COVID-19 has changed the world in a myriad of ways. It has opened our global eyes to the threat and reality of a pandemic. It has changed the way we work, with work from home and virtual meetings now being corporate staples that are destined to be new fixtures of the modern workforce. And with this massive shift online, it has created a whole new world of opportunities and vulnerabilities that cybercriminals are eager to exploit through activities like phishing and email hijacking.
These statistics tell a story of this growing and evolving corporate threat:
- Human error is responsible for 95% of cybersecurity breaches;
- $3.86 million was the average cost of a data breach last year;
- It took an average of 207 days to identify a breach in 2020;
- The average ransomware attack will cost an organization almost $150,000; and
- Almost $18,000 is lost every minute due to phishing attack.
The upside is that with proper measures, including cybersecurity training, organizations can mitigate a lot of their cyber risks.
What Kind of Cyberattacks do Companies Need to be Aware of?
The days of the Nigerian prince scam are behind us. Today’s cybercriminals have no shortage of sophisticated and hard-to-detect scams at their fingertips.
One of the top two ways in which a company is breached, a phishing attack is an email designed to make the recipient provide sensitive information. Once upon a time these emails were somewhat easy to detect due to their shoddy graphics and poor grammar, but nowadays they can be incredibly hard to make out. Oftentimes, they are carbon copies of typical communications from organizations like American Express, LinkedIn, and Paypal.
The second most common way to breach an organization is through email hijacking. Email hijacking occurs when an individual’s email account is taken over by a cybercriminal. The perpetrator may lie low and monitor communications (using the information obtained to their advantage), or they may take over all online accounts tied to the email address.
Ransomware is the most common type of malware. As it’s name suggests, in a ransomware attack the victim’s information is held for ransom. Oftentimes the cybercriminal will not only refuse to decrypt the data until the ransom is paid, but they may also threaten to leak it publicly.
A zero-day exploit is when a security or system flaw or vulnerability is uncovered, and then a zero-day attack is when a hacker exploits said vulnerability with malware. Sony was victim of a high profile zero-day attack several years ago, one that the FBI attributed to North Korea.
How can Companies Best Protect Themselves from Cyberattacks?
Fortunately, there are a wide range of ways in which your organization can prepare for the inevitable onslaught of cyberattacks that it will face.
The single best line of defense that your organization has against these savvy and ruthless cybercriminals is a cyberaware workforce. Untrained employees are your organization’s weakest link. If you don’t train your employees on cybersecurity, it’s only a matter of time before your information is hacked. People are your organization’s biggest problem when it comes to cybersecurity. But with proper cybersecurity training, they will also become your organization’s biggest solution.
Foster a Culture of Cybersecurity
In order to be an organization that has their cybersecurity ducks in a row, there needs to be a top-down approach from leadership around the adoption of best practices. If the people at the top aren’t bought in as far as cybersecurity goes, it’ll be challenging to rally support from your front-line people.
Security isn’t convenient. It costs money. It may present some uncomfortable truths. Simply creating a cutesy cybersecurity promotional poster and sticking it in the lunchroom isn’t going to cut it. Leadership needs to authentically believe in the value of being cyberaware, and they need to practice what they preach.
Reinforce a Mistrust of Emails
It’s easy to get complacent about email. Because we just get so darn much of it. When you are regularly powering up your laptop to 50 – 100 new unread emails in your inbox every morning, it can be tempting to just power through and get them all read and actioned. And cybercriminals are counting on you and your employees to do so without approaching these emails with a critical eye. Remind your employees, and remind them often, that they need to be diligent and mindful with their emails, and think carefully before opening attachments and clicking on links.
Hold Your Employees Accountable
Accountability is a wonderful trait for employees to have. Accountability within the realm of cybersecurity, however, isn’t just a wonderful trait, it can make the difference between catching a potential breach and having it run rampant unchecked.
Once you have taken your staff through proper cybersecurity training, then it is time to test out their newly acquired knowledge. And if the testing is not progressing as it should be, then retraining may be required.
Follow Password Best Practices
Chris Pirillo, Founder of LockerGnome, says it best: “passwords are like underwear: you don’t let people see it, you should change it often, and you shouldn’t share it with strangers.”
Recently, a cache of more than 8 billion credentials were posted and sold on the dark web and upwards of 15 billion sets of credentials are up for sale. The importance of having proper password development practices cannot be understated. Use a password generator, and make sure that passwords have a minimum of twelve characters and ensure to incorporate punctuation and capitalization.
Bring in the Cyberexperts
Cybersecurity is a complex and daunting field. The silver lining is that it’s not one that your organization needs to navigate alone. This is where IT managed services comes in.
IT managed services allows your organization to offload your day-to-day IT operations and all IT responsibilities and needs to a business partner. A business partner that is up to speed on the latest cybersecurity developments, trends, and solutions. Meaning that your organization doesn’t need to be.
Leaving Your Cybersecurity in the Best Possible Hands
Medicine Bow Technologies is Wyoming’s leading IT managed services provider. Their Total Managed Services (TMS) solution is a holistic approach to IT support, one that results in reduced IT downtime and increased ROI from IT projects. Reach out today, and let’s discuss how Medicine Bow Technologies can support your cybersecurity and employee training needs.