Our world turns on the internet, allowing us more freedom in how we work, play and live. It links our vehicles, homes, infrastructure and so much more. But with this level of convenience comes new threats. Nearly 60 million Americans have seen the impacts of identity theft, with an estimate that by 2023, about 33 billion records will be stolen annually. Small businesses are one of the most common targets of cyberattacks, accounting for 43% of cyberattacks. Without the appropriate safety measures in place, your company is vulnerable to cyberattacks.
Jorge Rojas with Tektonic in Toronto offers a quick look at the top five cybersecurity threats that we expect to see in strong force in 2021.
What Are the Most Common Types of Cyberthreats to Watch for in 2021?
With more employees than ever before working from home, phishing scams can be a serious threat to your company’s digital security as email and instant message communications increase. Cybercriminals take advantage of this by bombarding your employees with fake social media accounts and emails. Once the hackers gain access to some of your company’s email accounts, they can then access sensitive information by impersonating members of your staff.
To protect against phishing attacks, watch for strange instant messages and emails using wording that is unusual, such as suddenly using a generic salutation rather than your name and following with a generic signature. Don’t click on links in emails that look suspicious or give sensitive information, such as user IDs and passwords. Instead, go directly to the source to verify the email. Install anti-phishing toolbars on your employees’ internet browsers which alert your employees when they try to access a site that has been linked to phishing attacks.
2. Malware & Ransomware
Malware and ransomware can cause you to lose data, freeze your systems, and hijack your software as a start, with many other issues that they can cause as well. Though they’re not based on social interactions, they are still showing up as a favored attack method for hackers to access the data you keep on servers. Ransomware will encrypt the information kept on internet-connected systems, crippling service until they receive a payment.
To protect against malware and ransomware, stay on top of updates for your software and hardware. Updates are put into place to block newly-discovered vulnerabilities. Enable available click-to-play plugins that prevent Flash or Java operations unless they’re clicked, reducing malware exposure from these programs. Replace legacy apps to reduce risk as they may no longer be updated by developers.
3. Database Exposure
When your database information is exposed due to theft or hacking, it exposes your company to liability. This can happen when hackers use malware or stolen login credentials to access your database information, including customer information, identity records, or financial information, creating an opening for social engineering attacks where a hacker makes an email look legitimate by including private information to create an appearance of legitimacy.
To protect your company from database exposures, keep physical hardware for your private servers physically secured to prevent theft. Ensure that you have a solid database and web app firewall in place to protect against internet-based incursions. Keep server access limited to as few people as possible and regularly encrypt and backup server data.
4. Credential Stuffing
Because so many programs are based online or are internet-connected, it’s common for cybercriminals to steal user access through their login credentials. If the same credentials are being used for multiple sites or accounts, credential stuffing can access a range of information from different sites. When customers or employees use the same login credentials across multiple sites, it creates vulnerability for your system as well as any other sites with shared login credentials.
To protect your business from credential stuffing, start by implementing two-factor authentication for logins, adding another level of complexity to the process. Require your employees to have different passwords for each account your employee’s access, preventing unauthorized access to other accounts through the same credentials. Don’t allow or encourage password sharing, and if it’s absolutely necessary, provide the password verbally rather than using electronic communications.
5. Accidental Sharing
Accidental sharing isn’t intentional sharing of information, but when it happens accidentally. It can include a range of information, such as personal or business data, and takes place through emails, unsecured forms, instant messaging, social media, and many other ways. When your employees log in remotely using a public WiFi hotspot, when an online form displays the user’s information rather than encrypting it, when information is shared in an unsecured format such as a credit card number in an email, accidental sharing can take place.
To protect your business from accidental sharing, limit who has access to your databases and other sensitive information, which limits the possibility that human error will come into play and cause the problem. Add user activity monitoring software which allows you to track user activity so that you can discover if your data is in danger of being compromised while providing solutions to avoid accidental sharing. Train your employees on how to avoid accidental sharing problems in the first place.
As you prepare your business to move into the new year, it’s of vital importance that you start planning for prospective cyber threats for the upcoming year immediately. This allows you to get the right systems into place, start appropriate training, and have everything ready to go before it becomes a serious problem for your company. However, that doesn’t mean that you need to go it alone. If you need help finding the perfect solutions for your company’s cybersecurity needs or if you need help planning a solid solution to improve your company’s cybersecurity, we can help you find the right path for your company to move forward. Please feel free to reach out today with any questions, for more information on our services, or to schedule a meeting with an experienced IT consultant to discover the right strategy for your business.