Cybersecurity: What You Need to Know to Protect Your Business
There’s still no end in sight to the constant onslaught of cyberattacks on today’s businesses, both large and small. Although we’re bombarded with headlines about the big breaches, small businesses are just as vulnerable. The 2018 Hiscox Small Business Cybersecurity Report tells us that 47 percent of small businesses experienced an attack in the past 12 months and 60 percent of these companies then folded within six months – yet just 52 percent of businesses have a cybersecurity strategy.
While most businesses understand the importance of a strong cybersecurity strategy, they may not truly understand the why – how strong security equates to better business outcomes, like solid financial health, a good reputation and high marks for customer satisfaction and trust. Leaders must make this connection clear so more businesses are spurred to action.
Here are five of the latest strategies that bad actors are using to penetrate companies’ valuable data. Take some time now to make sure you’re prepared as these risks evolve; as the statistics show, no company or organization is immune, and the risks accelerate as new threats proliferate. Staying on top of these latest threats is one of the surest ways to keep your company cybersecure:
- Fight Mobile Malware – Since mobile device usage is barreling towards computer usage in terms of web visits and email access, mobile devices are also extremely vulnerable to malware. Although many companies try to prepare for this with security patches, they run into privacy concerns that stunt these attempts. Android bases are most at risk since a large majority of the devices are running older versions of the program that are vulnerable to attack. To remedy this, companies can provide anti-malware solutions for their mobile devices.
- Secure Your Internet of Things (IoT) Devices – We’ve covered this at length in previous blog entries. IoT devices compound security threats because they are networked, and thus exposed to attacks through the internet. As companies add more and more devices to their systems, including smart devices to manage HVAC, electricity, security and more, the threats multiply. These devices are made by different manufacturers and have varying levels of security. It’s important to devise a strategy to inventory and properly manage the security features of these devices to prevent breaches.
- Beware of Cryptojacking – We’ve seen the destruction that ransomware can wreak on companies and organizations with networks that are not properly protected or backed up. These large ransom sums make big headlines, and paying the hackers doesn’t always guarantee the safe return of stolen data. It’s a pernicious threat that affects all types of companies, municipalities and other organizations. Cryptojacking is a maneuver that takes ransomware one step further. Deploying malware technology strains that are very similar to the Petya and NotPetya strains of ransomware, criminals mine for cryptocurrency in the background while your computer is running other programs. Known as cryptomining or cryptojacking, it’s a threat that no sized business is exempt from. Anyone with a network can be at risk.
- Implement Secure Cross-Site Scripting – According to Forrester, cross-site scripting, or XSS, comprises 21 percent of current vulnerabilities. This weakness can be addressed when sites are developed, but often companies fail to do so. XSS attacks use content sharing websites like blogs, video sharing sites or message boards as a weapon by enabling hackers to add their own code into a victim’s browser, interact with the victim under the guise of that trusted site, then extract the cookie information that helped authenticate their account. Bad actors with this access can also steal other valuable information, change page content, deploy trojan horse viruses or perform other malicious acts. For your own site, the first protection is prevention, with careful attention to this risk during website development. To fix sites that your employees access, try using a bug bounty program that identifies and publicizes attacks.
- Prepare for Geopolitical Risks – Even though a company might not conduct business internationally, chances are that its vendors do. This is one of the most insidious and increasing pathways into organizations, as vendors share emails and other communications that open up a way for bad actors to pounce. In addition to working with international vendors, many businesses store their data in international sites that are vulnerable as well. While geopolitical risk was a more physical concern in years past, it is very much a cyber one now. Hackers around the world are actively trying to breach networks and cause damage to companies here in the U.S.. Again, no one is immune from these attacks. Be aware of what you share with vendors and ensure that your data is stored in a safe site.
The cybersecurity landscape is changing all the time. If you have concerns about these or other cybersecurity threats, you can reach us here.