Brought to you by BairesDev:
A cyberattack can seriously harm or even break your business in several ways: by preventing you from accessing your own data, decreasing customer trust, or costing you considerable time and money as you try to repair the damage. This is true for any type of company, including a retail establishment, a large manufacturing business, or a Java development agency. So, no matter what kind of company you run, cybersecurity should always be top of mind.
Unfortunately, cybercriminals are crafty and are constantly inventing new ways to break through any preventive measures you may have in place. So, the cybersecurity plan you implemented a year ago may no longer be sufficient, especially if you now have more employees working from home.
Following are several of the most current cybersecurity threats and what you can do to prevent them.
The idea behind ransomware is in its name: ransom. With it, cybercriminals lock you out of your own data and hold it until you pay a specified amount of money. In the past, companies have worked around this problem by ensuring they have backups of all their data.
But the bad actors have come up with a workaround too. They’re now threatening to not only hold your data but distribute it to the public or to a particular recipient to get your company into trouble. This tactic is known as an extortion attack.
For example, if you run a medical office and private patient health information is revealed, you could end up having to pay a fine, or multiple fines, as punishment for allowing the information to be revealed — even if it wasn’t your fault.
Unfortunately, companies are now resorting to buying insurance, and the bad guys are all too eager to make their ransom amount exactly what they know the insurance companies will pay.
The better way to prevent this situation is to maintain strict online hygiene and train your staff to do so as well, so the bad guys can’t access your data. This includes not activating links in email messages from unknown senders, never plugging a found USB drive into your computer (see USB Baiting below), and keeping virus prevention software up to date.
2. Cloud Attacks
With so many companies moving to a largely remote workforce during the COVID-19 pandemic, and with a good portion planning to stay that way, more data is being stored in the cloud.
Cybercriminals are also using cloud services but as entry points for their malicious activities, grabbing data they can sell on the dark web, or setting up a ransomware attack.
Companies can prevent this type of attack by enabling strong passwords, two-factor authentication (2FA), and any security features that come with the service. You should also enact strict policies around dealing with lost credentials and those of former employees.
Phishing — the use of email links to send victims to a site that collects private information — has now expanded to voicemail and text messages as well. Voice mail phishing is known as vishing and text phishing is known as smishing. The purpose of all of them is the same: cybercriminals getting you to hand over your valuable private information so they can sell it on the dark web.
Some of these operations may even use the information they’ve collected from those same sources to make it sound like they already know something about you and already do business with you. Current events can drive up the number of phishing instances. For example, a huge surge in phishing emails occurred in the early days of the pandemic, as cyber criminals took advantage of people’s lack of experience with remote work applications, or their anxieties related to the virus or their finances.
Here’s a common scenario. You swipe your badge to enter your workplace and notice that the UPS guy is right behind you, carrying a stack of packages. It’s only polite to hold the door for him, so you let him in. But what if he’s not the UPS guy, but a cybercriminal with the intention of breaking into office computers?
If your company doesn’t have proper procedures in place for swiping badges, signing non-employees in, and knowing where they are at all times, this person could potentially roam throughout your organization, downloading data or even swiping computers or other devices while employees are away from their desks. This action is known as tailgating.
The way to prevent it is to have a strict system in place for monitoring who goes in and out of the building. You should also instruct employees to lock away sensitive information and lock their computers, even if they step away from their desks for only a few minutes.
5. USB Baiting
Here’s another common scenario. You arrive in the parking lot at your workplace. and as you walk toward the building, you see a USB drive on the ground. You pick it up and think, “I should find out who this belongs to so I can return it to them.”
With this generous intention, you plug the drive into your computer, hoping to find some data on it that will identify the owner. In seconds, it’s infected with a virus that spreads throughout your company’s network, enabling cybercriminals to do their worst.
To prevent this type of scenario, instruct employees to immediately turn over random USB drives to the IT department for inspection.
Unfortunately, cybercriminals are always coming up with new ways to attack businesses like yours. The key to preventing them from doing so is to stay disciplined with rigorous cybersecurity measures to make sure your company is the one that’s a step ahead.