John Tate’s assessment of the latest risks to technology posed by cyber-crime is not for the faint-hearted.

Last month I was a speaker at an event on social media and cyber technology, run by the Institute of Risk Management’s charity special interest group. This was good timing as April turned out to be a very challenging month for those involved in IT security.

Firstly, one of the most significant security flaws in recent years was discovered – the so-called ‘Heartbleed’ bug. This was a huge hole in security software that had been open for two years.

Criminals could access anything

The affected code was used to protect traffic on two-thirds of the world’s websites and potentially allowed criminals to access almost anything on a computer’s short-term memory. Google, Facebook, Amazon and Dropbox were among the companies that had used this ‘OpenSSL’ software.

Also in April, Microsoft finally stopped providing support for Windows XP.

The last security updates were released in the first half of the month. Worryingly, these last updates fixed two critical security flaws that would have allowed hackers to remotely execute code.

One wonders how many more issues there are still with XP that have not been discovered and which will not be fixed in the future?

XP was released in 2001 – over 12 years ago. Despite its age, the Charity Finance 2014 IT Survey revealed that 37 per cent of UK charities are still using it.

So for XP users there is a risk that further security issues may arise with the operating system – and, if they do, they will not get fixed. So is this the time to upgrade from XP? And how do you make sure you are not affected by the Heartbleed bug?

Before commenting on these questions it is important to put these risks in the context of other threats to your computer systems.

Other software may also have flaws in it which could allow an attacker to access or infect your computers.

Also, there are a host of people and process issues that need to be managed properly to ensure that your IT systems are secure.

In fact, the list of areas you need to manage to reduce the risk of a security breach is horribly long.

Examples include the use of mobile devices and laptops that may hold confidential information, the accessibility of data via USB sticks, password management, ensuring any internal wireless network is correctly configured to protect against external access, physical building security to stop people getting unauthorised access to servers, and backup management.

IT security issues are reported in the press on pretty much a daily basis so they are not going to go away anytime soon. Mobile technology, big data and the cloud are three of the leading areas of new IT investment. These are likely to create more, rather than fewer, security issues.

So back to the questions I asked. Firstly if you are still an XP user I would recommend you seriously consider upgrading to a newer operating system – although the decision to do so is not a foregone conclusion. There is a wealth of material on the web to help you work through the options. Regarding the Heartbleed bug, there is similarly a lot of good information on the web. On the broader issue of managing overall IT risk, the Institute of Risk Management (IRM) provides a good deal of useful material and a free summary of its report on cyber-risk is available on its website.

Smaller organisations targeted

IRM notes that there is often a perception that breaches of IT security ‘will never happen to us’. It points to estimates from the European Commission that more than one million people worldwide are the victims of cyber-crime every day. In fact, the Institute makes the point that criminals are targeting smaller organisations because they perceive them as being less well protected.

It adds that, stripped of the ‘techie speak’, cyber-risk is just another sort of risk which should be properly dealt with within the organisation’s risk management framework and processes.

I hope your approach to IT risk management is up-to-date – if not I’d encourage you to look at this asap.

John Tate is a business consultant, IT adviser to CFG and a visiting lecturer at Cass Business School.