Skip to main content

Top 5 Security Threats

Know the enemy

Top Five Security Threats

Recent events have forced more employees to work from home and companies are beginning to realize the cost efficiency. This has unfortunately expanded the security vulnerabilities by exposing the corporate data and network to less secure home and shared WiFi networks. Lack of security awareness training has also increased the security risk. According to Kaspersky, human factor played a major role in making businesses worldwide vulnerable during the WannaCry ransomware epidemic.

VentureBeat found 95% of successful security attacks are the result of human error.

Here are the TOP 5 SECURITY THREATS you need to be aware of...

PHISHING

#1 

Sending you emails designed to take over your computer. This is a major threat. Even the trained security professional can’t always tell what’s real, and what’s an attack.
The good news...when destructive software hits your computer we can usually see it with the right detection technology in place.

RANSOMWARE

#2

Taking your computer hostage.
This is a major threat. US businesses are getting compromized by ransomware attack every 14 seconds. The media has made us somewhat numb to it... however, don’t be fooled.
Hackers can easily hit you with a ransom request if you’re not well protected against them.

CLOUD VULNERABILITIES

#3

Although cloud isn’t an attack or threat, most of the attacks (over 50%) over the past 12 months involved the cloud.
The fact is, people falsely believe they don’t need greater protection because they are in the cloud. Your phone, laptop, or desktop (when using the cloud) is the place hackers will attack.
Remember, your data is not encrypted when working on it - the end node is a key part of your network and must be protected.

COMPLIANCE

#4

This isn’t an attack or threat either - it’s the law. 

Compliance in general has changed the way we look at security - in many cases its lulled small business owners into a false sense of security.
Being PCI, HIPAA, or GDPR compliant, in no way says, your data is safe. Check the boxes, then assess risk, finally, secure the data.

 

CRYPTO-MINING

#5

This one is an attack...having your computer taken over to process cryptocurrency illegally.
Crypto-mining will eat up your bandwidth, computing power...even point to you as the perp!
Crypto-miners take over systems and use them for their crime...make sure this doesn't happen to you. Some simple tests can tell us if your system is being used for this type of crime.

What to do?

Practice good IT habits

  • Verify all requests for sensitive, confidential, or protected information and financial information.
  • Verify “Reply To” address is, in fact, the email address of the requesting employee.
  • Send sensitive information via an encrypted email message
  • Beware time-sensitive requests, as social engineers sometimes use a sense of urgency to compel victims into unsafe behavior
  • Have a comprehensive multi phase security in place.
  • Keep systems and SW up to date
  • Provide employee awareness training,
  • Enforce strong password requirements.
  • Restrict access to sensitive data to only employees with an immediate need
  • Log and monitor internal account usage
  • Keep all data encrypted
  • Implement a good data backup process, perform periodic restore to ensure integrity
Need Help?

Assess your IT and Cybersecurity maturity

We can do IT and Cybersecurity assessments, help develop or update your security policy and develop a customized plan to secure your environment.

Featured Posts