October is Cyber Security month, so Bold Perennial is taking the opportunity to provide our customers with information on how to protect yourself and your business from cyber attacks. Every year, thousands of companies fall prey to attacks on their network and equipment. No one is immune; small businesses, large corporations like Target and Anthem, even one of the largest credit bureaus in the United States, Equifax, have all been hit by devastating cyber attacks. Cyber security threats are a problem which must be taken seriously.
As the Internet of Things, cloud platforms, offsite storage, and other technologies gain in popularity, their susceptibility as a security breach point does, too. All companies should have risk management strategies and a strong cybersecurity culture in place. In this three-part series, we will discuss tips for protecting yourself against cyber security threats in the workplace, the home, and on personal devices. In this first segment, we take a closer look at some of the different types of cyber threats.
Destructive Malware
Destructive malware includes viruses, worms, and Trojans which disrupt or damage the standard operation of a business. Destructive malware can impact data confidentiality and availability and harm the financial stability and reputation of a company. To combat these cyber security threats, consider these tips:
- Malware is often hidden inside links of malicious emails, which can be disguised to look legitimate. Check emails carefully and don’t open ones that look suspicious, especially if they have familiar addresses with small alterations, such as a dash instead of an underscore, inverted letters, or other misspellings. Never click on links from an email if you are not completely sure of its authenticity. Par
- Passwords are the first line of defense on any computer or device, so they should be utilized on every level and changed often for additional security. Passwords should be, at a minimum, eight characters, contain a combination of lower and uppercase letters, numbers and special characters.
- Passwords should NOT have sequential or repetitive numbers or letters (ie: ‘aaaaaa’, “1234abcd’), your name, username, company name, or personal information such as a birthdate, anniversary date, etc.
- If your company utilizes third-party providers, make sure they are as secure as your own network. Cyber attacks are often made on these providers first to obtain the credentials of the targeted company.
- Keep software and patches updated. Malware often exploits the known security flaws found in software which updates and patches are developed to correct.
Ransomware
Ransomware is a particularly insidious threat which infects computers by encrypting all of the files, effectively holding all data hostage until a payment is made to unencrypt it. If the payment is not made within a certain time limit, the data is destroyed. The practice is becoming prevalent as global cyber security techniques improve and become difficult for hackers to exploit. They instead set their sights on smaller but more plentiful fish to maintain their revenue: individuals and small companies who are willing to pay a few hundred dollars to save their data.
So how do you protect yourself? Start by investing in security tools. Build and maintain a strong firewall. Install security software from a reputable company and, most importantly, keep it up to date with a current subscription. Having a set of old virus definitions is almost as bad as having no protection at all since malware is constantly changing. Scan your system regularly to detect and deal with breaches as soon as they occur. Don’t forget to enable popup blockers, as they are a common way for criminals to infect the computer.
Keep all your computer software up to date, including the operating system, the browser and all of the plug-ins. Ransomware leverages software vulnerability, so keeping software updated minimizes the risk of infection through an exposed weakness.
Back up data and scan your systems regularly. While it can’t protect you from ransomware, should you become infected, you will have your information safely stored elsewhere so you can retrieve it.
Third-Party Provider Breaches
As discussed earlier, third-party providers can be a vulnerable point of entry for hackers to obtain your credentials. Make sure your contracts with them provide for these top areas of concern, as suggested by the Financial Services Information Sharing and Analysis Center:
- Perform regular due diligence of your third-party service providers (TSP) as well as their outsourced vendors.
- Validate that the controls being used by the TSP are in line with your written contract meeting your requirements.
- Certify that the service provider is adhering to the agreed upon contingency plan that outlines the required operating procedures in the event of business disruption.
- Enforce the right of the institution and its regulatory agencies to obtain the results of the audits in a timely manner. Vendor managers should closely monitor the financial, technical and competitiveness of their vendors.
Next week, we’ll take a look at cyber security threats in the workplace and the importance of having your entire staff invested in security awareness. We’ll also be hosting a live “Coffee with Manitou” webinar with our VP of Technology, Matt Narowski, and our Director of SaaS, Shaun Blair, which will focus on the vulnerabilities of the Internet of Things, and talk about ways to protect your company. It will take place next Wednesday, October 17th, at 11am MT (10am PT, 12noon CT, 1pm ET). Register to attend here!