Security issues can affect any organisation, whether you're a non-profit, SMB or large enterprise. Everyday there is a new security issue and making sure your organisation is protected and able to defend against them is crucial in keeping your data secure.
We've put together a list of the Top 5 security issues companies face in 2021, whether you're in the office or working from home, these issues can affect any type of organisation.
1. Sophisticated Phishing Scams
Every year, it is becoming increasingly harder to detect phishing scams, and with the progression of technology, they’re becoming more sophisticated, highly targeted and personal. Some scammers are even going to lengths to collect voice snippets to use in phone phishing scams - it only takes one mistake to become a victim of cybercrime - educate your users with user awareness training to keep them up to date on the latest threats.
2. Attacks focusing on remote workers
Remote workers are becoming a larger target for cybercriminals as, according to Kaspersky, 23% of desktops and 17% of laptops supplied by UK employers have no antivirus or cybersecurity software installed – additionally, 23% of employees provided a company smartphone didn't have adequate, if any, antivirus on their device.
53% of businesses have seen an increase in email phishing attacks during the pandemic with a third saying these phishing attacks have been more successful. On average, organisations are remediating 1185 phishing attacks each month, with an average of 40 per day.
As most organisations needed to rush their users into working from home, those users may not have had adequate security features added to their computers. How are your users logging into your network? Do they use a VPN, a Virtual Desktop, or are they just working through the Cloud?
You need to protect your business with the right security software - invest in solutions such as Endpoint Detection & Response that alerts you to any changes in your network, allowing your IT team to investigate and remove risks before they damage, infect, or steal your data.
3. Outdated Software
Your software is updated for routine changes, but also to patch security flaws. If you don’t keep your apps and software updated, they can be exploited and hacked with ransomware, or as we’ve seen from the BlueKeep attacks in 2019, your unpatched software can be exploited to install cryptocurrency miners.
Updating your software may seem tiresome, but it’s a simple step in keeping your organisation safe from cybercriminals.
4. Third-Party Vulnerabilities
With the influx of technology and being more interconnected than we’ve been before thanks to things like IoT (Internet of Things), it’s becoming harder to keep these third-party apps secure.
In 2019, attacks on IoT devices surged 300%, which demonstrates how these devices are becoming more popular within the hacker community as IoT devices are usually plugged in and forgotten about.
To minimise impact from IoT devices, they should be regularly updated, passwords changed from the default, and connected to secure internet connections.
Having security policies and sticking to your security policies may seem like the same thing, but most of the time you may think ‘I'm too busy, it can wait and I’ll remove their access tomorrow’, ‘we won’t force password policy as it won’t be an issue’, but in 2019 34% of all data breaches were a result of insider threats.
Insider threats can range from negligent employees who don’t follow security policies, such as leaving company data lying around, to disgruntled ex and current employees with malicious intent. Surprisingly, 50% of ex-employees don’t have their access revoked to corporate applications and data, and when 25% said they’d accept just £1000 to sell this data, it’s crucial that user access is monitored properly.
Ensuring your users only have the access they need for the job they do can help minimise the potential of an insider threat.
How can we help?
Information systems exist in a dynamic environment rich with threat vectors, but planning, strong management and adherence to industry standards will ensure corporate prosperity and the safety of proprietary data.
Employing the use of a security expert - particularly during an initial set up - can pay huge dividends in the long term and ultimately reduce long term costs.
If you're unsure how secure your organisation is, we can provide an IT Security Assessment to show you where you may have vulnerabilities and how you could improve your security to future-proof your organisation.
If you're looking for no obligation advice, get in touch with one of our experts by scheduling a consultation or giving us a call on 01908571510.
[this blog was updated in Feb 2021]