With the percentage of employees working from home over the past year after COVID-19 forced businesses to close, more employees have been online more often as a result. On the opposite side of the spectrum, cybercriminals and threats have increased significantly as well, and they will continue to exploit the pandemic over the next weeks and months. From outdated software versions, stolen passwords, application vulnerabilities, malware, and phishing scams, these have been many of the reasons behind the abundance of data breaches in the past. However, according to a recent report by Willis Towers Watson, there are new threats to be concerned about, including scams, malware distribution, domain name registration, or rapidly-deployed attacks relating to COVID-19 or coronavirus.
The frequency of security breaches has increased by over two-thirds since 2014, and yet even with the heightened risk of attacks, businesses continue to fail when it comes to taking precautions. Businesses of all sizes have been crippled by ransomware attacks, completely losing control of their data, but small businesses have a bigger risk because of the availability of information cybercriminals are after. Most of the time smaller businesses lack the security capabilities of larger businesses.
COVID-19 related shutdowns made remote work forces necessary, and businesses have had to address remote access issues. Virtual private networks (VPNs) and multifactor authentication methods have benefited companies, but other businesses that aren’t tech-savvy have left themselves open to attacks.
In a virtual working environment, with more clients and employees using mobile devices at home, attacks via phone (“vishing”) and via application or text message (“smishing”) have increased as well. The way it works is that SMS (short message service) attacks will redirect recipients to a website which is vulnerable and compromised in order to take control of their device and harvest their user credentials (usernames, passwords, etc.).
One particularly troubling statistic is that 88% of small business owners felt that their company was vulnerable to attacks, and this was before the COVID-19 pandemic even began. The challenge lies in that many companies aren’t able to afford professional IT solutions, lack the time and energy that cybersecurity requires, or they don’t even know where they should start.
Imtex offers your businesses the following advice to protect their data from being breached and to improve their cybersecurity.
Make sure staff is trained and able to identify cyberattacks.
A potential hacker or phishing scammer will search for a point of entry into a company’s network system, targeting these vulnerabilities. Unfortunately, most of the public is unprepared, with a Computer Disposals study finding that only 5% of the public is able to detect and differentiate between genuine and phishing scam emails. Another important method to use is enforcing a company-wide password policy for employees. This makes it less likely for systems to fall risk to brute-force attacks, because each character set or length of passwords increases the number of possibilities exponentially for a hacking program to break. For example, if using only letters and numbers, a 10-character password can still be instantly cracked. However, a 10-character password containing numbers, upper and lowercase letters, and symbols would take five years to crack. A 16-character password with the same character sets would take one trillion years to crack! Make sure every employee understands the importance and reasoning behind a longer, more complex password.
Make sure all applications have the latest version of software updated.
Potential hackers or organizations that attempt to gain access to a company’s systems and data often will try to break through programs, which is why security companies catch these threats and update programs on a consistent basis to remove those vulnerabilities, so make sure to routinely check and upgrade major software on all systems.
Have the most up-to-date antivirus and firewall technologies installed.
This goes without saying, but a system that has outdated firewalls or antivirus software that isn’t updated on a regular basis resembles a piece of fruit left exposed to the elements. Eventually, mold will take over the fruit and render it unfit for consumption, similar to a company’s data being compromised by hackers or cyberattackers.