Cybersecurity or, more to the point, cyber-insecurity is probably the hottest topic doing the rounds in corporate boardrooms around the country. It all circles back to the undeniable responsibility of organizations to protect:
- Firstly, the identities of its employees and customers from prying eyes
- Secondly, the data that’s accumulating in the networks every day, arguably a company’s most valuable asset.
Cybercriminals are the owners of those “prying eyes.” They recognize that if they can penetrate the digital barricades of banks, credit card companies, strategic production entities, big-ticket retailers – literally any commercial enterprise – they can capitalize big time for little effort.
Extortion is a favored tactic of late
The perpetrators embed malware disruptors into a victim’s system. Then, a specific user action encrypts all the information in the files with indecipherable code. It’s appropriately called ransomware because if you don’t meet the hackers’ monetary demands to erase the encryption, the data (unless backed up) is lost forever and worthless. Acts like this can, at worst, bring a business to its knees and, at best, significantly disrupt it with downtime and the stress of meeting the ransom.
A brief look at the history of cybersecurity in companies
There’s no better lesson in dealing with the future than learning from the past. Do you realize that the data breaches skyrocketed to such an extent that by 2019 companies covered in a survey said they were more likely to have been hacked in the previous year than not? Indeed, firms experiencing a cyberattack in 2019 jumped to 61% from 45% in 2018. You’d think this was enough of a warning sign, triggering stakeholders to create cybersecurity awareness amongst staff urgently. Unfortunately not – judging by a Hiscox survey that showed only 11% of respondents increased investing in employee security protocol training. This is, if not a tragedy in the making, a debacle of massive proportions. Why is that? Because cyber-criminals know that unawareness signifies a golden opportunity for them. When it exists within the company ranks, endemic staff missteps provide an open gateway for all the viruses fired at the systems 24/7/365.
So, precisely how do cyber-criminals break through our protections?
Most of the time, we let them into the system through negligence, carelessness, and occasionally ill-intent. The most malicious malware contaminations may enter your information bank because an employee opened an email or clicked on a URL. Perhaps the motivation was curiosity, or the hackers genuinely duped them into doing it.
Every day thousands fall into phishing traps set by cunning minds located in remote locations abroad. The chances of capturing these manipulators are like finding a pin in a haystack of pins. They often act with the support of their governments – Chinese, Russian, and North Korean predators are good examples. Here are some daunting statistics:
- Half the US population receives at least one phishing email every day.
- 97% of these potential victims can’t tell a phishing email from a safe one.
- Around 47% of business entities have zero cybersecurity awareness or appropriate training for their staff.
- 96% of companies stated emphatically that they believe they’re vulnerable to a cybersecurity attack.
- 71% of those who fear attack said they wouldn’t know what to do if attacked.
- Employees working remotely use company devices without passwords in public Wi-Fi spaces. Also, they sit in home offices with no company VPN and passwords criminals can tear through like a knife through butter.
- There should be layers of security based on accessing data on a need-to-see basis. On the contrary, most companies don’t treat their data with its deserved respect; drawing on it is equivalent to a free-for-all mentality.
Where is all this going?
The criminals are stepping up their game. Whatever any of us has seen to date, it’s likely to get much worse. As long as ignorance exists, the hackers have fertile ground to weave their craft. Venturing into business unaware of the cyber-risks entailed is the same as running into the desert without water. Indeed, your business sustainability and survival depend on taking cybersecurity seriously. If you’re not big enough to run your own dedicated IT department, hire an outside professional to do all the fundamental tasks. In modern times it involves:
- Helping you to transition to the cloud. Don’t fight it. It’s where every company is going over the next few years.
- Once there, managed service pros can help you with compliance, application updates, and, most important, backing up your data with virtual computers.
- Probably the most crucial task of any IT department or consultant is implementing a training program. This should aim at educating employees on:
- Managing emails coming into their inbox
- Being acutely aware of messages that look different.
- Not being afraid to alert IT to suspicious digital situations.
- Getting the VPN installed in home offices.
- What to do every time a device leaves home.
- What you can and can’t release to customers and non-employee people.
- How to use encryption applications.
- How to use anti-virus scanners.
Ransomware, other malware, phishing, and hacking innovations to come are thriving with unstoppable momentum. IT strategy is front and center of addressing this, especially with cloud transitioning and remote working in the play. Employee training and cybersecurity awareness are majorly obstructive to cyber criminality by solving a multitude of vulnerabilities in the workplace. Focus on getting every staff member up to speed on the threats facing us and what they can do to stop them.