Cyber Threats | Prevent - Detect - Respond

If you're a business owner, you probably know that cybersecurity is important.  But how important is it, and what are the potential threats that inadequate cybersecurity can cause your business?

Who is Affected by Cyber Threats?

Cyber threats are constantly changing and evolving.  In response, the strategies and tactics used in cyber security must do the same in order to keep up and stay ahead.  Every year, 90% of Canadian businesses experience some type of cyber intrusion.  It isn't always smaller companies that take the hit.  Even huge companies like Yahoo experience cyber intrusions.  In 2016 Yahoo disclosed that in 2013, they were the victim of a hack that affected as many as one billion accounts.  Malware continues to flourish and grow, doubling in 2015 alone.  The cost of cyber intrusions has recently amounted to an annual cost of $575 billion.

Ransomware - A New Threat

One of the more recent challenges in cybersecurity is ransomware.  Ransomware is malicious software which is installed on a computer system to block the user from accessing their data until a ransom has been paid.  Data becomes encrypted and they are given a short window of time to pay the ransom.  Ransoms can range from a couple hundred dollars to thousands of dollars and the software can be used to infect pretty much anything from email to programs, to websites.

How Do You Stay Protected?

As in many cases, the best defense against ransomware is prevention.  It is important to ensure that any physical equipment is kept secure and that when it's time to throw out equipment, it's done so correctly way.  People should ensure that they don't make careless mistakes such as sending the documents to the wrong person, posting them in an unsecured place, and avoid falling prey to phishing scams and tailgating.

Passwords are your first line of defense.  The stronger the password, the harder it will be to break.  Keep your passwords safe and unknown to everybody but yourself.

Minimize your data.  Don't collect information you don't need.  In the case of a hack or a security breach, they can't take what you don't have.  Reduce the number of places that you keep your data.  Grant employees access to sensitive data on an "as needed" basis, and keep records of who has access to the data.  Once it's time to get rid of old data, do so responsibly.

Always keep your IT current.  That includes staying up to date with security software patches and updates, keeping anti-virus software up to date, and undergoing regular risk assessments.  

You should always ensure that you and your employees keep personal and business information separate.  Always access business applications in the most secure way possible, and if a system is compromised, wiped remotely, and geo-tracked.

Detecting Cyber Attacks

There are various ways to detect cyber-attacks or attempted attacks.  One of these ways is through email filtering. This will detect attacks before they happen to ensure a lower level of human error. A report from PhishMe found that 91% of cyber attacks start with fraudulent emails claiming to be from reputable companies in order to trick individuals into revealing personal information, such as passwords and credit card numbers. Why are people duped by these emails? The study revealed that 13.7% were curious 13.4% reacted in fear and 13.2% felt a sense of urgency, this was followed by reward/recognition, social, entertainment, and opportunity.

Another way to detect cyber-attacks is to have web filters installed so that employees are unable to visit malicious sites which could harm your network security. Malicious traffic is sent through encrypted HyperText Transfer Protocol Secure (HTTPS). This is a secure piece of data that is sent between your browser and the website that you are connected to. Offices that don't upgrade their security tools and perform inspections on corporate Internet traffic will be an easy target for attacks.

Nothing is as effective as having an ongoing management of your cybersecurity. IT service providers will monitor your network and inform you of any issues before they escalate. Having a team dedicated to cybersecurity technology is your best defense to detecting a cyber attack.

Responding to Cyber Threats

Notify relevant parties including customers, governing bodies, management, employees, human resources, legal resources, and of course, your IT team.

Ensure that you have a disaster plan in place for data recovery.  This includes securely backed up data and knowing how to handle an interruption to your business. The last line of defense is always you.  You should always keep your computer safe. Protect your data with strong, private passwords and remember to keep company data and devices guarded while on the go.

For more information on how to protect your business or to request a Backup Assessment contact us here.