Did you know? Cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015 which represents the largest transfer of economic wealth in history, reports Cybersecurity Ventures Annual Cybercrime Report. Unfortunately, our private data is coveted by cybercriminals, hackers and even foreign governments. Our information has tremendous value; thus we need to figure out the best ways to safeguard our data.
Technology began making human existence easier over 12,000 years ago with the creation of chipped stone tools. Since then, technology continues to provide greater means to extend our lives and enable prosperity. However, now, in this Age of Information, right alongside the rapid advancement of innovation, has evolved a new, nefarious and shape shifting threat; a modern predator to livelihood and sustainability. This predator is the information hacker.
Hackers pose a significant threat to both an organization as well as their employees. Their ill intent to gain access to proprietary information, whether for financial gain, competitive intelligence, or settling a vendetta, damages business continuity and in some instances, have devastating ramifications reaching beyond the organization.
Hacked and breached data is no longer accessed solely from a company server, but increasingly also from sources common in the home and workplace including mobile phones and Internet-connected devices such as Google Home, Alexa and Amazon Echo. Mobile devices have become much more of a target because of the wealth of information they hold and due to the blending of personal and business information. By accessing a single webcam, a cybercriminal can infiltrate an entire network, and steal consumer data. It is important to assess the number of Internet-connected devices at your company, scan your endpoints for vulnerabilities and ensure you’ve changed their default passwords. Also, ensure that they are not all connected to a single network.
Hackers are equal opportunists. Both the private and public sectors are at risk, across all industries. A breach to a hospital’s protected data could result in loss of life. At a leading university, cutting-edge research could fall into the wrong hands. Unauthorized access into a retailer’s database could open thousands of their customer’s wallets and empty their bank accounts. Even a minor hack that is quickly contained can be costly.
It is critical that organizations, regardless of whether they operate in the private or public sector ensure their employees know and practice good cyber hygiene. They must also be aware of the nefarious ways the bad guys operate and how they may be at risk. Below are helpful tips to protect your organization and your employees.
- Protect Your Organization with a Data Privacy Policy. Data Privacy should be a must area of focus. Currently, only a few states in the U.S. have enacted privacy legislation. However, considering the ongoing risk of cyber breaches, it is likely the U.S. will pass federal requirements around privacy rather than to allow each state to create their own.
- Use Strong Passwords. Don’t repeat your passwords on different sites, and change your passwords every 90 days. Make them complex. That means using a combination of at least 10 letters, numbers, and symbols.
- Email is the Front Door to Intruders. Educate employees on the dangers of malware and phishing links. Share best practices such as deleting emails they don’t need and safeguarding proprietary and important emails in password protected folders.
- Mobile Devices are the Back Door. Invest in a Mobile Device Management platform to control access. Reduce app download risks through policy and training. Keep your Apps current. Review each App to determine what ‘permissions’ you’ve given it.
- Ensure Data Remains Private. Conduct an inventory and identify/locate key assets. Review how it is stored, who has access and why, how it is transmitted and whether it is encrypted. Purge what is not essential.
- Protect Data as You Would Physical Assets. Spend extra on security software. Consistently monitor systems for vulnerabilities, scan and update often. Implement firewall protections and set protocol for regular password updates.
- Define Social Media Policy. Employees who use social media for personal reasons make a choice. When they cross-the-line and include information about their employer, their job, organizational structure, nature of the business, etc., this can enable cybercriminals to target them and their employer through spoofing, spear-phishing and possibly in other ways. It is important to define your organizations standards and policy in your on boarding process.
- Know what to do if you become a victim. If you believe that you’ve become a victim of a cybercrime, you need to alert your supervisor right away. Your company might contact the local police and, in some cases, the FBI and the Federal Trade Commission. This is important even if the crime seems minor. Your report may assist authorities in their investigations or may help to prevent criminals from taking advantage of other people in the future.
- IoT Devices. These devices must have the default passwords changed. They should be periodically scanned for vulnerabilities and you should set the appropriate controls.
By actively implementing the above top cyber tips, servers, personal computers, mobile phones and Internet-connected devices, data will be better protected, and outside attacks will be thwarted.
About the Author:
Stevan Bernard is a security technology consultant for Allied Universal. Steve led Sony Pictures global protection services with responsibility for the CSO/CISO function, investigations and forensics, physical security, BCP, environment, medical, major events and protection, employee health and safety. Prior to this he worked in high-tech, energy and law-enforcement. His tour in the US Army included a year in Vietnam being awarded the Bronze Star. He is a Certified Fraud Examiner, has a BS degree in Criminal Justice, an AA degree in Psychology and is a graduate of the FBI National Academy.