Keeping You Up-To-Date With Information About Employer Solutions / HRMS
Emerging Cybersecurity Threats: What You Need to Know
By: Net at Work Team
As a leader, you spend a considerable amount of time strategizing ways to grow your business. Unfortunately, criminal hackers spend just as much time scheming their next cyber-attack in an attempt to exploit all your hard work.
With the growing sophistication of today’s cyber-attacks, it is important to understand the methods criminals are utilizing today to target your organization and to know what you can do to protect your business. Here are some of the newest methods hackers are using to target your organization and steps your organization can take to minimize the risk.
Consider just a few recent statistics:
In 2017 alone, more than 2.5 billion records were stolen or compromised by criminal hackers.
Businesses lost around $8,500 per hour due to ransomware-induced downtime. (Source: Datto)
Business ransomware demands averaged between $500 – $2,000. (Source: Datto)
Attacks from Within
The vast majority of attacks to your organization are, in reality, at the hands of your own employees. This is not necessarily because of malicious behavior or an employee’s intent on damaging the company, it is due to negligence.
The truth is that many employees are simply not adequately trained to detect common threats. This results in them serving as a point of entry for criminal hackers. In a recent article titled “Human Error is to Blame for Most Breaches,” a BakerHostetler researcher noted that “[f]ailing to address the human component of data protection can negate many of the next-generation defense-in-depth technologies in which organizations are investing handsomely.”
Below are some training topics that will help your team ensure they are protecting your organization’s sensitive data:
Help your staff recognize phishing attacks: Emails that appear to come from a legitimate source are the easiest attack vector for hackers to access your network. Regularly train staff on how to detect phishing emails, and continuously promote safe email practices such as avoiding attachments from unknown resources and replying to unfamiliar contacts with business information.
Remind staff to update antivirus protections and software applications: Many employees will ignore the alerts to update software, meaning they miss important security patches that can leave your organization vulnerable.
Control who can access what: The safest organizations are those that practice the “least-privilege” principle, which means that employees only receive access to the minimum amount of data needed to do their job.
Taking Your Organization Hostage
One of the most startling type of cyber-attack is ransomware – wherein a hacker blocks access to critical business data until the organization pays a ransom.
While phishing scams are common gateways for ransomware, savvy hackers have also found ways to have websites launch ransomware attacks through the use of exploit kits; these exploit kits look for vulnerabilities in your browser or add-ons like Flash, to infect your network. It’s not just sketchy sites that are prone to this, either: in 2016, mainstream sites like The New York Times, BBC, MSN, and AOL were all impacted, leading to the infections of thousands of users.
If your organization is infected, the best step is to recover all your files from a backup. This assumes, or course, that you have taken this necessary step. If backup files do not exist, you’ll be faced with a very difficult decision: either pay the ransom or move on without the files.
Another critical step your IT team can take is to ensure that software patches and updates for all systems used in the organization are up-to-date. Installing an ad blocker and disabling macros are additional critical steps your team can take to prevent these attacks.
Gadgets as Gateways
The term “Internet of Things,” commonly shortened to IoT, refers to devices that are connected to the internet. FitBits, Amazon’s Alexa, and Smart TV’s all make up the Internet of Things.
While a web-accessible coffee maker might make sure your staff has a warm cup waiting for them, it also could pose a risk for the IT team who will need to secure the network that contains a growing number of web-accessible devices. Each device connected to your network creates a potential path for a hacker to access your network, and as more and more devices get added to the IoT, the threat will only continue to grow.
The US Senate passed the Internet of Things Cybersecurity Improvement Act of 2017, which outlines a number of best practices that companies can take to protect against hackers exploiting their networks through IoT devices. Some of the most critical steps your organization can take include:
Set up permission levels per device, per user. For example, you may want every employee to be able to start that office coffee pot from their laptop, but only the network administrators should be able to update the software or remotely reboot the device.
Keep track of the versions of all devices to ensure recent patches and software updates are being downloaded in a timely manner.
Limit the addition of new devices to the network to those which receive approval from qualified
IT staff members. This will ensure full control of the network and proper screening of all potential gateways to the network.
This Summer, Net at Work is hosting User Group meetings for our Employer Solutions clients. Payroll systems are vulnerable to theft, but proper controls can minimize the opportunity for crimes to be committed. Join us at one of our User Group meetings to learn more about how you can put checks and balances onto your payroll system to protect your company’s assets.