Cyber security month is in October but here’s why you should be looking into it now.
Cyber security month is in October but here’s why you should be looking into it now.
Cyber security refers to the practice of protecting systems and sensitive data from digital attacks. When cyber security awareness month started in 2004, it was to remind everyone that they should update their antivirus software twice a year. Since then, it has grown into much more and each business should be participating in some way. An industry organization predicts that cyber thieves will be stealing $10.5 trillion a year by 2025, enough aggregate revenue to qualify them as the third-largest economy in the world, behind only the U.S. and China. Are you and your employees informed and prepared for a cyber-attack? Here are some things to look out for.
Ransomware is becoming increasingly frequent in the United States and the last thing you want to worry about is a breach of your personal or business data. The Cybersecurity and Infrastructure Security Agency (CISA) reports an increase in ransomware attacks happening. So, what is ransomware and how does it affect your business?
Ransomware is malware that locks and encrypts files on your devices and prevents or limits the use of your system. The attackers then demand ransom to restore your files. This can significantly slow or halt your day-to-day operations as a business. Most ransomware comes to you in the form of a malicious link in an email. Of 582 IT professionals that were surveyed, 50% of them said their organization is not prepared to handle a ransomware attack. 60% of small to mid-size businesses hit with a data breach or attack will go out of business within 6 months.
Denial of Service attacks flood your computer systems with network traffic until it becomes inaccessible to your intended users. It is essentially information overload for your computer until it can’t do what it is supposed to do.
Phishing involves sending mass amounts of fraudulent emails to victims pretending to be a reliable source. They appear to be real and may even include the correct logos, contact information, etc. You can also find these on social media via direct message asking you to click on a malicious link. Phishers often use emotions to lure you in, like fear, curiosity, and urgency. They may ask you to buy gift cards and send them the info or ask for you to change the direct deposit information as they pose as an employee. Train yourself and your employees to confirm. If someone is asking you to change direct deposit info, send money, transfer funds, even if it is normal - follow it up by asking the person to confirm... "Hey, do you really want me to buy 5 gift cards for $15?" So, what do these bad actors do with this info? They use it to gain access to your personal information, financial information, and more.
While this all may seem scary (and it is,) you can take some steps to mitigate your risk of becoming the next victim of cyber criminals.
Start with a risk assessment to identify vulnerabilities and create a plan of action. This can be a simple table that includes the threat, vulnerability, asset and consequence, risk, and solution.
Get a good antivirus software. Talk to your IT team about what your options are. The program that came with your computer may not be enough.
Secure your network by having an IT professional set up a firewall. The firewall monitors and filters incoming and outgoing network traffic.
Maintain an offline copy of your business or personal data. You should come up with a schedule to update it regularly.
Update your software and operating systems. Users are encouraged to update their OS, anti-virus, and anti-malware programs often. These offer patches and updates usually focused on vulnerabilities that need to be fixed.
Use multi-factor authentication (MFA) and strong passwords. Using MFA can reduce the likelihood of cyber-attacks as it requires more than one form of authentication to log in or gain access to data. While it may seem tedious to enter a password and then wait for a text on your cell for another code to gain access, it could save you time and a headache in the future.
Prevent physical access to computers by unauthorized individuals. Lock up laptops when you leave them unattended. Make separate user accounts for all employees. And do not give administrative privileges to anyone other than a trusted IT professional.
Develop cyber security policies. You can get templates online, so you don't have to start from scratch. Make sure it’s a trusted source but you can find good resources out there. These policies need to address things like acceptable use, anti-virus software, password requirements, patch management, telecommuting, etc.
Look into EDR. EDR stands for endpoint detection and response. Ask your IT team if this is something that you can implement at your organization. The endpoint is your phone, your computer, pretty much anything connected to your system. It can detect threats on those endpoints and contain them where it is. It looks at the lifecycle of the threat, gives insight into what happened, where it has been, what it's doing now, and what to do.
Have an incident response plan. Create and maintain a record of what to do in the event of a cyber-attack. Make sure this plan includes procedures for response and notification in the event of an attack. You should include the name and contact info of someone who can assist you during an attack, important people to call, alert, or who to report the attack to. It should also include a plan of what you can do if important data or systems or unavailable for an extended period.
The single most important thing you can do is to train your employees. You should be training your employees to check links before you click on them. If you hover over hyperlinks, it usually tells you where it is directing you. If it seems suspicious, it likely is. Show them how to check the email address that emails are coming from. It could have an actual employee name, but the email isn’t a company email or a known email address.
Don’t wait until it's too late to talk about cyber security. Start now with training and continue it through the year with new employees, current employees, and even executive-level managers.