If COVID-19 hasn’t touched your life yet, consider yourself lucky.
This pandemic has impacted the daily lifestyles of everyone, from corporate heads to stay-at-home parents. With fluctuating shelter-in-place orders and lockdowns around the world ongoing, people are spending more and more time online, attending virtual meetings, completing digital assignments, and shopping from home.
But, alongside this increase in screen time, the pandemic has seen a rapid rise in cybersecurity breaches for consumers and companies alike.
Given the expanded efforts of hackers targeting eCommerce shops and online retailers today, now is a good time to take a look at your organization's security system and shore up its defenses where needed. And even for those who don't run online business platforms, creating an environment where you can safely browse the internet without fear of inadvertently sharing your private details with a lurking hacker is worth the effort.
Plenty of misconceptions surround cybersecurity. In this article, we will explore and debunk four of the most common myths in order to give you and your company the best chance to keep private information private.
Myth 1: Only Technology is Vulnerable to Cybersecurity Attacks
Usually when one thinks of a hacker breaching a network or device, the image that comes to mind is of a tech wizard camped in their (or their parents’) basement, furiously tapping away at a keyboard as they convert your trusted software into friendly-fire virus attacks.
Unfortunately, modern hackers have become quite adept and sophisticated at poaching sensitive data and personal information from a long distance – except when it’s not. While the violation may take place in the digital sphere, your real day-to-day operations may also be at risk – including physical security.
Even if your company has little in the way of an online presence, maintaining security may still be a problem. Hackers’ targets have evolved to encompass all aspects of tech-related life.
One famous hacker, Kevin Mitnick, was able to breach physical security through digital manipulation. By hacking into online systems, he gained access to various company buildings. Once inside, his hacking abilities allowed him to record and alter sensitive company information. This kind of thing goes on about once every 39 seconds – that’s a lot. Expect that the odds will not always be in your favor. In other words, sooner or later a hacker is going to set you in their sights.
Another important reminder of the physical implications of cybersecurity is the Stuxnet worm, which infected Iran’s nuclear facility, Natanz. The virus was detonated when an employee inadvertently plugged a compromised flash drive straight into the computer’s operating system. Because Stuxnet was designed to be as contagious as possible, the virus spread rapidly through multiple channels. In the end, Stuxnet affected five targets. Although it was a digital virus, it had to pass through physical gateways that ultimately led it to shut down an entire nuclear power plant.
You can, however, take comprehensive steps to prevent this kind of attack. Beyond simply relying on your company’s IT team, utilizing human intelligence, training, and careful attention to suspicious online behavior can be instrumental in preventing cybersecurity breaches.
Security experts recommend pairing digital security systems with physical ones to prevent cybertheft. Video cameras, complex employee ID systems, and maintaining awareness of physical objects containing potentially sensitive information, such as USB sticks and hard disks, can help combat cyberattacks.
Encrypting the data on these devices puts another obstacle in the path of an enterprising hacker, making them a safer place to store sensitive information than paper files stashed in a three-drawer file cabinet, which can easily be picked up and carried out.
Myth 2: Hackers Only Target Massive Global Corporations
The truth is, no business is too small to be on the radar of hackers and spammers. In fact, sometimes the opposite is true: potential hackers may see more opportunity for success preying on more vulnerable small companies, assuming correctly that a small organization is less likely to have taken adequate precautions to prevent breaches. Studies show that 43% of cyberattacks target small businesses and that half of all small businesses report having been targeted by a cyberattack in the past year.
The losses resulting from a successful hack can be extraordinary. The simple act of employing IT to run logistics and detect the cause of the attack can set a company back thousands of dollars. Add to that profit losses and funds required to restore order following a security breach can reach hundreds of thousands of dollars. A typical small business can be put out of commission for days or for good as they scramble to fix the tampering and install new, stronger security systems.
And that doesn’t even take into account fines that might be forthcoming from regulatory agencies like the GDPR as punishment for losing control over what should be private customer data.
For small businesses, cybercriminals are usually interested in acquiring personal data. Customer emails, employee phone numbers and addresses, and automated payment details all are valuable commodities on the Dark Web or to use for identity theft or fraud.
Nowadays, even companies considered “old school” are utilizing digital tools for organization. With digital records keeping track of your payroll, inventory, income sheets, and other information, there are more opportunities for hackers to access information – putting your company at higher risk of a security breach.
One increasingly frequent method of attack involves fraud and impersonation. With sensitive communications being sent via email correspondence, conversations relayed through business emails may also be compromised. Cyber thieves posing as employees can request additional details from unsuspecting colleagues and employers.
If employees are not paying attention, they can easily install new software, make changes to the payroll, or send through money transfers directly to hackers. But these kinds of impersonation attempts are often easy to spot. The best defense against this kind of attack (known as phishing) is to instill a culture of suspicion in employees regarding any email they receive. Keeping employees on the lookout for emails or requests that seem unusual will make it less likely that they will fall for an impersonator.
Myth 3: Your Company Needs to Spend Big On Cybersecurity
While it may seem like an excessive additional financial investment, taking steps to ensure that your systems are secure should be a priority. And, contrary to popular opinion, finances don’t have to be the determining factor in shoring up your defenses.
According to industry experts, at least 7% of a company’s annual budget should be devoted to cybersecurity. But some of the measures you can take to protect your assets are small and easily doable, even without a single IT point person, much less a team of IT technicians.
Think of your company like a medieval fortress. Each basic step you take to improve security increases the overall difficulty in penetrating it. Instead of adding a moat with alligators and archers with flaming arrows, make sure each employee uses a secure password consisting of an inscrutable combination of numbers, both upper and lower-case letters, and symbols.
Next, add 2-factor or multi-factor authentication to login processes. Using multi-factor security procedures provides another simple, basic, daily line of defense to protect your business assets. Even if one layer of security is breached, multiple secure entry points mean there are more ways to thwart attempted entries. Maintain efficient firewall security for your company’s internet browsers. Also, create regular backup copies of all important documents and data, safely stored in a secure location, which only select employees are able to access.
Use a Wi-fi connection only when it is hidden and encrypted in order that business transactions completed on your networks are secure. Prevent employees from downloading software without permission. Too often, the result is an accidental import of malware, spyware, or viruses at the same time.
We’ve mentioned this before, but train your employees. Even a basic course in preventative cybersecurity that teaches your staff how to spot and identify possible security threats can make a real difference. And if training gets your employees to interact directly, then even better. Providing a safe and secure workplace for a close-knit team is a great way to improve overall security, whether you operate in the digital or physical sphere.
Myth 4: Cyberattacks Only Come from Outside
It may be more comforting to assume that the only threats to your company’s cybersecurity come from external sources. Unseen and anonymous, hackers attempt to break into your systems from the shadows of their basements, the virtual equivalent of the dark alleyways in a city.
In reality, this just isn’t the case. Research has revealed that nearly 75% of cyberattacks are carried out by an internal player. Disgruntled employees who feel they are not receiving enough pay or benefits at work, a recently fired employee bearing a grudge, or a clueless colleague unaware that what they are doing may create large-scale security breaches that threaten the functionality of the entire operation.
Some dissatisfied ex-employees even attempt blackmail, hoping to extort ex-employers for material gain using secure insider information. But regardless of the threat, employees are privy to sensitive data. Otherwise your company could not run efficiently. So how do you protect yourself against double agents?
Educating employees on how to detect suspicious activities and behaviors can deter those who might otherwise present a liability. Limit permissions to confidential data and be judicious in choosing which employees are granted access to what information – and how many people are privileged to a set of data at once. Keep strong records and regularly update these lists, so that you can stay on top of all possible security breaches, identifying weak spots before they happen.
Additionally, implement access controls for all internal systems. This strategy ensures that your systems automatically update each time someone leaves your company. This means that not just former employees, but also contractors, vendors, and other one-off contacts will no longer be able to access the private information stored in your databases. This way, your systems stay secure, preventing yet another layer of attack.
Be Aware, Be Secure
Although many company owners may be surprised at the prevalence of cybercrime, and the frequency with which cybercriminals target unsuspecting organizations, the basic steps we’ve discussed can go a long way towards protecting company assets.
By tightening in-person security and training employees, you strengthen the one constant resource that makes your company run: the people who work in it. Putting in place digital protection systems helps secure your company software and digital information from the inside, one important line of defense. The other? Improving communications, trust, and training among all company employees. This way, you are able to create a strong network of protection against security breaches from internal players as well as external hackers.
Cybersecurity doesn’t have to break the bank either. It just requires common sense and vigilance, as you keep track of your most precious information, restrict common access to important files and details, keep your systems up to date and dynamic, and stay on alert for any online behavior that seems suspicious.