Every year, thousands of companies fall prey to attacks on their network and equipment. No one is immune; from small businesses to large corporations like Target and Anthem, cybersecurity threats are a problem which must be taken seriously.
As the Internet of Things, cloud platforms, offsite storage, and other technologies gain in popularity, their susceptibility as a security breach point does, too. All companies should have risk management strategies and a strong cybersecurity culture in place. In this three-part series, we will discuss tips for protecting yourself against cybersecurity threats in the workplace, the home, and on personal devices. In this first segment, we take a closer look at some of the different types of cyber threats.
Destructive malware includes viruses, worms, and Trojans which disrupt or damage the standard operation of a business. Destructive malware can impact data confidentiality and availability, and harm the financial stability and reputation of a company. To combat these cybersecurity threats, consider these tips:
- Malware is often hidden inside links of malicious emails, which can be disguised to look legitimate. Check emails carefully and don’t open ones that look suspicious, especially if they have familiar addresses with small alterations, such as a dash instead of an underscore, inverted letters, or other misspellings. Never click on links from an email if you are not completely sure of its authenticity.
- Passwords should be, at a minimum, a combination of lower and uppercase letters, numbers and special characters. Passwords are the first line of defense on any computer or device, so they should be utilized on every level and changed often for additional security.
- If your company utilizes third-party providers, make sure they are as secure as your own network. Cyberattacks are often made on these providers first in order to obtain the credentials of the targeted company.
- Keep software and patches updated. Malware often exploits the known security flaws found in software which updates and patches are developed to correct.
Ransomware is a particularly insidious threat which infects computers by encrypting all of the files, effectively holding all data hostage until a payment is made to unencrypt it. If the payment is not made within a certain time limit, the data is destroyed. The practice is relatively new, becoming prevalent as global cybersecurity techniques improved and made it difficult for hackers to exploit. They set their sights on smaller but more plentiful fish to maintain their revenue: individuals and small companies who were willing to pay a few hundred dollars to save their data.
So how do you protect yourself? Start by investing in security tools. Build and maintain a strong firewall. Install security software from a reputable company and, most importantly, keep it up to date with a current subscription. Having a set of old virus definitions is almost as bad as having no protection at all, since malware is constantly changing. Scan your system regularly to detect and deal with breaches as soon as they occur. Don’t forget to enable popup blockers, as they are a common way for criminals to infect the computer.
Keep all of your computer software up to date, including the operating system, the browser and all of the plug-ins. Ransomware leverages software vulnerability, so keeping software updated minimizes the risk of infection through an exposed weakness.
Back up data and scan systems regularly. While it can’t protect you from ransomware, should you become infected, you will have your information safely stored elsewhere so you can retrieve it.
Third Party Provider Breaches
As discussed earlier, third party providers can be a vulnerable point of entry for hackers to obtain your credentials. Make sure your contracts with them provide for these top areas of concern, as suggested by the Financial Services Information Sharing and Analysis Center:
- Perform regular due diligence of your third party service providers (TSP) as well as their outsourced vendors.
- Validate that the controls being used by the TSP are in line with your written contract meeting your requirements.
- Certify that the service provider is adhering to the agreed upon contingency plan that outlines the required operating procedures in the event of business disruption.
- Enforce the right of the institution and its regulatory agencies to obtain the results of the audits in a timely manner. Vendor managers should closely monitor the financial, technical and competitiveness of their vendors.
Next week, we’ll take a look at cybersecurity threats in the workplace and the importance of having your entire staff invested in security awareness.