Here are some important tips to stay cyberaware:
1. Cybersecurity Awareness:
Humans are the greatest defense (and weakness) against cyber threats. According to a study by Stanford University, human error is responsible for approximately 88% of all data breaches (Robinson, 2023). Employees and staff need to understand the importance of cybersecurity, being able to recognize the threats and have a way of reporting potentially phishing emails. Attackers are well prepared to attack organizations these days through the use of OSINT (Open source intelligence) on the internet that can provide information about employees, phone numbers, emails, internal organizational structure, and business operations. This information can be used to launch targeted attacks against your business. Having awareness campaigns, regular training sessions, and updates on the latest cyber threats can help your team to be vigilant defenders of your business.
2. Phishing:
Phishing attacks are a type of social engineering where cyber attackers deceive individuals from disclosing sensitive information such as passwords, financial information or other information by pretending to be a legitimate person or business. Phishing attacks are the biggest threat for organizations where more than 90% of cyber breaches start from a phishing attack (General Information | CISA, nd). There are various forms of phishing attacks which can take place over email, phone and can also target certain individuals in your business ie: payroll department. In order to defend against phishing attacks that slip through technical defenses, educate your staff on identifying suspicious emails or messages and provide an outlet for reporting them. The most common red flags are unsolicited attachments, urgency, or requests for sensitive information. As part of cybersecurity awareness training, it’s good practice to have simulated phishing exercises in order to help staff recognize and avoid these deceptive tactics.
3. Keeping Systems Updated and Patched:
Keeping systems and software up to date are an important and necessary part of security. There were roughly “1900 new cyber vulnerabilities” reported each month in 2023 (Independent Insurance Agents & Brokers of America, Inc., 2023). These vulnerabilities can affect operating systems, software, hardware and any technology which can lead to attackers gaining access to your business. In order to stay up to date, enable automatic updates and keep all systems regularly updated and patched.
4. Implementing Multi-Factor Authentication (MFA) and Strong Passwords.
When it comes to passwords, complexity and length are important. As a business, it is imperative to use different passwords for different accounts and not to write passwords down. A password manager can help assist as a central repository to keep passwords safe. Multi-factor authentication adds an extra layer of security beyond just a password, to help reduce risk of unauthorized access.
5. Antivirus and Firewalls:
Having antivirus software to help prevent any malware or viruses from reaching your business environment can reduce the risk of ransomware and data corruption. Antivirus software will help to remove any infections and stop threats on a computer. A firewall is a security system that helps to monitor and block traffic based on certain rules before they can be a threat internally. Firewalls can be hardware based or software based and act like the security guard for your business by allowing or disallowing connections.
6. Backups:
Regularly backing up your data can be a lifesaver in the event of a cybersecurity incident. Ensure that your business has a backup strategy in place that includes a regular backup schedule, secure storage of backed up data, and tests to ensure that data can be effectively restored.
References:
Robinson, P. (2023, September 14). 20 Shocking data breach Statistics for 2023. Lepide Blog: A Guide to IT Security, Compliance and IT Operations. https://www.lepide.com/blog/20-shocking-data-breach-statistics-for-2023/
General Information | CISA. (n.d.). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/stopransomware/general-information
Independent Insurance Agents & Brokers of America, Inc. (2023, February 27). 1,900 new cyber vulnerabilities each month in 2023, says coalition. https://www.iamagazine.com/markets/1-900-new-cyber-vulnerabilities-each-month-in-2023-says-coalition
