Three common cybersecurity scenarios and tips for preventing them
It happens to the best of us. We open our laptop to browse the web or check emails when all of a sudden our computer freezes, and a message appears informing us that we’ve been hacked.
Despite the amount of vigilance businesses have in regards to cyberattacks, particularly following the high profile security breaches, scenarios like these are continually occurring, negatively impacting businesses and their daily operations. Fortunately, there are precautions you can take to avoid becoming the next infamous security headline.
Scenario #1: Network Ransomware Attacks
With cybersecurity attacks at corporations like Marriott and
Facebook permeating the news, businesses across the globe are experiencing the
nightmares affiliated with network ransomware breaches. Ransomware is a type of
malicious software designed to block access to a computer system until a sum of
money is paid, and is quickly becoming one of the most popular forms of online
attacks today. Beginning as early as 1989 with the AIDS Trojan attack,
ransomware is evolving on a massive scale and predicted to cost over $6
trillion annually by 2021, according to Cybersecurity Ventures.
To prevent ransomware attacks, organizations need to make
network security a top priority. Deploying anti-virus and anti-malware software
is the first step in eliminating cybersecurity breaches. To further protect the
network, organizations can restrict access control at certain levels. For
instance, the United States Computer Emergency Readiness Team (US-CERT)
recommends configuring access controls (file, directory, and network share
permissions) with least privilege in mind. In other words, users who require
access only to read documents, files, etc., should not be allowed to edit those
specific files, directories or shares.
Scenario #2: Cloud Security Breaches
No organization is entirely safe from data breaches. With
retail corporations like Target and health insurance companies such as Anthem previously
experiencing breaches to customer data, the fear of being the target of a cybersecurity
breach is at an all-time high. Many businesses tend to rely on securing
sensitive data in the cloud to prevent hackers from gaining access to data. But
while the cloud continues to be a secure route for many, Gartner predicts that
95 percent of cloud security failures through 2020 will be the customer’s
fault.
Don’t let your organization become another statistic. Take
these secure measures to protect your customers. Implement Multi-Factor
Authentication (MFA), which provides a higher degree of assurance of the
identity of the individual attempting to access a resource, such as a physical
location, computing device, network or database. MFA creates a multi-layered
authentication process, making it more complicated for an unauthorized user to
gain access to sensitive data.
Encryption is also key to preventing security breaches, as
it works to make intercepting and compromising data harder by converting data
into indecipherable text that cannot be read by unauthorized users. That said,
not all data encryption solutions are one and the same, so it is important to invest
in a system that utilizes end-to-end encryption to protect data from the cradle
to the grave so only the sender and receiver can authorize the information.
Scenario #3: Lack of IT Cloud Security Training
Even if a business invests in top security solutions that
feature secure network access and ensure encryption of all communications and
authentication procedures, sensitive data could still be at risk to hackers.
Consider, for example, an employee who decides to bring a device from home
(such as a tablet) to the office to access work emails throughout the day. The
tablet may not be set up with secure software or anti-virus protection, thereby
running the risk of connecting to an unsecured network. Imagine the nightmare
of having dozens or even hundreds of unsecured devices of this type connected
to your organization’s network and accessing the cloud.
A recent study conducted by Ponemon Institute found that
only 35 percent of senior executives think it is a priority to ensure that
employees are knowledgeable about how data security risks affect their
organizations, and 60 percent say employees are not knowledgeable or have no
knowledge of the company’s security risks. The study also found that over half
(55 percent) of companies surveyed have already experienced a security incident
due to a malicious or negligent employee.
With many organizations, bring your own device (BYOD)
policies are becoming a common practice, and although this can foster a
friendly and connected atmosphere in the workplace, it also creates the potential
to incite a security breach. If your organization has a BYOD policy, or is
considering implementing one, it is important to develop, institute, and
practice company-wide employee education programs and courses to identify
scams, malicious links and weak passwords. Password requirements commonly
fall through the cracks of security. A 2015 security analysis found that along
with weak remote access security 94 percent of breaches were due to
weak passwords.
Security is crucial at every level of an organization and
adopting a culture of security awareness can mean the difference between an IT
connection failure and success. Fortunately, when prevention steps are
strategically placed, organizations can rest easy knowing that they have safely
put the most common IT connection nightmares to bed.
Gloss