Whenever there’s a shakeup of some sort, scammers swoop in to capitalize on our vulnerabilities. COVID-19 certainly caused a shakeup in our economy, our workplaces and our lives. As a result, cyber criminals are out in force trying to prey on vulnerable businesses and individuals. Protecting systems, networks and devices are important in the race against cybercrime on businesses.
INCREASED THREAT LANDSCAPES FOR BUSINESS
Since the start of COVID-19, many businesses are finding themselves more vulnerable to cyberattacks simply because of the way data is now being distributed.
Before COVID-19, most companies had the bulk of their data on their network or in the cloud. With the increase of employees working remotely, much of that data has been spread out to user end points. This creates a host of new threats, because these networks are now connected to countless workstations on home networks that may be tied to a variety of devices such as smart TVs, game consoles, or routers that haven’t been properly secured. Compounding this issue is the increased number of users within a given household who may be working from home.
INCREASED SCAM ACTIVITY
PHISHING SCAMS – According to the Carbon Black, phishing scams are up 238%. In most cases, the scams may target employees with information about updating their systems or viewing new network policies. The primary goal for these scammers is acquiring credentials such as username and password information. A secondary goal can be targeting the user with ransomware.
STOLEN DATA – In recent months, ransomware scammers have pivoted toward data ex-filtration. In these scenarios, cyber criminals breach a company’s system, take its data and then threaten to release it if the company doesn’t pay. Besides doing long-term damage to a company’s reputation, these crimes can include costly ransoms. A $50,000 minimum asking price is not uncommon, with the average in 2019 increasing $111,605.
VIDEO-CONFERENCE INVASIONS – We’ve all heard about Zoom bombing, where an uninvited guest crashes a video conference. It’s important to know your company’s collaboration platform and take precautions to keep visitors out, such as putting passwords on meetings and using meetings as opposed to personal rooms.
BUSINESSES BEEFING UP SECURITY
Several national security groups have noted that more and more businesses are recognizing these increased threats and taking action to safeguard their data. Today businesses simply can’t afford the financial risks of cyberattacks.
From a cyber perspective, corporate America may never get back to our old version of normal. Initially, many businesses took patchwork steps to get their remote capacity up to speed quickly. Now they’re taking the time to step back and re-evaluate, if not re-architect, how they’re connecting to their users and making sure those connections aren’t putting them at risk.
WHAT BUSINESSES CAN DO TO SAFEGUARD
There are a number of solutions that can help you assess your risk and take steps toward safeguarding your data. In many cases, the cost of these security tools can be as a low as a couple hundred dollars a month.
MULTI-FACTOR AUTHENTICATION – Similar to having a PIN for your ATM, multi-factor authentication verifies your users by implementing other forms of verification beyond a username and password.
END POINT PROTECTION – With so many users working from home, this safeguard is critical. It involves a simple agent that’s installed on end points and your server to detect and respond to threats as they happen and provide malware analysis. These advanced tools go well beyond the traditional antivirus products that have ruled the market.
ENVIRONMENT LOGGING OR SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) – This solution collects information across all network devices, aggregates that data and analyzes it through a security lens. It provides a 40,000-foot view of your business and picks up things like business email compromises, successful firewall breaches and other types of attacks.
BASELINE OR HARDENING – This is a one-and-done process that alleviates many issues, yet most organizations don’t spend adequate time going through these basic steps. Baseline or hardening includes shutting off services that are no longer needed, changing default usernames and passwords, and patching your systems, to name a few. Most organization that are hit with one of the scams mentioned above are deficient in some of these areas.
If you want to learn more about Marco’s Business IT Security solutions, then check out marconet.com/security/it-security.