It's getting harder and harder to keep track of the methods hackers use to gain access to personal data, along with the vectors for their attacks. Still, businesses have to consider these new cyberthreats and take action to prevent from falling victim.
Increasingly, hackers turn to malware that holds the user's data hostage until he or she pays a specified amount of money. Ransomware has proven difficult to stamp out, as many companies lack the preparation and tools necessary to stay one step ahead. Additionally, some organizations find it simpler to just pay the ransom and regain access to data instead of playing hardball. According to the FBI, that doesn't help: There's no guarantee the hacker will relinquish data and it empowers that individual or group to act again and again.
So what's the best solution? Train employees on emergency cyber protocol, improve network weaknesses and talk to your vendors. Ransomware will likely continue to thrive as long as organizations are ill-prepared and fail to secure their weak spots.
Now that it's relatively common for workers to log on remotely through their own laptops or smart devices, hackers have endeavored to leverage those channels for their own needs. Too often, they succeed – individuals are less likely to focus on network security or anti-malware efforts on their own. And it isn't just working from home – 53 percent of U.S. businesses have no explicit security policy for devices employees bring into the office and connect to the network according to a 2015 study from Champion Solutions Group.
Here, transparency is key. If you allow employees to work from their own devices, ensure they meet certain requirements. Make cybersafety training mandatory for anyone who logs into the company network from a personal device and dictate that all such devices be equipped with the chosen anti-virus software.
Just as employee activity can threaten company data security, so too can vendor weaknesses. Consider this: The Target data breach that compromised over 110 million consumers' personal data traced its roots to an email phishing attack that hit one of Target's HVAC vendors, reported Krebs on Security. By gaining sensitive network credentials through the third party, hackers never had to directly breach Target.
That should be a sobering thought for any organization. How many vendors do you work with? How many might have some of your network information? How many do you really trust? When your own security and client information is at stake, it's perfectly reasonable to discuss cybersecurity with partners and vendors who could unintentionally expose your information.
Fortunately, some basic cyber awareness can go a long way:
- Train every employee – not just the IT team or executives. End users are the first line of defense, especially in cases of ransomware or email phishing attempts.
- Download and standardize your antiviral and anti-malware software – that goes for any computer or device that will access your network.
- Follow industry updates and stay on top of bulletins from sources like the FBI. Ransomware, in particular, is an evolving threat and these organizations offer the most prevalent information.
- Invest in a reliable cyber insurance policy that includes full prior acts coverage, legal support and crisis management assistance.
- Find a safe, offsite location to store physical backups for all your data.
While hackers will continue to find new ways to steal valuable information, organizations that follow this approach will prove more trouble than they're worth.
Share this Post