A guide to reducing exposure to common cyberattacks that target businesses
Some of the most basic functions of a business rely on technology to get the job done. Whether it’s sending an email to a coworker, using a website to advertise, or downloading a funny cat video, there are several risks involved. These risks could not only jeopardize a business, but even their clients, vendors, and employees’ personal data.
Even with a top-notch cyber security plan, businesses are still vulnerable to some of the most common forms of attacks. A company’s own employees are responsible for over half of all cyber-attacks. While it is critical to have a thorough security plan in place, exercising best practices across an organization greatly reduce the risk of becoming a victim.
Here are three fast and simple things you can do right now to reduce cyber security risk in your business.
Be wary of emails
The most tried and true method of reducing risk -prevention. Knowing how to recognize a potentially harmful email is one of the easiest ways to stop a would-be attack in its’ tracks. Don’t open emails from unknown senders or unverified sources. Instead, mark them as spam -this will simply move the unknown email to a spam or junk folder (in the case it is later learned the email is not spam, it can be recalled to your inbox and used as normal).
What about receiving an email from an unknown sender that could be important? Be sure not to click any links, or download attached files. Also be more cautious of the information in the email such as other email addresses, phone numbers, etc. Email phishing is a common way for attackers to gain access to your private information.
A phishing attack social engineers the user to gain trust in the sender’s correspondence. For example, an email is received claiming that the user’s Microsoft 365 license is about to expire and needs renewal. Often, the link to renew the license will open a browser window disguised as Microsoft but is in fact an attacker waiting for you to enter your banking information. While this may seem easy to recognize, these attacks are usually much more intricate than described in the example.
Spear phishing attacks are similar, but more specifically curated and targeted. In many cases, the attacker will imposter a coworker or supervisor, gaining the user’s trust as their requests could seem highly personalized. This sort of information could easily be found on social media and used to the attacker’s advantage.
An astonishing 95% of enterprise network attacks are the result of spear phishing. Making sure staff is knowledgeable and proactive is by far the most important component of a solid cyber security plan.
Securing your network and digital assets doesn’t stop with just a fancy firewall or a highly skilled IT department. In some cases, the attack can have already occurred and cannot be reversed. As a company’s staff is the most vulnerable entry into a businesses’ network, routine training should be implemented organization wide.
A typical workforce consists of staff with varying backgrounds, having worked with several different companies with different security policies. Assuring staff, regardless of title, adheres to the same polices and best practices can greatly reduce the chance of an attack. It is important to note that some of the most basic policies (although they may seem like commonsense), are also some of the most overlooked practices; furthermore, these happen to be the most common opportunities to compromise your data.
Training modules for certain employees could and should be more robust than for others. For example, staff working remotely, accessing company drives, shared files, etc., should be trained on securing safe connections, guest networks, and VPNs.
Working with an internal IT department to develop a cyber security plan is not only cost effective, but a great way to make sure all aspects of the technical environment are covered. In many cases, this isn’t possible, as IT is often too busy with daily operations, or even sometimes non-existent. Depending on the size of a business, it might make sense to connect with a local provider of training services. Often, in-person training can be brought to your office and scheduled throughout the business day.
Sharing monthly bulletins or emails internally is another quick and easy way to keep staff informed and remain cautious. Adding additional layers of protection is key to securing data.
MFA All the Things
Many web services such as Microsoft, Google, email providers, and more offer multifactor authentication (MFA). MFA, sometimes referred to as 2FA, is a control in which requires the user to provide more than one piece of evidence to access an application or device.
For example, to access an email account, a user will provide one piece of evidence, in this case, a password. If MFA was setup on this account, that user would enter the password, and then receive a text message with a PIN (or some other ping such as a phone call or it be sent to a dedicated device). The user would then enter that PIN into the login and be granted access. In this scenario, not only would an attacker need to know the user’s username and password, but they would also have to have possession of their cell phone (to receive the PIN) to access the account.
Different services have varying options regarding methods and frequency of MFA protocols. Some applications even require them upon registration. As a rule of thumb, the more frequently MFA is required (for example, every time user logs-in vs. every 30 days) the more secure that application or device is.
There are vulnerabilities that surround every user, login credential, network, and so on. Having a basic understanding of potential weak points in a businesses’ technical environment can have a great impact on that businesses’ cyber security. Because most breaches and attacks are the result of user error, it is important that employees and other partners are well-versed in basic cyber security hygiene.
In addition to the three suggestions made above, there are a bunch of other items to consider when protecting a business from cyber threats.To learn more, schedule a free call with our team today: www.574technologies.com/schedule/
Schedule a consultation