The business world is becoming increasingly dependent on digital structure and assets. In 2020, it is imperative that your organization stay aware of modern cybersecurity threats while having preventive plans for these attacks.
Familiarizing yourself with the most prominent cybersecurity issues is the best way to begin your defense of company information and mitigation of liability. Make sure that these different types of attacks are on your radar.
No one wants to be the one who falls for a phishing scam. That being said, there’s a reason that people are still clicking on risky links, leaving credentials unprotected, and visiting unverified sites: these techniques are meant to trick you!
While there is no fool-proof way to make sure you or your team do not fall prey to phishing, we advise you take the following measures:
- Use anti-phishing toolbars
- Keep your browser current and updated
- Don’t click on unverified popups
- Do not give out personal info to unverified sources
- Use firewalls and antivirus software on all your devices
Ransomware is one of the top 3 most frequent malware attacks according to Verizon’s 2020 Data Breach Report. We’re going to specifically focus on email, as it is the most common medium for Ransomware breaches.
Much like all the attacks we’re focusing on in this blog, human error is built into the strategy of the perpetrators, so educating your team on these points is key:
- Do not open questionable email attachments.
- Avoid giving out personal or company data (this is going to come up often)!
- Don’t click unverified links.
- Keep security software up to date, including server content scanning.
- Backup all your data so that if you are the victim of Ransomware, you can react quickly.
The Internet of Things
Internet of Things is a term that many people are unfamiliar with, but creates dual benefit and risk for businesses. Simply put, the IoT is the way interrelated devices communicate with each other using a mechanism called unique identifiers. We’ll save the full technical analysis, but you need to know that they allow for exponential connectivity, and in turn, higher risk if left unchecked.
The best way to preempt the Internet of Things from becoming a hidden monster is to ensure that your devices have proper security built in. This might sound easier said than done given how new the IoT is, so here are a few tips:
-Only purchase products that offer security features that can be hardened and updated through firmware.
-Make sure devices have secure boot features to ensure a boot halt if there is unregistered code present.
-Secure your network and/or use a VPN.
-Use password protection on all devices to keep your data safe.
Social engineering is the 2020 version of prize-giveaway phone calls; people are targeted for their natural tendencies to explore what sound like enticing opportunities to win sums of money or gain access to information.
Continuing our common theme of preemptive measures and team education, consider the following remedies to Social Engineering:
- Think about offers and prizes and decide not to click on them – they are fake.
- Look for inconsistencies and strange links in emails that are sent to you. This is known as spoofing, and is a sign that someone has hacked a contact.
- Never download a file from an untrusted source.
- Set spam filters to high in your workplace to avoid pitfalls of Social engineering as much as possible.
- Update your team on security policies often, as these types of attacks are broad and evolve quickly.
Human error is the most common thread among modern cybersecurity threats, and social media breaches capitalize on this. We have a few quick tips to help your organization avoid being targeted by attacks through what seem like innocuous platforms:
-Do not provide personal or company information to gain access to anything. It is easy to get pulled in by the consumptive nature of scrolling and exploring, but will prove costly if unchecked.
-Avoid using unsecured devices while on a work network. This concept is helped by server practices and personal device practices, so emphasize it strongly.
-Get rid of unused social media accounts: they are invitations for hackers to wreak havoc in many ways.
-Consider every action you take while using social media on business time.
Third Party Attacks
Also known as value-chain or supply chain targeting, this is when there is an infiltration of your systems though a partner or provider you work with. As business becomes more connected and data sharing is done at rapid speeds through innumerable devices, it is easy to see how this could become an issue. Try to implement these items on your Third Party Checklist:
- Assess vendor risk for entering and exiting a partnership. This might mean using consent forms, requiring a written policy from a vendor about their sector compliance, or monitoring their actions.
- Be up front and collaborative with your vendors about your safety concerns. We’ve mentioned human error being the leading indicator in malware cases, and if you are on the same page as a client or partner, it will make things easier every step of the way.
- Build cybersecurity clauses into contracts when necessary. You don’t want to be legally on the hook for a vendor who is non-compliant with preventative policies.
- Make sure to check the security rating of third party providers. There are many easy and accessible ways to check a cybersecurity rating that will let you know if your vendor has a healthy grasp of safety in their organization.
Each tip for preventing malware may seem like a no-brainer on paper, but human error and policy breach are all-too-common with the space of a cloud-based workplace. Consistently review these risks, update your policies, and teach your team how to recognize breaches.
Your main focus should be keeping your business humming and fulfilling demand. Modern cybersecurity threats can waste valuable time and resources, and that’s why we work to protect your assets with our managed IT services. Contact us today to learn more about how we can help you protect your most valuable business assets and keep you focused on your organization’s needs.