When it comes to the most notable cyberattacks that dazed consumers and businesses, 2018 wasn’t short of them. From Facebook’s Cambridge Analytica fiasco and Google+’s vulnerabilities to British Airways’ skimming scandal and the HSBC data theft, the antics of cybercriminals were put in the spotlight in the past year.
Even small- to medium-sized businesses (SMBs) weren’t immune from these incidents. According to the Verizon 2018 Data Breach Investigations Report, 58% of malware attack victims are categorized as SMBs. They were hit because they were either neglectful of their IT security or lacked the proper resources needed to defend themselves from attacks.
Cybercriminals are always devising new ways to steal sensitive information from companies and end users. Given this, what should we learn from the cyber incidents of 2018?
Disclose attacks immediately
SMBs should remember that delayed or non-disclosure of cyberattacks to the public can be a dangerous move. For average consumers, being notified of data breaches that involve them is essential in helping them regain control of their information. An individual, for instance, can change their passwords or transfer funds from old accounts to new ones before any incidents happen.
Google knew about the vulnerabilities surrounding its social media platform Google+ for months but decided to keep quiet out of fear that the company would be placed under the spotlight of bad press. However, once the cat got out of the bag, the search engine giant was forced to shut down the platform for good and still suffered a damaged reputation. The moral here is that it’s best to own up to your faults before they become bigger issues.
To protect public interest, Canada passed the Personal Information Protection and Electronic Documents Act (PIPEDA). This law requires companies to keep records of security breaches and report them to the Privacy Commissioner of Canada. Enterprises are also required to publicly disclose data breaches should their personal information be involved in the breach.
Be careful with who you trust with your data
In June 2018, a Universal Music Group contractor left data exposed when they failed to protect a server, resulting in making UMG’s cloud storage publicly accessible. The data included confidential information such as file transfer credentials and internal source code for UMG’s IT network.
Purportedly everything has been exposed, and while no official audit was released, it’s not difficult to imagine losing copyrighted music tracks to theft and having company databases corrupted.
Take time to examine third parties that you entrust your data to. You might not just lose company information, but the personal and financial information of your clients as well. Ensure that you have strong security in place to avoid costly breaches in the future.
Managed IT services providers (MSPs) such as Dyrand Systems can also help you secure your data. Through backup and disaster recovery (BDR) solutions such as offsite backups and point-in-time restorations, in relation to cyberattacks, these let you have copies of your data in case you lose your data to hackers, be they extortionists who use ransomware, or saboteurs who use viruses to corrupt your databases.
Control the use of shadow IT
The rise of mobile technology is inevitable, and your employees are turning to them to get their work done faster. This contributes to the popularity of shadow IT, tech such as software, tools, widgets, and devices that haven’t been authorized or vetted yet by your IT.
Workers might turn to this solution due to their dissatisfaction with current IT solutions in the office or find them difficult to use. However, as their devices are not properly configured for your network, your organization faces security risks, which might endanger it over time. In fact, research firm Gartner predicts that by 2020, shadow IT will cause one-third of successful attacks on enterprises.
Let’s say one of your employees is working on a top-secret project from an unauthorized laptop connected to a public Wi-Fi network. Public Wi-Fi networks are notorious for having weak and substandard security protocols, so cybercriminals can easily infiltrate them and view, copy, and modify sensitive information from unprotected devices. Hackers can also exploit software vulnerabilities, well aware that end-users typically neglect to install critical patches.
Given this, take time to properly integrate external devices into your network. Make sure to check all the new hardware and software being used by your employees and that they are routinely updated. Dyrand Systems offers a Mobile Device Management service that configures devices for enterprise access and secure corporate data on smartphones and tablets, and this is all done through the cloud.
Learn that cybersecurity is an endless endeavor
As technology rapidly improved over the years, it also dramatically changed our lives. Unfortunately, cybercrime tools have also become more pernicious. Malware has and will become more sophisticated, and hackers will infiltrate AI-based systems and hijack these to perpetrate their crimes.
Despite the challenges that lie ahead, your business can take steps to minimize risks and defend against future threats. Here are a few steps you can take:
- Keep yourself informed of security risks by constantly reading cybersecurity blogs
- Update your backup and disaster recovery plans at least twice a year
- Use multi-factor authentication options such as biometrics and access keys
- Apply software updates and security patches regularly
- Educate employees and involve them in maintaining security policies
Partnering with MSPs can go a long way, as they can monitor your IT infrastructure and protect it 24/7/365 before threats can even infiltrate your system. The best part is, they don’t cost as much as paying a full-time employee a monthly salary.
Dealing with cyberattacks can be a very tedious task. Here at Dyrand Systems, we shift your focus from IT concerns to more important matters of your business, ensuring maximum efficiency. Contact us today to get a free assessment.