Top Five Cyber Risks You Need To Know
There is a common misconception that cyber risks are only applicable to large companies. The truth is, cyber criminals do not discriminate. All companies are potentially at risk for being targeted. In fact, according to a late 2019 article on fundera.com, 43% of cyber-attacks target small businesses and of those, 60% of them go out of business within 6 months.
Here are the Top five cyber risks you need to know:
Ransomware is a form of malware (malicious software) that infects a computer or system. Data on the computer is encrypted and locked by the cybercriminal. Access is not given back to the victim until some form of payment has been made, usually by a form of crypto currency like Bitcoin. The most common delivery of ransomware is through email. Here are the best ways to protect yourself from ransomware:
- Staff Awareness: Staff are your first line of defense. Educating them and yourself on common tactics and how to respond will save the company from this type of attack.
- Malware Protection: An up to date, monitored protection plan is always necessary. JFG Business Technology can help with securing a malware protection plan that works best for your company.
- Software Updates: Software updates help to keep cybercriminals out. Always preform software updates but be sure to back up your data prior to performing large updates.
- Data Backup: This cannot be reiterated enough. By backing up data on a regular basis, you take away some of the power from the criminal. For instance, if you are hacked and the website you once owned is wiped, you can restore it to its formal glory with one step. In a similar situation, if a hacker steals important documents or data and holds it for ransom, you already have backup copies in hand.
Phishing is a fraudulent attack attempting to gain sensitive information such as passwords, credit card information etc. In the past, most phishing techniques came through email; but today, attackers deliver fraudulent links through email, text message, and even instant messaging via social media platforms. The phisher poses as a reliable source such as a bank or friend and sends you a convincing message. Once the message is opened and/or the link clicked, the attacker now has access to personal information. Here are keyways to protect yourself from phishing attacks:
- Know that companies do not request sensitive information via email or text message.
- Be wary of unexpected text messages or emails stating your password has been reset or that a payment could not been made. If you didn’t order anything or the entity messaging you isn’t a company you order from, do not open it.
- If you suspect an email or message may be fraudulent but your worried it could be legitimate, it’s always best to go out of your email or text and use a protected browser to visit the known site and check to see if your account has any messages. For instance, there have been a number of phishing attempts to pose as apple stating the account user’s apple ID and Password have been changed or the account has been hacked. Unfortunately, by clicking on the link provided, you could be opening your account up for being hacked. It can be convincing. They can easily steel a logo and make the email look legitimate Exit the email or text and go to your trusted sign in link. If there are any issues, your account will show it. NEVER use a link provided through email that states you have been hacked.
- Ensure you have anti malware installed on your computer.
- Make sure your spam filters are turned on. Don’t forget to check your spam folder periodically as sometimes innocent emails can be trapped there due to email titles or key phrases.
Cyber security can easily be seen as an office issue only but because of the portability of data and content due to smart phones, tablets and cheaper external storage devices, data leakage can happen anywhere. Use the following steps to prevent data leaking from your organization:
- Have strong passwords and passcode locks on smart phones that have access to any work content such as documents, emails etc.
- Never transport sensitive information on cheap storage devices, such as USB drives that do not have protective features. Some features include passcodes necessary to open the documents on the device, tracking via GPS with the option to remotely wipe the device if it is lost and the use of encryption software.
- Most crime is opportunistic. Keep your eyes on your bags and smart devices so they are not stolen.
Hacking is when a cybercriminal gains access to a database or computer system without authorization. Traditionally hackers have targeted bank account information or credit card databases. However, intellectual property is another source of value, typically resulting in ransomware. The use of social engineering and misleading staff into revealing usernames and passwords remains a high threat.
- The primary methods to protect yourself from hacking are network firewalls, data access security, procedures for providing and removing access, and user awareness and training.
An insider threat is what it sounds like. It is the leaking of data from staff members working inside the company, whether it be an accident or malicious. The repercussions of a potential leak cannot be underestimated. Follow the few steps listed below to minimize risk.
- It always goes back to educating your staff. The more the staff is aware of potential threats and issues and how to respond, the less likely a mistake will be made.
- Limit the availability of sensitive data and documents to essential, trusted personnel only.
- If you have a large company that hosts a great deal of sensitive information, utilizing an application that monitors staff behavior at random can be a good option. These applications can tell you what is being copied or printed and shared.
If despite your best efforts, you discover you have been breached, act fast. The following steps can help contain the situation:
- Immediately change passwords and ensure they are strong.
- Call banks and credit card companies and alert them of your situation.
- Where applicable, shut down your systems.
- Report the incident to your IT company immediately
- When necessary, communicate the incident to all involved including stakeholders, customers and clients.
- Document everything you do.
It is a good idea to have an Incident Response plan ahead of time. If you still have questions or think you may need further assistance, our experienced team of professionals at JFG Business Technology are here to help you every step of the way.