Headlines about data breaches, ransomware attacks, the latest phishing schemes and other online criminal activity certainly cause pause for thought. However, in today’s fast-paced business world, pressing deadlines and busy schedules can quickly redirect attention back to day-to-day tasks. And, quite frankly, with the volume of cybercrime news in the feed, it is easy to become desensitized.
Do not get complacent. Yes, it could happen to you. In fact, the likelihood that your company will be (or has already been!) in the sights of a cybercriminal is strong. As we enter October — National Cybersecurity Awareness Month — this is a great time to take a look at how to minimize your vulnerability. The world of cybercrime and the associated protections are constantly evolving. Your knowledge must, too.
Let’s start by looking at how professional-sector businesses are typically targeted. Verizon’s 2018 Data Breach Investigations Report notes that, among cybercrime attempts and incidents, 70 percent generated from an outside source, while 31 percent were launched in-house — by an employee with bad intent or by team member who simply made a mistake (such as clicking through on a phishing email). Fifty-six percent of attacks targeted personal information, 28 percent involved stolen credentials and 16 percent involved theft of proprietary company information.
Further, most compromises took just seconds or minutes to initiate, yet two-thirds of them were not discovered for months or more — and typically by a third party, such as a customer, according to the Verizon report. Sound scary? It is. From hog-tied employee productivity, to compromised data, to legal and financial ramifications, to reputational loss, cybercrime is a serious threat to businesses of all sizes, across all industries.
The good news is that, just as cybercrime is becoming more sophisticated, so are the solutions for protecting against it. For starters, firewalls are stronger and antivirus software is smarter than ever before. And, thanks to cloud computing, updates can be delivered to end users in real time.
Beyond these “traditional” means, today’s best cybercrime defenses include even more layers of protection — notably, autonomous endpoint protection security software. Endpoints are personal computers, network servers and other devices connected to the internet. When they are exposed, systems and data become vulnerable. Unlike traditional antivirus solutions, advanced end-point protection platforms do not require prior knowledge of an attack in order to detect and remediate it. They apply machine learning and artificial intelligence to continuously outflank attackers.
Still, the best technology protections will not stop an employee from clicking on an infected link. Building knowledge is building power when it comes to minimizing human error. Education should be ongoing — not a one-time thing — and integrated in the on-boarding of new staff members as well as ongoing communication and testing of the entire team. Implementing an acceptable use policy (how employees are permitted to use company-owned PCs, devices, software, internet access and e-mail) is also paramount in today’s environment.
Of course, no defense is iron-clad. To that end, having a business-class continuity plan is vital for protecting data. In the case of a ransomware attack (which Verizon identifies as the top variety of malicious software), you won’t have to pay a crook if duplicate files are available. Just remember: The worst time to test your continuity is when you desperately need it to work.
It requires special expertise to create, maintain and evolve a multiprong approach to cybersecurity, which is why so many companies do not. Even if you have a trusted IT person or company who put your current network in place, it never hurts to get a third party to validate that nothing was overlooked.
Michael Mullin is president of Integrated Business Systems, based in Totowa.