In our 2018 IT Trends Whitepaper, we agreed with the prediction that this will be the “Year of Evil Hack Attacks.” Cyber criminals will continue to innovate, so make it your organisational goal for the year to anticipate the ways that your systems might be vulnerable.
Here are 3 threats you should know about in the ever-evolving world of cyber threats, and some tips for how to protect your organisation and data.
1) Sophisticated Phishing
At face value, phishing seems like one of the oldest tricks in the cyber criminal handbook. Unfortunately, phishing scams have become so common and so advanced that it can be difficult to discern between genuine and fake emails. And, because the signs are subtle, digital impersonation is easier than ever.
Unfortunately, the best advice to protect yourself is to think twice! Delete emails from suspicious or unknown addresses, particularly if they are vague or request any passwords, access to private information, or transfer of funds. These types of emails or messages prey on our instinctual responses to panic; they threaten loss of data or account details, hoping that you will click through immediately and give up your details. Make sure that your employees know that they are the best line of defense against phishing, and regularly remind your team of some ways to spot these sneaky phishing emails.
You can read more about phishing scams in our 2018 IT Trends Whitepaper.
2) Leveraging Your Employees
It is far easier for a cyber criminal to use your employees against you than it is to devise unique ways to break into your IT systems. Do your team members bring their own personal devices to work, and connect to your systems? Do they take company-connected devices home with them? These practices are common, and help to save money on hardware investments, but they also represent vulnerabilities through which your system could be exploited.
Cyber security threats are designed to exploit scenarios like:
What can you do to prevent some of these errors? Empower your team through training sessions that remind them just how vital they are to the security of your organisation. Regularly tailor your training sessions to your specific context—giving your team examples of the best practices for cyber security in the workplace.
3) Password Cracking
If your team is still relying on a simple username-password combination to access your organisation’s systems, then you are at risk for a data breach! Software to crack password combinations is so advanced that a simple, single-word password or a predictable pattern will be easily guessed in no time at all. Malicious password cracking software can guess billions of options in seconds—pet names and the place you were born are no match for these algorithms!
Even a mandatory password reset can be insufficient. Instead, help your users to pick stronger passwords and use multi-factor authentication as the new standard. Investment into password management software for your organisation could be an important step to lessen your chances of being hacked.
How Else Can You Protect Your Organisation?
Ultimately, it is important to consider the vulnerabilities of your systems, which may be even more important than the location of your sensitive data and IT estate. Having a state-of-the-art hybrid cloud solution might be wasted if your security patches haven’t been updated, or if there are open doors in your software or applications for hackers or malware to enter.
If you haven’t assessed the strength of your IT systems recently, we can provide the support you need in the form of a ‘vulnerability assessment’ (VA) or a ‘penetration test’ (PT). A VA is an excellent starting point, using automated tools to discover any weak spots in your systems. The PT uses similar automated tools alongside manual testing to exploit potential vulnerabilities, actively trying to find any weaknesses, so your team can move forward to address any faults in the system. One of the best ways to protect yourself in the ‘year of evil hack attacks’ is to think like a hacker, and take as many precautions as you possibly can against daily security threats.