With cyber-attacks becoming more sophisticated, the security landscape is quickly changing. A recent study shows that small to medium-sized businesses globally are facing an increase in phishing attacks by 57%, compromised or stolen devices by 33%, and credential theft by 30%. New Zealand businesses in 2019 saw a 38% increase in reported cyber-attacks compared to the previous year.
To keep up with the evolving techniques used by hackers, it’s important to regularly evaluate the top five threats to your technology infrastructure and put measures in place to prevent them.
Physical Breach
With untethered devices like laptops and mobile phones becoming more popular with remote working, managers and owners are required to take precautions to ensure the security of sensitive information is contained on mobile systems, regardless of where they are. If a laptop is stolen, the hard drive can be removed and plugged in as a second drive into another computer making all the information on that drive accessible.
Consider implementing full disk encryption (FDE) and multi-factor authentication (MFA) as further layers of protection, as well as ensuring your Mobile Device Management strategy covers the ability to locate and wipe such devices.
Applications
Employees frequently download browser extensions or applications without checking with their I.T. champion, which puts their system in a vulnerable state. These downloads could provide hackers access to company data discretely.
The best way to mitigate these security risks is to ensure employees are aware of the importance of communicating what applications they require with their I.T. providers. This way, your I.T. specialists can adjust your I.T. infrastructure and know which applications need to be monitored or authenticated.
Social Engineering
Have you received an email that looked phishy? Or have you taken part in a game on Facebook where you were required to provide personal details? This type of activity is called phishing. The aim is to have you supply your personal information which can lead to retrieving further sensitive data including passwords and credit card details. It’s easy to hand these details over and many have fallen victim to these hacker methods where an entire network can be compromised.
The best way to prevent an attack of this nature is through user education and security training. Make sure your users are aware of what to look out for, what are common phishing techniques and how to spot these hackers – even when cleverly personalised to appear legitimate. Investing in the time to train your staff is worth it and there are tools available to assist with employee education.
Social Engineering
Unpatched Software and Hardware
It’s easy to assume Windows is handling your patching for you and your security is all sorted. However, Microsoft patch Microsoft applications. You’re likely running other applications and firmware and need to ensure those are being updated.
What exactly is patching when talking online security? This is a type of procedure which removes vulnerabilities that can be exploited by malicious hackers. The process can appear daunting and tedious to end-users as the process is complex. Without security patches for software and hardware, hackers can gain access to the organisation’s confidential and valuable data, which they can sell or hold to ransom.
Prevention by locating these vulnerabilities first-hand is important to stopping hackers from gaining unwanted entry into your systems. Always ensure all software is up-to-date and the firmware on any network-attached device is updated, as this can provide more security.
Data Loss
Do you have confidential patient data or sensitive client information to protect? Security is more important than ever to ensure this data doesn’t end up in the wrong hands. If you google search “the value of medical data on the black market” you will understand why hackers want access to it. Both medical data and client information is far more valuable than credit card data. If they can’t hold you to ransom for it, they will sell it on the black market.
We invest in protecting our businesses with monitored security systems and believe prevention is vital. By making it difficult to access your data, implementing policies and robust systems, you can protect your data and ultimately deter unauthorised access to your information.
The first step to protecting your I.T. infrastructure is gaining awareness of how attacks take place. A good foundation for any I.T. infrastructure is investing in security awareness training for employees and engaging with I.T. specialists. It’s crucial for your business to have a back-up and cyber-security plan of action in the event of a breach.
If you have any further enquiries on how to prevent your organisation from I.T. threats, or if you would like more information on our user education solution, contact Think I.T. and we can help you find the right solution for your business needs.