Date posted: 23rd October 2015
October is National Cyber Security Awareness Month in the United States. To improve your awareness our security analysts have outlined top threats to keep in mind in order to protect your business.
Read below to learn more about the top cyber security business threats today and our recommendations to mitigate threats to your business operations.
Internal Threats: By far the #1 cause of cyber attacks and data loss is cause by internal sources. The holes can range from employees carelessly browsing the internet or clicking email files to social engineering stealing a password through a phone call or email. The solution here is technology and policy. Technology wise deploying a next-generation firewall will help mitigate risks from employees visiting unwanted sites during work. Policy wise you should have in place strong Two-Factor Authentication policies on passwords and also just make sure no one puts passwords out over the phone, via non-certified email or on paper. The effectiveness of this joint technology and policy solution should be verified with recurring penetration testing on the environment.
Ransomware and Data Backup: With ransomware, hackers are able to prevent users from accessing their data until a ransom is paid. You should back up your files daily with a trusted backup solution in order to protect your data and avoid having to pay more after an attack.
Cloud-Based Security: Your cloud or public cloud provider may contain extensive data sets and critical applications, which makes it a major target for hackers. Cloud security policies including data in transit and data at rest mitigation must be taken in order to address these concerns.
BYOD: Bring-your-own-device (BYOD), aka giving workers the ability to access critical data from their personal smartphones, tablets and laptops, is a top priority for many businesses. But if an employee loses a device or a gadget is stolen, the entire company may be at risk. We encourage companies employ strong BYOD policy including company ownership of data, remote wipe and monitoring to maintain security of data passing through. Mobile Device Management (MDM) software may also be of use in order to mitigate risk.
Critical Infrastructure Security: Cyber attacks on critical infrastructure can cause long-lasting damage or permanent damage to your company. There’s no such thing as 100% protection but we recommend working with a trusted managed security services provider to collaborate on strategy and softening post-attack mitigation.
Mobile Adware and Junkware: As the iOS and Android platforms grow for use in business mobile adware, malware that illegally captures a smartphone or tablet user’s personal information, is becoming increasingly problematic. Requiring employees install anti-malware software on their mobile devices can help mitigate this issue.
Social Media Security: With a social media attack, a hacker may be able to steal a user’s login credentials, and eventually, his or her personal information. Your company social media accounts should be protected using industry standard password protection and update policies should be in place to mitigate the risk of brute-force attacks on your social media accounts.
Malvertising: Online advertising has become a significant threat vector in the past few years. Real-time bidding systems, lack of control and oversight have let hackers use the display ads you see on the web spread malware. In addition to harmful malware online advertising cookies and re-targeted violates your privacy as data is sold to third parties openly. Companies and consumers are recommended to use ad-blocking software such as Ghostery in order to protect their browser.