With Halloween quickly approaching, this time of year is spooky enough with ghouls, goblins, and witches lurking in the shadows! While we can see these scary creatures, we cannot see hackers and other cyber threats, so it’s tempting to view them as less real or fearful. But they are very real indeed.
In the world of information technology, October is also National Cybersecurity Awareness Month, so it’s the perfect time to discuss the cyber threats we’re seeing and how to stay safe from them.
Data breaches via spyware, ransomware, viruses, and worm releases (like WannaCry) have been behind the growing number of cyberhacks at small businesses and multi-national corporations alike. These attacks vary in size and execution but are all similar in their grave impact. In last year’s Equifax breach, data such as social security numbers and birthdates of over 140 million US citizens was stolen. In February’s MyFitnessPal breach, hackers accessed usernames, email addresses, and passwords of over 150 million users. And in the Hudson Bay Company security breach announced this April, hackers acquired details on five million credit cards/users and offered them up for sale on the darkweb.
How do you safeguard against this cacophony of threats?
One of the most effective ways to prevent malware from infiltrating your network are to keep everything updated at all times—this means security software, browsers, and any third-party plugins— and install firewalls. Backing up files consistently is also perhaps the most important thing you can do to recover in the case of a ransomware attack or natural disaster. It can be the difference between getting your system back up and running within hours as opposed to days.
Last but not least, establishing solid endpoint security is a big step to preventing malware from infecting devices and getting onto your network. Employees are both the biggest risk and the greatest asset for companies when it comes to cyberthreats. For this reason, training needs to be created thoughtfully and conducted regularly. In conjunction with training, it is critical to regulate how employees gain access to data, systems and facilities. Leveraging multi-factor authentication and ensuring that is used 100% of the time – not only in some cases – is one piece of this puzzle. Periodically conducting reviews of access rights and following clear, consistent policies and procedures when terminating those rights is another.
Hackers never stop thinking about how to find the keys to the castle; as such, you can no longer afford to let your guard down for an instant. The more you can stay on top of these safeguarding steps to create a layered security strategy, the better!