— A foreign businessman comes to the Russian market and starts a company. And immediately he encounters the issue of his business’ information security? What awaits him in Russia?
— Any businessman working in Russia, regardless of his nationality, needs to understand that the most prevalent crime in our country is the theft of money through the online banking system.Unfortunately, little is said about this, but each day around fifty legal entities in Russia lose the money in their bank account. That is just the official statistic. In actual fact, there are a lot more such crimes. Neither large companies nor small and medium-sized businesses are insured against stealing of funds from the company account.Russia is not the exception here: companies are exposed to cyberattacks of varying severity in all the developed countries of the world, and you have to be vigilant at all times.Asan example, only last month, we were able to prevent our clients from losing 12 billion roubles. That’s a great deal of money.
— What is the point in hackers targeting small and medium-sized businesses?
— How do you safeguard yourself from such a threat?
— The basic principle of defence: the computer on which the organization’s transactions are carried out should be used for that alone.The accountant or director uses it only for online banking. We recommend buying a dedicated computer, spending 15–20,000 roubles for this purpose, installing the necessary software, and forbidding any internet access security strategy other than the banking resource itself for updating the software.
How does your computer normally become infected? The user decides to visit an unauthorized site because the subject-matter is of use to him, but that resource has already been hacked. “Sitting” there is a virus program which begins to seek out vulnerabilitieson your computer and downloads the virus onto it. If the virus detects any signs of any kind of payments, it loads a specialized program module. And the intruders begin to see how much you have in your accounts. Theft occurs in such a way in 95% of the cases we have investigated.
— That’s terrible. Say that very same unfortunate incident happens to a company. What is the next step to be taken in such a case?
Certain forms of defence require a certain amount of investment. It is possible to insure yourself against such incidents. In Russia, there are several insurance brokers which have begun to offer such services. It doesn’t cost much: from 20,000 roubles a year, but in the event of a hacking, the insurance enables you to save money on investigating the crime and the subsequent legal actions.
— Is it only foreign companies which run these risks in Russia?
— A very dangerous thing is: data leakage. For the businessman, it deserves to take second place in terms of importance. Employees who have been fired, as ever, like to take confidential information about your company with them. They steal it digitally and by printing it off. If there is a trained lawyer working at your company, he should introduce into the company a non-disclosure agreement regarding commercial secrets.Company employees become aware of this document by signing it. It guarantees that on parting with an undesirable expert, you will take a stand, and a reasonably tough one at that.
There is one more prevalent and, at the same time, simple internet scam. Many foreign companies setting up in Russia obtain a domain name. But a few forget to renew it every year. There is a massive business in our country connected to the purchase of domain names. The “forgetful” company then has to pay three times as much to get it back. If this domain name is “tied” to an email address, then the scammer can, for a time, receive all of your correspondence.
— What means of protecting information would you recommend to the foreign businessman? What do they cost on the Russian market?
2010 — 7bn dollars
2011 — 12.5bn dollars
2012 — 18bn dollars
— Our technology is with the leading Russian service providers, and it is through them that we seek to handle the threat of viruses towards your organization. We don’t protect the end-user’s computer, we try to protect the whole network interaction of your enterprise.
Of the means of “individual” protection for your business, we recommend Bot-Trek Threat Detection Service (TDS): a service we have developed enabling your company to identify in real time any infected parts of your network, prevent data leakage, targeted attacks and industrial espionage using information technology. The cost depends on the number of computers in your network. Don’t be afraid to come to us for a consultation: we give them free of charge. After all, the most unexpected and specific risks can arise, depending on the type of business you are in.