Commonly Ignored Cybersecurity Threats
Cybersecurity has become a buzzword over the past few years, as large corporations, government entities and small businesses experience more breaches.
Some small and medium-sized business owners think they will fly under the radar. Yet these businesses are targets too, often as a result of lax cybersecurity policies and accessible client information.
Unfortunately, antivirus software and an IT professional who enforces cybersecurity best practices are no longer enough to keep businesses protected. With threats emerging daily, business owners have to remain alert, including to these often overlooked instances.
Mobile Devices
It’s not uncommon for a business to issue company phones or supply tablets. Yet these devices frequently go unprotected and, as employees surf the web for personal reasons, they may pick up malware. Once on a mobile device, malware can travel through the company’s network, where a third party can access trade secrets and client information.
Especially as mobile search continues to increase, these risks will not die down. To prepare, make sure company phones have appropriate adblockers and antivirus programs installed, proper encryption and establish policies for web usage and downloading apps.
Leaving Email Unencrypted
When passwords and banking information are sent over email without encryption, the data becomes easy to collect and sell. Even minor details can be used to conduct a data breach and steal financial information or a phishing scheme that targets multiple employees. As a solution, both Gmail and Outlook offer options for encrypting emails.
Phishing
Phishing and social engineering have been around for years, yet plenty of employees still fall prey to these schemes. When an unfamiliar message comes through, an employee may not be suspicious and click on a link that downloads malware or asks them to enter key personal or business information.
Spear-phishing targets businesses and government organizations to gain access to the network or important company information. These attacks are often orchestrated to obtain financial or trade secrets. To mitigate these threats, continue to train employees on how to spot phishing attempts.
Ransomware
Ransomware may be another consequence of opening suspicious emails. In these cases, the employee clicks on a link that seems legitimate and is told to download an attachment or go to a website that loads a program onto their company device.
The program then locks the device or essential files in the hard drive and, to regain access, the victim must pay a ransom to a third party.
Just as with phishing, train your employees to avoid potential ransomware attacks. Because a device will need to be wiped afterward, all company files should be securely backed up.
Cryptojacking
Cryptojacking is not on the radar for many businesses. Similar to ransomware, a third-party uses the victim’s device to seek out cryptocurrency and is able to do so through phishing or accessing public Wi-Fi.
In this instance, a separate program does not need to be installed. Instead, this can happen through the browser by taking advantage of a website’s JavaScript. As a preventative measure, install an adblocker and warn employees of emails with suspicious attachments.
Public Wi-Fi
Does your business maintain both public and private Wi-Fi networks? For businesses of any size, open or public Wi-Fi proves to be a problem, as a third-party can observe activity without taking any action and is able to intercept unencrypted emails in the process.
Forgetting Macs
For at least two decades, many people believed hackers did not target Mac computers for their supposedly stronger safeguards. Yet as numerous attacks over the past 10 years have shown, Macs still require protection against outside threats and should be integrated into your company’s cybersecurity strategy.
In addition to cybersecurity training, protect your business against attacks with data breach insurance. To discuss your options, contact us today.