By Andrew Potgieter, security solutions director at WestconGroup Southern Africa
Cybercriminals don’t discriminate when it comes to choosing their targets. As long as your data is valuable enough to earn them a quick buck, they want it. The scariest thing is that even the most high profile organisations aren’t safe.
Take for example the hack of the US Office of Personnel Management earlier this year, in which the hacking of government computers exposed the personal information of 21.5 million people according to The New York Times. Does this example show us that no cybersecurity software or policy is 100% safe? It may suggest that we need to think more carefully and more often about how to protect corporate data and change our security strategies as threats change. Which bodes the question, are chief executives ready to defend themselves against a modern hack?
A shock to the system
In an article in The Guardian UK, a writer warns that a “crippling” cyberattack is imminent in the US and that a report from HP states that a whopping 57% of chief executives have not been trained on what to do following a data breach. In addition, over 70% of executives believe that their companies only partially understand the risks.
Deploying effective antivirus is a start but what companies actually need is an effective strategy. It’s a no brainer really as your company’s data includes the data of many partners and customers, even employees, and if that is stolen or leaked, your good reputation and the trust of your customers and partners will be lost.
The first thing chief executives need to do is acknowledge that the risk of being hacked is a reality, second they should go for the necessary training on how to deal with the aftermath of a hack and third, an effective “hacking” strategy should be added to the company security strategy or be included in the company disaster recovery plan.
And before you go arguing that South Africans aren’t affected by hacking let me remind you of the recent Ashley Madison hack. ITWeb has reported that a total of 44 486 South African Ashley Madison users’ details were leaked by the party responsible, The Impact Team.
This hack also highlights that hackers don’t hack for solely financial gains. Yes, The Impact Team was holding the data for ransom, but they also made it clear that they thought the site was immoral and leaked the data because it was not shut down.
When it comes to cybercrime the most important thing to remember is that it is borderless and it is limitless and your company data could be targeted and accessed from anywhere in the world and at any time.
So what can I do now to avoid a hack?
Here are just a few tips on what you can do to avoid a hack as recommended by Business Insider and myself:
Be suspicious of emails
Malicious email campaigns are one of the simplest and most regularly used cyberattack methods in the current threat landscape. Email is a powerful business tool because it allows users to send anything to anyone, but that also means that it is a huge security risk. Phishing for example, will send victims seemingly harmless emails that contain links leading them to fake websites where they will be probed for personal information.
Make sure that the sender of the email is who you think it is, check that their email address matches with the website you think it is from and if something seems too good to be true, then it is. You will not get an email notifying you that you have one R1m. To be extra cautious you can also check the IP address of the sender.
Check link locations
Clicking on links in emails from unknown senders can be dangerous. Visiting mysterious websites can bring about unintended consequences. For one, the website may mimic a site you know and trust that will result in you falling prey to a phishing scam when you enter your personal details. A dodgy link could also be insecure or be infected with malware.
The best advice I can give you is not to click on links in emails or messages from unknown senders. Rather go directly to the website if it is one that you know, like an Internet banking or online shopping website. This way you will always be able to verify any advertisement emails you receive about specials. If you get an email asking you to update your details phone the company directly to ensure that it is fact true that you need to update your details and then do it telephonically or go directly to their website.
If you desperately want to click a link, then you better know exactly where it’s taking you. Copy and paste the link into a new browser to see what is on the other side or if it’s a shortened link, you can use tools like URL X-ray that can tell you the real destination before you click. Remember, encrypted sites are the safest ones to visit, you know they’re safe when you see HTTPS in the URL and the lock icon on your browser.
Be mindful of attachments
Never open attachments if you aren’t 120% sure of where they came from. Sending emails with virus-laden files is one of the easiest ways for hackers to download malicious code onto a victim’s computer. It often happens that a company gets hacked because an unsuspecting employee unknowingly downloads malicious software that infiltrates the entire network. Be especially wary of Word, PDF and EXEs files.
Use two-factor authentication
If your company is hacked, the likelihood that your password was leaked is high. Once hackers have passwords they will try and determine which personal accounts they can access with the data they stole.
Two-factor authentication makes this more difficult because it requires that users enter a password and confirm entry with another item, like a code texted to a phone. It is a recommended way to stop hackers who have stolen passwords. This should be a company standard when it comes to logging in.
Use effective security software
Hackers will choose the easiest targets, so the more security barriers you have, the better. If a hack is going to take them too long then hackers will move on to an easier target. Choosing a robust security partner is essential to protecting your company from a hack. Kaspersky offers a host of security software for small business, medium business and enterprise security because they understand that the needs of each level of business will be different.
Products are selected according your company’s unique needs so that security fits your company and not the other way around. This is the best way to ensure that all bases are covered when it comes to the prevention of a hack and making sure that your company data is safe.
An example of the type of security software you should have in place to protect company data is Kaspersky Lab’s Endpoint Security for Business. It provides a secure, holistic, and scalable platform that combines traditional signature- and heuristic-based security coupled with Advanced Persistent Threat Protection, Automatic Exploit Prevention, and Cloud-Assisted Protection.
It is structured towards data leakage prevention and includes additional features such as encryption and patch management and encompasses traditional desktops, laptops, and servers with a focus on mobile and virtual computing that supports several popular platforms. Keeping all your bases covered is essential if you want to have a hope of keeping corporate data safe.