Will 2021 be the year you’re hacked? Or, were you hacked in the past 12 months, but you haven’t realized it yet? Out of all the unpredictable and unprecedented events we experienced in 2020, a breach at your organization would be routine. Based on the statistics, you should expect it.
The Odds Are Not in Your Favor
Analysts don’t regularly predict pandemics, but people in the cybersecurity industry have enough data on the prevalence of cyberattacks to show it’s likely you’ll be targeted – if you haven’t been already. Consider these stats compiled in August 2020 by Fintech News:
- 80% of firms reported an increase in cyberattacks in 2020
- Phishing attempts jumped 600% since the end of February
- Cloud-based attacks were up 630% between January and April 2020
- March 2020 saw a 148% increase in ransomware attacks
- Six weeks after a lockdown went into effect, attacks on home workers rose 5-fold
Don’t worry, it gets worse.
Cybercriminals Think You’re a Lucrative Target – They’re Right
Hackers can infiltrate a network in minutes. When the criminals break past security measures, they’re looking for highly valuable data to resell on the Dark Web. Like any business, cybercriminals want the biggest ROI – and most businesses are a trove of valuable information. “Basic” information about a person is sold on the Dark Web for about $1. Bank account information is worth anywhere between $3 and $24. Credit cards can command $110.
Your firm probably holds this data, alongside other highly personal, incredibly valuable information. After a few minutes of work, a cybercriminal who hacks your network could have a massive payday. If you exchange any of this data via email, password protected PDFs or online file-sharing sites, you’re giving cybercriminals another opportunity to strike. Email poses other problems.
Every Member of Your Team Is a Potential Threat
A controller receives an email from the boss. It looks suspicious – her boss is asking her to transfer money. She emails back and forth a few times with questions like “Are you sure?” and “Why are you asking me to do this?” After continuous assurances from her boss, she follows through with the money transfer.
Only it wasn’t her boss. His account was hacked. Supervisory Special Agent Joseph Hooper of the FBI shared this story during a webinar we held this summer. It’s one instance of a common event.
Storing credentials in browsers is another frequent security issue. Our team was recently called into a large organization to assess their security. During the evaluation, we ran a tool and scanned every computer in their environment to look for passwords saved in browsers. Across the entire organization, there were literally thousands of unencrypted passwords saved in browsers – a cache of information any cybercriminal wants to obtain. Don’t make it easy for hackers to break into your accounts.
Password best practices
- Make passwords long and random
- Use a different password for every account
- Don’t save passwords in your browser
- Manage passwords using a password-management tool like LastPass
The Best Way to Start Protecting Your Business Is Free
Better password practices and management is one tool at your disposal. A phone call is another. Think back to the unfortunate controller. Her instincts were right, but her way of verifying the unusual request was flawed. She was communicating directly with the hacker. Had she picked up the phone, called her boss and said, “Do you really want me to wire this money?” he would have asked her what on earth she was talking about.
Picking up the phone doesn’t cost anything
Directly talking to the sender quickly authenticates the request or confirms your suspicions. Today’s phishing campaigns regularly use fake invoices, hacked accounts or legitimate-sounding organizations. A simple phone call to a previously established number to verbally confirm emailed requests foils the would-be hacker.
By the Way, Hackers Hope You Do This
73% of hackers said traditional antivirus software and firewalls are obsolete. In other words, cybercriminals know how to breeze past both defenses and gain access to your network. At itSynergy, we liken only defending the perimeter to fortifying a castle. The high walls, moat filled with alligators and guards standing on the towers ready to throw tar on invaders are good to have, but what happens when a trojan horse full of soldiers gets inside?
External defenses can’t fully protect you
Errant clicks by employees, accidental replies to phishing emails and poor password policies are all ways a cybercriminal can blow past your outer defenses. Will they encounter additional layers of security and detection once inside your network? Or, can they continue unimpeded and collect data, infect your systems with malware or hold you ransom?
There are ways to detect, isolate and remove viruses and hackers from your environment. You’ll also want a robust backup and disaster recovery plan in place, so you have a way to restore systems and data without paying ransom to a hacker.
An Easy Way to Deter Hackers
Two-factor authentication was identified by hackers in the same poll as a major impediment to accessing accounts. Two-factor, or multi-factor, authentication requires you to provide an additional code before you can log into an account. Since the code is sent to a device you have physical possession of, it keeps hackers out.
Don’t make two-factor authentication your ultimate defense
Use two-factor authentication on as many accounts as possible, but don’t think it’s the only additional layer of security you should employ. The measure is a deterrent – like home security systems. If a burglar is walking down the street looking for a house to rob, they’ll bypass the house with the security system sign and barking dog in the front yard. It’s too much effort. They want the easy target, the darkened house with newspapers piled up in the driveway because the owners forgot to pause their subscription while on vacation.
Adopting two-factor stops you from being an easy target, but remember, it’s not foolproof.
5 Steps Every Organization Can Take to Protect Themselves
You may know what to look for, use all the right precautions and protect accounts with generated passwords from tools like Strong Password Generator. Unfortunately, a single person or lax internal defenses can undo all your efforts. Everyone at your organization needs to know what to look for, follow best practices and implement layers of security. Here are 5 ways to get started right now:
- Pick up the phone
- Adopt a password-management solution
- Turn on two-factor authentication
- Encrypt your data
- Assume you’ll be breached
Each point listed above is accessible and affordable. Picking up the phone to verify suspicious email requests is free. Password managers, like LastPass, are affordable and the best way to safely save and manage complex passwords. Plus, with the browser extension, it can function like all those saved passwords you rely on, only in a secure way. If you use Microsoft 365, you probably already have access to two-factor authentication and can encrypt data. When you assume you’ll be breached, your goal shifts from preventing cyberattacks (because it’s impossible) to having tools in place to detect and respond to threats. An IT expert can help you incorporate each point into your overall technology strategy.
Cybercrime Is More Profitable than the Global Illegal Drug Trade – Don’t Be Part of the Payday
As long as cybercrime pays (and right now, it definitely does), cybercriminals will relentlessly stage attacks. Some companies are more lucrative than others, and it is important for you to fully understand your risk. With a wealth of client data, the cards are stacked against many organizations, but you have options.
It starts with being aware of the threats and putting reasonable measures in place to mitigate the risk. Here at itSynergy, we have the tools and processes to help you defeat hackers and keep you, your team and your data safe. Contact us today!