As I mentioned in the last blog, physical security and cybersecurity go hand in hand.
So be sure to remember the value of access control (drawbridge) and video surveillance (your moat) systems of protecting your physical workspace.
Moving on to cybersecurity issues…as you’ve all witnessed in the most recent news cycle, data breaches can wreak havoc, not just locally, but nationally.
The three most common cyber-attacks used in data breaches are ransomware, malware and phishing schemes. Here’s what you need to know to protect yourself.
What are data breaches?
A data breach is when a hacker accesses (and steals), confidential or sensitive information without permission. Typically, bad actors gain unauthorized access to a computer system or network. Then, they steal users’ or customers’ private, sensitive, or confidential personal and financial data.
In 2020, according to Panda Security, “The average cost of a data breach in the U.S. was $8.64 million.” Add an extra $1 million to the price tag if the breach included stolen credentials. Usually, around $1.52 million of the total cost, or about 40%, of data breach is the result of lost business.
With the rapid and widespread adoption of remote work following COVID-19, the necessity for cloud-based services and infrastructure increased drastically.
For example, misconfigured cloud settings were a leading cause of data breaches in 2020—and resulted in an average total cost of $4.41 million. Additionally, migration to the cloud increased the cost of the breach by $267,469.
Commonly used cyber-attacks in data breaches
Typically, hackers use four common cyber-attacks to access your computers or network: ransomware, malware, phishing schemes and denial-of-service (DoS).
What is ransomware?
It’s software that access and “locks down” or “holds” your data hostage until the ransom is paid either in dollars or cryptocurrency. However, these days, more and more ransomwares threaten not just a critical information and systems “lock down” but releasing your confidential data publicly.
Though ransomware has become more prolific during the pandemic, it’s been around for a while. The transition to remote work for most companies whenever possible during COVID-19 has created new vulnerabilities that hackers specialize in taking advantage of.
Here’s what you need to know about the Ransomware and the Ransomware Task Force.
According to a research study by Deep Instinct, “ransomware increased by 435% in 2020 as compared with 2019. And the average ransomware payout has grown to nearly $234,000 per event, according to cybersecurity firm Coveware. In 2020, according to Panda Security, “The average cost of a ransomware attack was $4.44 million.”
Want to learn more? Read Ransomware and the Ransomware Task Force.
What is malware?
Also known as, “malicious software,” describes any program or code that dangerously probes systems. It’s commonly disguised as a warning against harmful software and tries to convince you to download it. It’s designed to harm your computer or software and can steal, encrypt or hijack computer functions.
There are multiple ways for your IT systems to get infected by malware. For example, they can penetrate your computer if you navigate a hacked website. Or if your device lacks any anti-malware program and you accidently download infected files or open suspicious emails.
Unfortunately, even making what appears to be a tiny cybersecurity transgression could result in expensive repercussions.
In 2020, according to Panda Security, “the average cost of destructive malware attacks was $4.52 million.”
Here’s what you need to know to protect yourself: prevention is key. This means start implementing the following:
- Staff cybersecurity awareness trainings for you and your team, especially on how to recognize and identify phishing email schemes.
- Robust anti-virus and anti-spyware software
- Secure passwords and two factor authentication
- Administrator accounts only when absolutely needed (malware has the same privileges as the active user)
- Regular and consistent software patch updates
- Access control to your IT systems using a firewall, intrusion detection systems (IDS), intrusion prevention systems (IPS) and by removing inactive user accounts.
- Email security and spam protection
- Monitoring for suspicious activity
What are phishing schemes?
Phishing describes fraudulent email schemes that appear to be legitimate from a reputable or known company. Their goal is to get unaware recipients to click on or download an infected link or attachment so they can gain access to their computer systems to steal financial or confidential information. Examples of common scams include Office 365 deletion alerts, fake bank notices, tax refund/rebate, content winner or even emails from a “friend” who needs financial help while traveling.
In 2020, according to Panda Security, “phishing increased 42% with threats reaching an average of 25,000 a day by mid-year. By December of that same year, threats grew to an astounding 35,000 a day.”
Here’s what you need to know to protect yourself from ransomware, malware and phishing email scams: prevention is key.
This means start implementing the following:
- Staff cybersecurity awareness trainings for you and your team, especially on how to recognize and identify phishing email schemes.
- Key things to look for include generic “Dear Customer” greetings, lots of spelling errors, bad grammar, unbefitting graphics, strange sense of urgency, suspicious sounding or looking links or attachments.
- Immediately delete the email without opening it and manually block the sender.
- Email security and spam protection
- Never respond to spam and use anti-spam filters
- Robust anti-virus and anti-spyware software
- Secure passwords and two factor authentication
- Regular and consistent software patch and internet browser updates
- Never respond to spam and use anti-spam filters
- Secure your routers, VPNs, and Wi-Fi
- Back up sensitive data
- Usage administrator accounts only when absolutely needed (malware has the same privileges as the active user)
- Access control to your IT systems using a firewall, intrusion detection systems (IDS), intrusion prevention systems (IPS) and by removing inactive user accounts.
- Email security and spam protection
- Monitoring for suspicious activity
- Create a business continuity plan
At the end of the day, you need 24/7 physical and cyber protection and support. If you’re looking for an experienced, trustworthy partner, contact us.
LET’S CONNECT TO DISCUSS YOUR PROJECT
We would love to hear from you, our team is ready to help!