Cybercriminals are finding new ways to infiltrate and access our data every day. We’ve put together the top 3 cybersecurity threats you should be focusing on in 2020 as these are the easiest to prevent happening if you take the right actions.
Windows 7 ended in January, but with a reported “32.74% share of the global Windows desktop OS market” still using Windows 7, there’s a large majority of computers at risk to security threats. In December 2019, it was announced that a medium-sized medical tech business was a victim to cryptominers using WAV audio files to conceal the malware in Windows OS. It has yet to be announced that this vulnerability in Windows 7 was ever patched, and now that the operating system is unsupported, it’s unlikely it will be.
Not upgrading your software puts your business at risk, but it also puts businesses you work with at risk as you can spread the infection.
If you’re still using Windows 7, we can help you see what options would be better suited to your business and help you move on from Windows 7. Get in touch here.
Phishing emails have been around for years, and most of the time our spam filters stop them coming through. But cybercriminals have had those years to perfect their scams, using not only emails but social media, websites, text messages and more to gain access to your personal data.
In the business world, Whaling Phishing is becoming increasingly more popular as these types of emails are more sophisticated – they’re highly researched and highly targeted. Whaling attacks often impersonate colleagues and customers, even replicating your email chains to appear as if you’re replying to the latest email.
With phishing attacks, you need to train yourself to check email addresses, hover over links and be cautious of downloading attachments, especially from unexpected emails.
Providing your staff with User Awareness Training helps keep them vigilant to the latest security threats and trains them to notice the signs of a phishing attack.
34% of all breaches in 2019 were a result of insider threats. There are multiple ways your employees can be a threat to your business, we’ve included the most popular reasons below:
Negligent employees who don’t follow security policies - Untrained employees, or those who don’t think they have an impact in protecting your business data are the highest threat to your business.
Personal devices connected to your network (BYOD) - Employees using their own devices on your network can be a threat to your business as they may not have the correct security measurements in place, such as 2FA or antivirus software installed.
Unauthorised application installation/usage - What access do your employees have? Do they need admin access to download and install software? If employees are not properly trained on security threats, they may not think it’s an issue when downloading new software to their computer.
Default/weak passwords - How many of your staff still use their original password? Do you have policies set up to make your employees change their password after a few months? If your employees are still using their original passwords or something simple, such as the passwords in the top worst passwords list, hackers will have an easier time gaining access to your business.
Our data is easily accessible in this modern age, with us willingly providing our information on social media sites such as LinkedIn, making it more accessible for cybercriminals to get the data they need. If a password is the only thing stopping a hacker getting to your data, make sure it’s something they’ll have difficulty cracking.
Disgruntled Employees – employees who have malicious intent within your business could intentionally leak your data. According to a study by Deep Secure, 45% of employees would be willing to sell corporate information to outsiders, and 25% said just £1000 would tempt them to sell business data.
Ex-Employees – How long does it take you to remove your ex-employees’ access after they’ve left the business? According to a survey by OneLogin, 50% of ex-employees retain access to corporate applications after their employment ends. The report stated that 20% of companies surveyed experienced a data breach due to failure to remove an employee’s access. Removing your ex-employee’s access provides peace of mind, as even the happiest employee can be persuaded to sell your business data for financial gain.
Baiting – We all love free stuff, so what’s wrong with accepting a free USB stick or using one an ex-employee gave us when they left? Baiting is the real-life Trojan Horse – employees are given a free device, such as a USB stick, that has been loaded with malicious code. The employee then unknowingly releases this onto their computer, infecting your network with spyware, ransomware and more.
Outdated software, phishing scams and your employees are a few of the highest security threats to your business, but they're also some of the easiest to prevent.
Your employees can be your greatest defence against cybercrime if they’re properly trained – Provide workshops to educate your staff on the latest security threats, and keep them aware of how a simple click of a link or download of an email attachment can put your business data at risk.
In addition to this, test each department on their knowledge of your security procedures and policies to see what areas may need more attention.
Furthermore, phishing simulations are ideal for testing if your User Awareness Training has been successful or whether you need to adapt your approach.
If you need help with your cybersecurity or would like to schedule User Awareness Training, please don’t hesitate to get in touch. We can provide your staff with the latest cybersecurity training and provide helpful guides they can refer to when they need a refresher.