Stranger Danger: Cybersecurity Best Practices
I’m sure all of us when were younger were taught Stranger Danger. We needed to be cautious of any strangers we met while walking to and from school or in any new places. Today, the strangers that some of us fear the most are of the cyber kind. They can steal our livelihood, identity and more with a few clicks.
Businesses are becoming victims of this Stranger Danger every day. Cyber crime rose by over 600% during the pandemic. It is estimated by 2025, the cost of cybercrime worldwide for companies will be $10.5 trillion. Unfortunately the pandemic amplified cybercrime due to the uncertainty around remote working and how to protect your business.
Many businesses are not prepared for cyber attacks and do not educate their employees on best practices to help prevent these attacks from happening. The month of October celebrates cybersecurity awareness. Education is the one of the biggest tools going forward to fight the Cyber Stranger.
Current State of CyberSecurity
There are some staggering stats surrounding businesses today and the safety of their data. The numbers are only increasing as new threats appear and businesses do not offer the appropriate resources to combat this problem.
A study by Accenture reports that 43% of cyber attacks target small businesses, and under a sixth are equipped to prevent those attacks.
On average, it takes a company 197 days to discover a cybersecurity breach. Needless to say, the longer it takes to discover a security breach, the more a company’s reputation and assets suffer.
A few more stats:
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Common Types of Cyber Attacks
64% of companies worldwide have experienced at least one form of cyber attack in the past year. What are the most common ones that businesses and their employees see?
- Phishing: A type of online scam that involves sending an email or other virtual communication impersonating a source that would usually be seen as reputable, such as a bank or an internet service provider. 91% of all cyber attacks start with a phishing email.
- Malware: Malicious software that gets downloaded onto devices without one’s consent. It causes devices to crash or can allow hackers to view computer activity, access files, and steal information. 27% of malware infections originate from infected USBs.
- Man-in-the-middle (MITM) attack: This occurs when a user intercepts communication between two people, or between one person and a machine. For example, a hacker might guide a user into a fraudulent site that appears to be the user’s bank’s website to collect their data. According to Netcraft, 95% of HTTPS servers are vulnerable to these attacks.
CyberSecurity Best Practices
A recent survey found that 61 percent of employees failed a basic quiz on cybersecurity fundamentals. With the average company spending only 5 percent of its IT budget on employee training, it’s clear that education is an opportunity for many organizations in the future.
Here are just a few best practices to follow:
- Avoid Pop-ups, unknown emails and links: Malware infections are among the most common cybersecurity threats organizations face. Having up-to-date virus scan and spam detection software is a great safety net, but it’s also critical that all users are trained to understand the dangers of clicking on unusual links, pop-ups or emails.
- Use strong password protection and authentication: It’s important to require all users to create strong, difficult-to-guess passwords and credentials for their accounts and change them often. Consider multifactor authentication (MFA), which requires an additional token of identifying code to access systems. 63% of data breaches result from week or stolen passwords.
- Enable firewall protection at work and at home: Firewalls are important gatekeepers, restricting traffic in, out or within a private home or business network.
- Back up data: Regularly backing up critical data is key to defeating ransomware and to business continuity in general.
- Control physical access: Preventing access or use of desktops, laptops and mobile devices should be a high priority as these can be easily stolen or lost. Make sure such devices are set to lock when unattended and grant only limited administrative privileges for such hardware.
- Minimize data transfers: Be mindful of how many devices contain important data and try to make transfers as minimally as possible.
- Verify download sources: Before making any downloads, scan the website you’re downloading from to ensure that it’s verified, and only click on legitimate download links.
- Keep software updated: Update software whenever updates are available is a great way to protect against cyber attacks.
- Encrypt where possible: Encryption tools can be used to protect data from unwanted individuals. When encryption isn’t possible, password protection is a great alternative. Be sure to choose passwords with a mix of letters, numbers, and characters, and to update your passwords regularly.
- User activity monitoring and behavior analytics: This can give insights on when there is suspicious activity around your data. These tools can help you prevent data theft in real-time.
- Practice robust and continuous employee awareness programs: Even with the best technology in place, human error is often the weakest link. Constant education programs is the most important best practice when it comes to cyber resilience. Human error is responsible for 90% of all security breaches.
What Will You Do Next?
Cyber threats are not going away and will continue to be a major concern for all businesses no matter the size. Contact Zunesis to find out how our solutions can provide extra protection. Reach out to find out about our assessments which may discover holes in your current IT environment.
Want to find out how knowledgeable your employees are on the topic of cyber security? Take this quiz from the Cyber Readiness Institute to find out how cyber ready they are.