content

This blog post is written based on an interview with Thomas Wong, Improsec, in the podcast Regnskabets Time, season 2 episode 4
The convenience store chain 7-eleven was hit by a possible hacker attack last week, which ended up closing all of its stores in Denmark.  We feel that it must be appropriate that we bring an excerpt of our podcast with Thomas Wong from Improsec, where we got to talk about the current threat concerning having one’s data compromised by cybercriminals.

Interviewer: We talked a bit before we sat down to record today, Thomas. You told me that many Danish companies do not have the necessary level of IT security. Can you try to elaborate a bit on that?

Thomas: Yes. What I mean is that the vast majority of companies would like to focus on IT security. But when it comes to getting it incorporated into the company’s culture, it often turns out to be far more difficult to dedicate resources to it than first expected. It can, for example, be in relation to getting these basic things done, such as risk assessments or a business continuity plan, which tells you what to do if things go wrong. The day things go wrong, the snowball you have pushed in front of you has just gotten much bigger. Most businesses will be compromised at one point or another, so it’s a matter of making sure the amount of damage is as small as possible. So it is important to be well prepared for an attack.

Interviewer: Today, quite a few companies use cloud-based IT solutions. What exactly do you have to pay attention to concerning the security of a cloud solution?

Thomas: That is a very broad question. But one of the most important things to be clear about is who is responsible and when. The supplier has a responsibility. But only until their service “stops”. When a SaaS solution delivers data into a company’s operating system or the like, it is, therefore, the company’s responsibility that it is stored securely and that the system is sufficiently updated.

Interviewer: As an employee or user of a cloud solution, what can you do yourself to increase the level of security?

Thomas: Quite simply: Choose a good password. Do not reuse passwords. And this also applies in cases where you use different usernames, email accounts or the like – don’t reuse passwords. Here I also believe that you should not change your passwords according to a pattern that is easily recognisable. Last but not least, work-related and private things must also be kept separate. If everyone did that, and stopped checking their private email from their work computer, there would be fewer attacks.

Interviewer: How do you discover that you are under attack?

Thomas: First it starts as an operational disruption – there are files that can no longer be accessed, programs that no longer work and then this is usually followed up with a message which states that you can get your things back if you pay for it. Usually worded in a very nice and polite way. After this, it is quite important to be open about things. An attack can last a long time, and it’s perfectly okay to be open about it. But what should happen next, is that the company should follow the aforementioned business continuity plans. Then you know what to do in all phases of the attack and the subsequent recovery phase. It will save an incredible amount of time and ultimately money.
Some of the companies that have been hit very hard are those that do not have plans ready in advance. In many cases, the public may not even hear that there has been an attack. Because the company has acted quickly, since there was a clear plan and strategy for what to do before, during and after the attack.

Interviewer: Should companies pay the attackers in order for them to stop?

Thomas: I would not recommend that to my clients. I say that from an ethical aspect. But having said that, I can come up with examples of where it would make sense for a company to pay off the attack. It could, for example, be in a case where the company simply will not be able to continue and where bankruptcy will be the natural consequence of the attack. Here it can be difficult to say that you have a choice. But if you choose to go down that path, I would also recommend that you work with some professionals who have experience in negotiating with cybercriminals.
However, if you want to avoid being in a situation where you even have to consider paying off an attack, then risk assessment, training, preparation, penetration tests, etc. are the way forward. It sounds very sad, but it may end up being the most important investment the company has ever made.

Related articles

Why company policies are important when you manage employee expenses

Explore the significance of company policies in managing employee expenses effectively. Enforcing policies ensures cost savings, simplifies employee routines, and enhances transparency.

Why Should You Automate Your Invoice Management?

Optimising work processes and efficient workflows are high-priority focus areas for both larger and smaller companies. To keep up with the time and developments in the market, these are essential considerations you should make. The process of invoice management represents an area with significant room for improvement, where both time and money can be saved.

Can I have a digital receipt, please?

Receipts are important. A receipt is your proof of purchase for goods or services. Receipts are important to consumers, if we, at some point need to complain about the goods or services that we’ve bought.

Digital receipts in a B2B context

Embracing digital receipts in the B2B sphere requires a deeper understanding of professional buying behavior. While the concept is promising, current solutions often miss the mark, largely catering to private consumers. Bridging these gaps can revolutionize expense management for business users.

3 Fintech trends in 2025

What will AI mean for the financial sector in 2025? Can advanced cybersecurity protect our digital data? And how will sustainable financial products change the way we invest responsibly?

Plus

For businesses looking for smarter expense management with additional features for policies and approvals.

Plus

Din anbfealede pakke: Plus

Vi anbefaler Acubiz Advanced til dig, der ønsker fuld kontrol og maksimal fleksibilitet i dit regnskabsarbejde. Med Acubiz Advanced kan du integrere centrale forretningssystemer og skræddersy en optimal løsning, der passer præcist til dine behov. 

Premium

For businesses with complex needs that require a scalable solution with advanced features.

Premium

Din anbfealede pakke: Premium

Vi anbefaler Acubiz Premium til dig, der ønsker fuld kontrol og maksimal fleksibilitet i dit regnskabsarbejde. Med Acubiz Premium kan du integrere centrale forretningssystemer og skræddersy en optimal løsning, der passer præcist til dine behov. 

Lite

For businesses that need a simple solution for managing expenses and company cards without complexity.

Lite

Din anbfealede pakke: Lite

Vi anbefaler Acubiz Lite til dig, der ønsker en simpel løsning til  kontrol over dine udgifter og firmakort i dit regnskabsarbejde. 

POPULAR

Advanced

For businesses with multiple entities streamlining expense management with dimensions and advanced approvals.

Advanced

Din anbfealede pakke: Advanced

Vi anbefaler Acubiz Advanced til dig, der ønsker fuld kontrol og maksimal fleksibilitet i dit regnskabsarbejde. Med Acubiz Advanced kan du integrere centrale forretningssystemer og skræddersy en optimal løsning, der passer præcist til dine behov.