It's a normal day at work. You've had coffee already, chatted for five minutes with your coworkers, and are sorting through the first tasks of the day when you get an email from your accounting department with what looks like an important document attached.
A) open it immediately?
B) alert your IT team?
C) ignore it completely?
If you chose B, good work. You're already thinking about data threats the right way. If you chose to ignore it, you might have stopped an attack from happening right then, but the fact is, a malicious email still represents a cyber threat — and those, you can't ignore.
If you want to ensure that your business remains healthy, your reputation remains intact and your data stay safe, ignorance isn't an option. Here are the top 5 data threats you need to be aware of — and some tips to address them, too.
When it Comes to CYBER Threats, Where do you Focus?
According to Alex Insley, Twinstate's Unified Defense Strategies technical manager, there's one threat that stands out for a whole host of reasons — and that's why it's first on this list.
Because ransomware compromises your business's data and reputation and exists specifically in order to compromise the organization's financial health (it's a for-profit attack), contracting it represents a much greater risk than do other less directed and less financially motivated attacks.
Recommended Read: How to Prevent Ransomware: 3 Things You Can Do Today
2. Brute force account hacks
These types of attacks are based on a lack of security requirements on the network and for personal accounts. Brute forcing a hack is common because poor, weak passwords are common, and because employees are fairly likely to use personal accounts and business accounts with poor, weak passwords inside of your network environment.
3. Mobile malware
Imagine if your coworker jailbroke their phone, forgot to update an app at some point and contracted some nasty malware. You probably wouldn't care too much — unless they came to work with that phone and hopped on your network, exposing your business to their as-yet undiscovered mobile malware.
Here's another realistic scenario: Your employee brings their laptop to the airport to get some work done before a flight, and uses the airport's WiFi, picking up a nice little gift from attackers along the way. If you have mobile devices connecting to your business's network, at any point, they represent a threat you can't ignore.
4. Broken web filters
It's pretty likely that you already have a web filter to block inappropriate content as employees browse. But there's an inherent flaw in assuming this filter protects you from viruses: not every virus lives on an objectionable site. As Michelle Drolet writes for Network World, "...most malware online is hosted on legitimate websites that have been compromised. Whether the entry point is a hijacked website or a link in a malicious email, the user will never know they've been attacked. Hackers can buy exploit packs online and use vulnerabilities in browsers and third-party software to gain a foothold."
5. The people problem
This problem is a tough one to fix. People are always susceptible to making security mistakes, whether it's clicking that attachment in the email from accounting or letting the wrong service technician in the front door. Employees are some of the greatest data threats — and most don't even know it.
Employees are some of the greatest data threats and don't even know it. Click to tweet
Facing the Threats
Knowing the data threats you can't ignore doesn't mean you know how to deal with them, even when you're paying attention! Insley believes that a major factor in being able to address these threats is your ability to find the right resources.
"Even knowing who to talk to is a challenge," says Insley. "Don’t take advice from just anyone. Go with a well respected and known source of advice. Do you know someone in IT who you trust to tell you where to look for the right tools?" Insley suggests attending local Chamber of Commerce events that help promote community awareness as a first step to finding resources.
But what if you want to do something fast and need the tools? To cover the threats we've listed in this post, we recommend:
- A next-generation, properly configured firewall
- Paid anti-malware software (NOT free!)
- Patch management tools/updaters for all machines and software
(On this, you can go machine to machine to check for updates, or you can install a tool that will help manage the process, like Nagios.)
- Real-time filtering tools "to scan for dodgy URLs and web-based malware" writes Drolet
- Cybersecurity awareness training for employees
Asking for Help
Now you know the threats you must recognize, the tools you must use, and (we hope), who to turn to for advice. But what if you're just not ready to start researching and implementing these tools on your own, or simply don't have the time?
That still doesn't mean you can ignore the threats!
Instead, consider beginning the search for a partner who can recommend antimalware solutions, help you develop a mechanism that alerts you to the patch status of each machine, configure your firewall, monitor your updates and protection efforts, and, of course, provide security awareness training.
Originally published on 10/11/2016