Technology has radically changed the workplace.
We’ve evolved from a species of hunter gatherers who now communicate on a level Darwin would have been proud of. Next-generation smartphones, cloud technology, artificial intelligence – you name it, our insatiable appetite to store and share data globally, has revolutionised how we communicate. Ironically, our quest to be digitally evolved has exposed us to the dark forces of cyber threats.
Whilst many businesses say cybersecurity is a priority, few actually have any policies in place. Today, survival of the fittest is all about protecting your business. But the question is, what risks are we dealing with and what actions can you take to safeguard your business? Here’s 10 ways cybersecurity risks compromise your business with simple actionable steps you can take to reduce your vulnerability to attacks.
Top 10 cybersecurity risks and what you can do about it now
1. Data loss or breach from stolen or lost devices
Every year thousands of smart phones and laptops are lost or stolen, creating multiple opportunities for sensitive data to be compromised. In a growing BYoD (Bring Your own Device) trend, where personal devices are used in the workplace, businesses are increasingly vulnerable to attacks from multiple pathways. Whether it’s a company phone that’s left on a train or a personal laptop at work, businesses must ensure employees know their responsibilities when it comes to IT security.
What you can do right now: –
- Ensure staff have secure pins and are using two factor authentications
- Ensure staff update their apps regularly
- Use remote wiping features that delete vulnerable data in seconds
2. Inadequate passwords and usernames
We’re all a bit overwhelmed by the sheer number of passwords we have to memorise, with many of us reluctantly admitting to using one password for everything. This year’s first Cybersecurity Survey by the NCSC (National Cyber Security Centre) revealed 42% of Brits expected to lose money to online fraud. Breach analysis also found 23.2 million people who were impacted, used 123456 as their password. Shocking results and a lesson that a well thought out password goes a long way to protecting your data.
What you can do right now: –
- Choose strong passwords and update and change them regularly
- Always opt for 2 factor authentication
- Use different passwords for different websites. If you have to, write them down on a notepad and lock that away securely as you would with any valuables.
Whether you’re hit by whaling, cloning or snowshoeing, phishing emails are one of the most common cyber threats around. They’re the perfect disguise, dressed up as trusted sources with the aim of duping the recipient into believing the email is legitimate enough to hand over sensitive information or click on a link.
Some are more sophisticated than others, targeting businesses, top executives, and governments.
Here’s a few things you can do to ensure you and your employees keep your email safe: –
- Ensure employees learn to recognise and spot phishing emails
- Check the sender’s email address by clicking on it. If it’s a phishing email, it’s bound to look strange
- Don’t click on links, don’t open attachments or download files.
- If you receive an email from a trusted source that looks suspicious, contact the trusted company with a new email rather than replying directly.
- Always browse with a lock icon in the browser and in https.
4. Insider Threats
It’s unfortunate but true – most data breaches can be traced back to staff inadvertently downloading files or clicking on the wrong link from phishing emails. Whether it’s inadequate training or intentional misconduct, employees pose one of the biggest risks, making your business easy prey for cyber attackers.
So what can you do to mitigate the risks?
- Employ the same anti-phishing prevention methods as above
- Organise regular quick sessions of cybersecurity awareness training so your employees are savvy about spotting disguised phishing attempts.
- Limit the amount of data employees have access to by using the policy of least privilege
- Control the use of portable storage deviced
Any computer connected to the internet is vulnerable to potential threats. By using phishing scams, spam email, instant messages and fake websites, hackers send malware to your computer, tricking employees into revealing sensitive data unwittingly.
What you can do right now: –
- Ensure your IT department installs patches and software upgrades as soon as they’re available
- Ensure your network firewalls and anti-virus are up to date
- Ensure staff practice safe email and malware protocols
6. Malware Attacks
Malicious software, spyware and viruses are just some of the ways Malware gets past weaknesses in your IT systems. This is usually via a user who unwittingly clicks on a dangerous link or email attachment. Once inside, it can cause chaos by disrupting systems, stealing sensitive data and over-loading your systems, networks and servers with traffic, so they’re unable to function correctly.
With so much at risk what can you do?
- Protect your vulnerabilities by updating your operating systems, browsers and plugins. Not doing this is an open door for cybercriminals to have a field day!
- Remove software you don’t use or isn’t fully supported with the ability to patch. You’ll be exposed to potential attacks if you don’t
- Pay attention to your emails by recognising phishing emails. Is the language in the email a bit off-key? Does the URL look legitimate? Are there any strange looking line-breaks?
- Practice good internet housekeeping by using strong passwords, ensuring you’re on a secure connection and always log out of websites, so hackers don’t access your session cookies and impersonate you.
- Use fire-walls and anti-malware technology to protect your systems
7. Cloud Abuse
Company information stored in the cloud can be accessed from various locations and through numerous devices whilst on the go. However, hackers are increasingly using the cloud to carry out attacks using popular cloud platforms and exploiting vulnerabilities. Storing data without encryption, lack of multi-factor authentication and poor certificate and key management, can lead to frequent data breaches in cloud hosted applications. Also weak API interfaces pose a threat.
What you can do right now: –
- Restrict employees from installing cloud based apps on to devices used for work
- Ensure multi-factor authentication is used by all employees
8. Internet of Things (IoT)
The Internet of Things enables everyday objects to be connected to the internet where they collect, share data and communicate, all without the need for people. We’re talking app controlled alarms systems and vending machines that never run out of snacks. Sounds great, but constant connectivity means multiple opportunities for systems and data to be compromised. If employees bring consumer devices into the office with only the very basic of security controls, there’s potential for these devices to record locations and data about employees and workplaces.
Here’s a few things to implement relatively quickly: –
- For personal devices bought in by staff, implement an isolated staff WiFi to safeguard them
- Mobile Device Manager – control what users can do with that device
9. Shadow IT Systems
Intriguing as it sounds, Shadow IT is to some extent still shrouded in mystery. It refers to employees using software, applications and systems without their IT department knowing. So what can IT departments do about something they don’t know about, can’t see and therefore can’t protect? Well there’s no quick wins here I’m afraid. Shadow IT is so elusive that it’s too important not to mention.
In the meantime, here are a few pointers: –
- Ensure everyone in your IT department is aware of Shadow IT is and vulnerabilities associated to it
- Develop the right internal policies and educate employees on how harmful Shadow IT can be to an organisation
10. Ransomware Threats
Ransomware encrypts your data so it can’t be accessed until a ransom is paid in return for a key to unlock code. This can be delivered via malicious emails, links from outside websites or from gateways via the IoT devices. Another form of malware attack, these threats tend to create fear or a sense of urgency that prompts the user to click on a link and allow the hacker full access to their info. Here’s what you can do for this particularly nasty type of threat
- Make sure your business has good anti-threat technology in place with anti-virus and anti-malware protection software
- Ensure your staff are up to speed with spotting these emails
- Keep your apps updated and encourage your staff to keep their personal apps updated
- Make sure your data is backed up to allow you to recover files that are unencrypted and ensure you test your back-ups.
To find out more about reducing cyber risks and improving your cybersecurity, contact us. Each business is unique and we’re specialists in providing tailored IT solutions that meet your business’ needs.