In today's age, we all must be cyber aware. The average American today has access to more than 10 Internet Connected Devices in their household. Most have at least 2 computers and 2 smartphones. Across the world, an estimated 30 billion+ devices connect to the Internet. This connectivity generates massive potential for advancement; but in turn, creates a paradise for hackers. This is nothing new. Hacking has been on the rise since the dawn of connected technology. And here's the problem. Most businesses have maintained the same security protocols for just as long. The theory is that what they've done so far has worked, so why is there any reason for change? Here are the seven reasons why technology is more dangerous than ever before:
Side Note: Why focus on cybersecurity now? October is National Cybersecurity Awareness Month. For the past 17 years, during October CISA and partners have focused on cybersecurity. Follow us on Facebook and LinkedIn for more tips and tricks throughout the month.
Let's Be Cyber Aware About Ransomware
The first computer virus was introduced in the 1970s. It took over systems by replicating on the hard drive until the user didn't have system space to operate. It was actually built as an experiment and had no malicious intent/implications. Today, viruses aren't child's play or experiments, and the most dangerous one takes over the hard drive completely, encrypting every piece of data.
If you're connected to a network, it can then infiltrate the servers and start encrypting there. If your data backups are also on that network, you lose all access to a clean backup. The only way to get this data back is paying the ransom (not recommended under the vast majority of cases), or working with an IT company to revert back to a clean data/decrypt the files based on the specific ransomware in play. Either way, you're spending a lot of money and time to get back what's yours to begin with, your precious data.
Part of Being Cyber Aware is Knowledge of Phishing
Phishing emails at one time were super easy to spot. The Nigerian prince desperately needed to send you money if you inputted all of your personal information. Since then we have become more cyber aware, but phishing attempts have improved. Today, phishing attempts are a whole lot smoother. The perpetrator researches enough to identify your boss, then sends an email under his/her name asking you to discretely transfer money or send identifying financial information. Unless you're looking at the exact email address it's coming from (typically spoofed by one or two letters in the domain), all of a sudden you've transferred $40,000 into an unknown person's account thinking it's your CEO.
You won't think anything of it until you speak with your CEO later and realize that is wasn't really them. These honest mistakes cost companies hundreds of thousands of dollars every year with very little recourse to get the money back where it belongs. Some experts say that employee mistakes cause nearly 92% of breaches.
As more people work remote, particularly with the urgency of the past six months, businesses have lost tight control on their data, increasing the threat of malicious insiders. While we want to trust every person working for us, that one disgruntled employee who decides to store a copy of the customer data before putting in his two-week notice, could wreak havoc on your business when they decide to work for your closest competitor. Virtual Office solutions can alleviate a lot of the pain this could cause and allow you to keep every piece of data exactly where it belongs.
Data Leaks and Password Practices
Malicious insiders can cause these leaks, but they're also the password leaks from major players that you hear about frequently. You may be wondering how a LinkedIn password breach can really hurt you in the long run (after all they really just gain access to your professional resume). 53% of people admit to reusing their password on multiple accounts. Hackers rely on this. They can sell the password or utilize that password to hack much more dangerous things, like your banking institution. Our best recommendations: use complex passwords, don't reuse passwords, use a password vault to keep track of all your passwords, and implement two-factor authentication wherever you can.
Become Cyber Aware About Cryptojacking
Cryptocurrency is a hackers' favorite payment method. It is untraceable and extremely valuable. Beyond requiring cryptocurrency for the vast majority of ransomware attempts, some hackers infiltrate a system and use it to mine cryptocurrency without the user's knowledge. They get in utilizing a malicious email link or through malvertising (advertising that carries nefarious code). A user may recognize slightly slower performance, but they more than likely never know that someone is using their system to mine cryptocurrency. Some codes also spread throughout networks, so that hackers can maximize their financial gain using someone else's resources.
As we connect more devices to the Internet, particularly those items in our homes - stoves, cars, Alexa or Google - we open another target for hackers to infiltrate our lives. They may canvas homes through your connected camera system or baby monitor, install viruses on your stove or vehicle that impact performance, or begin speaking to y0u randomly from your device. IoT can be safe, but you must make sure you're utilizing as many security precautions as humanely possible.
The greatest advantage for hackers is they have become more sophisticated and educated overtime, and the good guys haven't been able to keep up. If you're relying on internal IT or an MSP without security expertise, your team is most likely behind on the threats and not implementing everything they need to keep your staff safe. They should implement things like phishing tests, employee education, dark web scanning, hosted back-up solutions, crisis planning, multi-factor authentication, and professional-grade permissions control for administrative privileges to keep you safe. If you're unsure of your security level with your current IT solution, contact us.
Keep reading CRC Data Techologies blog here.