Recent events have forced more employees to work from home and companies are beginning to realize the cost efficiency. This has unfortunately expanded the security vulnerabilities by exposing the corporate data and network to less secure home and shared WiFi networks. Lack of security awareness training has also increased the security risk. According to Kaspersky, human factor played a major role in making businesses worldwide vulnerable during the WannaCry ransomware epidemic.
Here are the TOP 5 SECURITY THREATS you need to be aware of...
Sending you emails designed to take over your computer. This is a major threat. Even the trained security professional can’t always tell what’s real, and what’s an attack. The good news...when destructive software hits your computer we can usually see it with the right detection technology in place.
Taking your computer hostage. This is a major threat. US businesses are getting compromized by ransomware attack every 14 seconds. The media has made us somewhat numb to it... however, don’t be fooled. Hackers can easily hit you with a ransom request if you’re not well protected against them.
Although cloud isn’t an attack or threat, most of the attacks (over 50%) over the past 12 months involved the cloud. The fact is, people falsely believe they don’t need greater protection because they are in the cloud. Your phone, laptop, or desktop (when using the cloud) is the place hackers will attack. Remember, your data is not encrypted when working on it - the end node is a key part of your network and must be protected.
This isn’t an attack or threat either - it’s the law.
Compliance in general has changed the way we look at security - in many cases its lulled small business owners into a false sense of security. Being PCI, HIPAA, or GDPR compliant, in no way says, your data is safe. Check the boxes, then assess risk, finally, secure the data.
This one is an attack...having your computer taken over to process cryptocurrency illegally. Crypto-mining will eat up your bandwidth, computing power...even point to you as the perp! Crypto-miners take over systems and use them for their crime...make sure this doesn't happen to you. Some simple tests can tell us if your system is being used for this type of crime.
What to do?
Practice good IT habits
Verify all requests for sensitive, confidential, or protected information and financial information.
Verify “Reply To” address is, in fact, the email address of the requesting employee.
Send sensitive information via an encrypted email message
Beware time-sensitive requests, as social engineers sometimes use a sense of urgency to compel victims into unsafe behavior
Have a comprehensive multi phase security in place.
Keep systems and SW up to date
Provide employee awareness training,
Enforce strong password requirements.
Restrict access to sensitive data to only employees with an immediate need
Log and monitor internal account usage
Keep all data encrypted
Implement a good data backup process, perform periodic restore to ensure integrity
Assess your IT and Cybersecurity maturity
We can do IT and Cybersecurity assessments, help develop or update your security policy and develop a customized plan to secure your environment.