Cybercrime is the process where hostile actors gain access to your data with the intention of holding it hostage (ransomware), threatening its release (extortion), or creating backdoor access to your networks to steal information.
Cybercrime is a constant threat to our community. 83% of these breaches involve external actors, most of which are financially motivated. Some 74% of these breaches involve a human element, such as social engineering (the manipulation of someone to give up sensitive information). 50% of all social engineering attacks involve the use of fabricated stories to manipulate recipients. This is nearly double the total in 2021. The financial loss from successful phishing attacks has increased by 76% in 2022.
CSI offers cybersecurity training to your entire organization as well as simulated phishing attacks that verify that your staff is benefiting from the training.
In addition to knowledge, best practices must be employed to help secure your data and your organization. Knowing these best practices is key to protecting your data’s security, while not employing them is an easy way to get hacked.
Having hardware protected and in working order is your first recourse against hackers. It’s important to keep good track of all your machines, in case one of them is stolen or compromised.
- Replacement: You should regularly replace hardware after seven years so your machines can be updated with the best defenses against cyber-attacks. New equipment is less liable to hardware failure or data loss.
- Hardware Management: Disc drives and ports should always be secured when not in use to protect from intrusions. Some of the most important data breaches in history were done by someone simply inserting a flash drive into a USB port or burning a CD. This is also important when employees connect to your network or in “bring your own device” workplaces. Just because you are using your own devices, doesn’t mean you should slack off on protecting yourself and your organization.
Software is another key part of your security strategy.
- Patching: It’s important to patch and update your operating solutions and software. This allows you the best protection from viruses and attacks. Ensure patches are done immediately when available.
- Cloud Software: You might be tempted to use SaaS, or Software as a Service solutions. Commonly known as cloud software, it has its own problems. Vendors take no responsibility for users’ data security, only for the availability of their software. This means that if your data is stolen or damaged while using such software, they will not take responsibility. This reinforces the value of backup systems that also backup data from SaaS providers.
Mobile Devices and Remote Access
Mobile devices can be useful, but they come with a host of problems. Mobile devices are extremely insecure; think carefully before allowing access to your network from insecure devices and remote computers.
Insist on multi-factor authentication for any remote access to your network. Remote devices are often vectors for malware infection. Insist on proper endpoint protection on any devices that remotely access your network.
Backups are a vital part of your data security. Backups secure your data in case of system failure or ransomware. It’s important to have two backups: either one onsite and offsite, or two independent off-site backups. This ensures that you have a backup for your backup in case there’s a fire at your building or something similar happens to one of the backups. It’s also extremely important to back up data from SaaS vendors because they are not responsible for your data.
Endpoint Protection is also a critical element in your cyber defenses. Earlier versions were popularly known as “anti-virus” software. The modern version of this is endpoint protection. Endpoint protection utilizes advanced techniques including AI, machine learning, and heuristics to identify malicious software by their behavior, not a database of known malicious software. The product will also inspect your emails for malicious content. Once detected the infected computer is cut out of the network so it cannot infect other devices.
Authentication and Data Access
Authentication is another critical element in your cybersecurity strategy. There are multiple types of authentication. Things you know, such as passwords, are one kind. Another kind is something you have, such as a key card. Finally, there’s something you are, which includes things like a fingerprint scan (biometrics).
Passwords themselves are a bit of a science. Long passwords with a lot of special characters, upper and lowercase letters, and numbers are key to cybersecurity. According to the National Institute for Standards and Technology (NIST), password resets are less important than having long and complex passwords at or longer than eight characters. It’s also important to include multi-factor authentication (MFA) and limit the number of failed password attempts before an account is locked out.
Multi-factor authentication is the current “gold standard”. What makes this approach different is the added step of requiring the user to input a code or authorization through a different channel than the sign-on, typically a six-character code from an email or message. This makes successful credential theft much more difficult.
Access to sensitive data should be controlled and guided by the principle of least privilege. That means that only those people who must have access to a given data type (e.g., accounting data) will have access to it.
A proper written cybersecurity policy document is essential. It will include the following elements: password requirements, email security, sensitive data handling. social media and internet access, protocols for cyber incident response, and remote access policy.
The purpose of a disaster plan or business continuity plan is to set procedures and responsibilities in the event of a data breach, ransomware, or other cyber incidents. It will specify who needs to be contacted and what should be done regarding preservation of data, evidence, and recovery.