Posted on November 5, 2020
Security
With a shift towards digital and cloud platforms during COVID-19, data is paramount. Businesses are sharing confidential data and documents as standard practice. The peace of mind of secure data is valuable.
With a global pandemic also comes an unfortunate increase in opportunistic hackers. Phishing and malware are at a peak. Hackers are exploiting the uncertainty and fear surrounding our economy and health.
While misinformation and malicious ‘COVID’ named domains are on the rise, businesses are under attack too. Phishing scams, malware, and data harvesting malware are big threats. Some callous hackers even target hospitals.
Even those of us who are diligent are falling victim to attacks. Phishing emails can be incredibly realistic and, without an inspection, are dangerous.
Here are five tips to protect your platform (and its data) from new security threats.
The first step for any IT specialist or cybersecurity team is prevention. Education is one of the cheapest and most effective ways to do that.
76% of respondents in a worldwide report admit to opening emails from unknown senders. At the same time, almost all respondents recognize that phishing is a potential threat. Knowing the existence of a threat doesn’t help prevent it.
The optimism bias is a cognitive bias that affects our thinking about security. As its name suggests, we are often over-optimistic about the likelihood of being the victim of a hack.
Regardless of the security level you put in place, your systems will be accessible to many employees. Every employee is a potential target to access secure data.
Therefore, education has a high ROI. Educate your employees on the safe use of the web, emails, and passwords. Make sure you create a culture of regular password changes. Your employees can also help you improve your security systems.
Employees will have a better idea of what data is most sensitive and processes that share that data. They will also be able to look out for potential threats or strange activities. The faster threats are reported, the faster you can neutralize them.
One of the biggest cybersecurity concerns is an unreported attack, as we’ll see with Equifax below.
Regular updates are one of the easiest and most overlooked ways to prevent compromised data.
Security companies like Netdepot can install a robust protection system. They offer security as a service to make encryption and firewalls easier to maintain. Real-time responses, 24/7 maintenance, and restoring data is priceless.
Still, before investing in a security system, update your software. Software has more variables than hardware, so most developers continue to release updates after the sale.
Updates fix bugs, plug security leaks, and enhance features or compatibility. Cybercriminals search for and exchange knowledge of software vulnerabilities. The more common the software is, the more valuable the knowledge.
Most businesses, for example, use Microsoft Word. If a vulnerability in Word allows hackers to compromise your sensitive documents – it would be worth millions. Regular updates make these vulnerabilities redundant.
This type of vulnerability cost Equifax $425 million back in 2017. The old software was responsible for leaking personal data from almost 150 million Americans. The hackers spent over 76 days browsing through private documents before being detected.
Updated software can be time-consuming but is critical to security. It also has the added bonus of keeping the software running smoothly for employees. Newer software brings more features and better performance.
Data encryption will reduce the chance of data leaks and hacks. Even if your data is stolen or seen, the chance of critical information leaking is far less.
Often, attacks like Phishing are not targeted to one specific company. Replication of the attack across many different databases increases the chance that someone will fall for it.
If companies encrypt their data, scams and lower effort hacks are less dangerous. Hackers are not likely to spend a lot of time decrypting documents that may not be valuable.
Data encryption is especially crucial for businesses that use cloud storage systems. Documents traded via email are equally vulnerable.
Modern business techniques like uninterrupted web connections to cloud storage make data vulnerable. It is nearly impossible to prevent documents from leaking to the wrong people.
Data breaches are expensive, but data protection is far cheaper. While companies prefer to cloud compute for data safety, this isn’t 100% secure. Hackers can still use an insecure network or phishing link to access your data.
Two of the most common forms of data encryption are symmetric-key encryption and public-key encryption. Symmetric encryption is using the same algorithm-based key stored on many devices.
The key doesn’t have to be shared between devices ahead of opening documents. The vulnerability is that if a hacker can access a company network and the shared key, they can access all data. Hackers could even encrypt their own data to look identical.
Public key encryption is not foolproof but can be more secure. Each person in an exchange creates a public and private key. The keys are large numbers with complex mathematical properties.
Data encrypted by one person with their private key can only be read using the matching public key. You would then send your public key to the receiver securely. The receiver can then read the encrypted documents.
For the highest level of security, public keys should be exchanged offline. Compromised communication channels can create security loopholes.
Mobile devices like laptops and smartphones have a much higher risk of theft or loss. Many modern businesses supply laptops and phones as standard procedure. The ratio of laptops to employees has jumped during the pandemic.
Mobile devices have three crucial vulnerabilities. Access, data, and applications. While a strict password policy is essential, identity security, data encryption, and application security are critical.
It may be wise to reconsider any ‘bring-your-own-device’ policies.
Mobile devices are subject to more threats than other devices. Data leaks can be common from apps that ask for broad permissions. Those apps intend to gather personal data but may grab corporate data with them.
Unsecure wireless networks are also a threat. Try to use Wi-Fi sparingly on mobile devices. If you connect to a home network during the pandemic, make sure it is WPA2 secure—more on that below.
Phishing attacks are more effective on mobile devices because less information is displayed. Smaller screens often don’t display web URL’s or full email addresses.
Some apps on mobile devices use weak encryption algorithms resulting in ‘broken cryptography.’ This means that developers use common algorithms even though their vulnerabilities are known.
Motivated hackers can exploit these and crack passwords. Flaws in code in mobile apps allow attackers to modify app functions. Hackers can send and receive text messages from the phone, for example.
Tokens on mobile devices make transactions easier without authentication. You may have seen this when connecting to wireless networks. Secure apps generate new tokens for every access attempt.
However, some apps share tokens with other devices, which allows the device to be impersonated. This lets the hacker keep a session open after the user has left the app or website.
If an employee is logged into their company website, a cybercriminal could keep the session running after.
That allows the criminal to continue browsing after the user has left if they did not log out.
Wi-Fi is convenient. But without additional security steps, Wi-Fi is a security loophole. Anyone connected to your wireless network can intercept data transmitted across it.
WPA2 protection is more secure than WEP or WPA protocols. If you’re using an older protocol, consider switching. For the highest level of security, use a router with enterprise-level WPA2 security.
It is also wise to hide the connection from public devices. Make sure guest networks for customers or clients are separate from your secure network. Different networks should use separate hardware.
Cybersecurity can be an investment, but it is always far cheaper than a data breach. Remember that cyber threats are on the rise during the pandemic as more people exchange confidential information. Secure data is both a necessity and a rarity.
Consider security options that give you the most control without being a nuisance for employees. If cybersecurity measures are difficult or annoying to comply with, employees may ignore them.
Security is only as strong as its weakest point. For more information about security as a service, please contact us.
Remember that cyber threats are on the rise during the pandemic as more people exchange confidential information