Now more than ever, cybersecurity is the key to business continuity and productivity. Whether you’re looking to protect yourself from a data breach, avoid costly network downtime, or implement secure practices for employees traveling on business or working remotely, your organization can benefit from assessing and addressing its vulnerabilities.
Wondering what threats you might face? With data security at the forefront of our concerns, our security expert, Charles Andrews (better known as Andy), has outlined the top 5 cybersecurity threats facing companies across industries today. Learn more and protect your business!
5. Insider Threats
In a study by Ponemon Institute, 62% of employees surveyed reported that they had access to sensitive company data that they didn’t need to do their jobs. What’s more, Verizon indicated that 25% of the data breaches they reviewed in their 2017 report were caused by insider threats.
When employees have free range over sensitive information, insider threats become more common and the burden of a data breach is left on the employer’s shoulders. Not only that, but many companies lack proper procedures for revoking access once someone is no longer employed with the company.
According to Andy, “A lot of people take into consideration when a new user starts, but we’ve seen cases where someone got fired or someone left the organization two or three weeks ago, and no one sent an email to IT letting them know to deactivate that user’s access, which is a glaring security hole.”
Fortunately, data breaches can be prevented through employee training, restricted access to sensitive information, and a seamless integration of security protocols into your company culture.
Andy’s Tips
- Limit employee access to only the data they need.
- Use separation of duties where needed.
- Establish clear company processes and procedures to bolster data security.
- Control the offboarding process as well as onboarding.
- Utilize data monitoring and auditing technology to track anomalous behavior.
- Use a Data Loss Prevention (DLP) program to send an alert if someone tries to exfiltrate sensitive data, such as bank account information or Social Security numbers.
4. Passwords
It’s a common misconception that a password is all it takes to protect your information. Forbes reported that there are around 15 billion stolen passwords available for sale on the dark web, giving us a glimpse into how widespread an issue this is.
Earlier this month, the CyberNews Investigation team analyzed 15,212,645,925 passwords from across the globe that were breached and publicly released. Less than 15% of the passwords were unique and over 75% of the passwords included 10 or fewer characters, suggesting that an overwhelming majority of passwords are weak and easy to guess.
Andy said, “These easy-to-guess passwords leave your data open to brute force attacks, such as a dictionary attack, which guesses passwords until it gets it right.” Furthermore, a survey conducted by Google revealed that 65% of respondents reused a password across multiple accounts, if not every account.
Weak or outdated passwords can leave your organization’s accounts vulnerable to a cyberattack, putting you at risk of data loss as well as company downtime, which can quickly rack up a high price.
Andy’s Tips
The best way to handle the issue of weak passwords is proper employee training and authentication, said Andy. Your company should have at least a two-factor authentication (2FA) to validate user identity, and passwords should be changed at least once every six months. In industries where HIPAA compliance is a factor, organizations should consider changing their passwords at least once every three months.
3. Ransomware
The rate at which ransomware has exploded is alarming. In 2014, there were just 3.2 million ransomware attacks worldwide. In 2019, there were 188 million, and these attacks only continue to grow in popularity and sophistication as more people work remotely.
Hackers have moved away from hitting the occasional laptop or desktop, instead developing more patient strategies to infect and encrypt file servers, web servers, and more.
There’s a common misconception that small businesses don’t get targeted often by hackers. Tech Times reported that 71% of ransomware attacks were aimed at small businesses, with an average ransom of more than $100,000.
“Cybercriminals know that small businesses are more likely to pay up because they often don’t have the most robust backup solutions,” Andy said. “Backups are important, not just in case a server breaks down, but also in case someone manages to get ransomware on your network and effectively torches your data.”
Andy’s Tips
The two best ways to protect your organization from ransomware are:
- Implementing a centrally managed antivirus software that will alert you to infections and monitor your endpoints.
- Regularly backing up your data, as well as checking to make sure it’s backing up correctly. According to Andy, too many companies run backups without confirming that they’re working properly. “And if you don’t have backups,” Andy said, “I don’t have enough coffee for that discussion!”
2. Phishing
Phishing is one of the most common cyberattacks affecting businesses today. In fact, the SANS Institute reports that phishing is responsible for a whopping 95% of attacks on company networks. It only takes one of the many employees on an enterprise network clicking on a malicious link in a phishing email.
While there are a number of ways to filter out a large portion of these emails, some will invariably get through. According to Andy, “End users need to be able to spot phishing attacks and flag them without being tempted to click a link. It’s important for a framework to be in place for sensitive tasks like these.”
Andy’s Tips
The most effective way to combat phishing is to prioritize user training. Your organization should have a system in place to properly filter emails as well, and you can even add a banner for emails that originate from outside your organization. But nothing can replace having knowledgeable staff who are able to catch phishing attacks before they harm your business.
1. Failed Compliance
Failed compliance is the number one concern that companies should know about. “Compliance can be a nightmare if left unchecked,” said Andy.
Whether it’s HIPAA, PCI, GDPR, GLBA, or another regulation, failed compliance could put you out of business. The American Medical Association states that each HIPAA violation could cost your organization up to $50,000, with an annual cap of $1.5 million for repeat violations.
Compliance can be a tangled web of provisions, audits, and fines, but these regulations are in place to ultimately protect the sensitive data of your customers and your business.
Andy’s Tips
Vulnerability scans, keeping IT systems updated, and proper monitoring and management are the best ways to stay ahead of the curve. As a business owner, it is vital that you stay on top of the constantly evolving regulations in your industry and keep your organization prepared for anything.
Improve Your Security with Guardian Computer
You already have enough on your plate. Let the professionals handle your security, so you can focus on your business.
Guardian Computer has been serving businesses across the U.S. since 1996. With knowledgeable IT professionals like Andy, a Certified Information Systems Security Professional (CISSP), our team can help you navigate these security challenges and many others.
Contact us today and build the cyber resilience you need to thrive through 2021 and beyond!
[…] Microsoft routinely does secure monitoring and testing for Azure. In one of these exercises, they set up two teams, one attempting to hack the infrastructure and the other defending it. When the teams are finished with their testing, they take the information they’ve learned and implement it into the Azure operational security process. By doing this, Microsoft’s team stays continuously aware of the best ways to anticipate, detect, and respond to hacking attempts. […]