Cybersecurity should be a top priority at organizations of all types and sizes (especially SMBs). Every company is vulnerable, but there are certain types of cyber threats that are most common in a typical office environment. These threats tend to be more of a concern among regular employees, since many fail to practice the basics of cybersecurity when they access sensitive documents. Plus, a fair number underestimate just how vulnerable and open to risk the company is—and how their actions play a direct role in protecting the network.
However, the upside is that with some basic education and simple measures, you can easily tighten your office security. We’ve outlined the most common types of cyber threats and made some suggestions on how you can focus your time and budget on reducing your long-term risk.
Different types of cyber threats
Trojans are the most common type of cyber threat. Trojans may occur when someone ends up on what they believe to be a trusted website. It may ask them to run a trojan, appearing to the end user as just a normal update. It is usually something fairly common, such as with Adobe. In many cases, the website itself may be innocent, and just temporarily taken over by hackers. But, when the end user performs the requested update, they’re actually downloading malware.
How to tackle:
Educate your employees about trusted websites, including warning signs that the website is malicious. For example, if you find that you're being redirected from your destination website, or that ads pop up when no browser is opened, you may have encountered a malicious website.
You should also block any unnecessary websites from your business' access by implementing category blocking. For instance, if you do not allow gambling websites to be accessed by employees, you can block that entire category. This reduces your risk in a manner similar to not going into public places if you are susceptible to infections/germs.
Your employees may consider adware and spyware as just annoying. Typically, we think of adware and spyware as those pesky advertisements that pop up and redirect your search results. Spyware can come in many forms. Some spyware can come bundled with other "free" programs, while some can come from malicious websites. Generally, a user has no idea it’s running in the background or collecting data without their permission. Adware may exist in freeware or be picked up when visiting infected websites. And a browser vulnerability can lead to a stealthy Trojan installation, commonly known as Browser Hijackers.
One form of spyware, referred to as "malvertising," often resides within safe websites, but the ad itself contains malware. These ads originate from the ad server versus the server the website sits on. They are often randomized, meaning they are intermittently included among "good" ads, making them even harder to catch.
How to tackle:
These programs are challenging to remove. Review your permissions structure and evaluate who should, or should not, have the ability to download programs, especially freeware.
If you can, verify that the software you're attempting to download is authentic by going directly to the publisher's website to download it, versus receiving it from a third party. And review disclosure statements closely; sometimes the installation of unwanted programs is noted but beware, it’s more than often not.
Unpatched software vulnerabilities occur with common programs like Adobe and Java. These universally-used programs tend to contain numerous bugs, the perfect environment for hackers to play in. This environment, combined with end-user avoidance of installing patches, opens the door for exploitation.
How to tackle:
Patch, patch, patch. This is one of the easiest measures you can take to help protect your company. The software updates included in patches usually include additional security parameters; becoming more disciplined around this very simple step is the top thing you can do right now.
Twinstate Technologies offers services that make maintaining patches seamless: Baseline Defense and Baseline Defense+.Choose from a complete patch management service or one combined with robust malware protection.
Implementing a patch management system can immediately stop malware or an attacker from harming your network. It's one of the most effective and simple strategies you can employ to protect your business.
Though email spam continues to decrease, no business is out of the weeds when it comes to phishing attacks. In fact, the FBI reported a 270% increase in reported global losses due to Business Email Compromise scams (BEC) from January to August 2015. Today, phishing emails often appear bulletproof, even including personal references to the recipient.
How to tackle:
Educate employees to think twice about opening emails that look suspicious, clicking on links within emails that ask for confidential information or downloading unknown attachments. Phishing today can look remarkably real.
When in doubt, call the sender and confirm that you were indeed sent a legitimate email and asked to perform the actions requested within.
Avoid all types of office threats with education
No company will ever be 100 percent protected when it comes to cybersecurity. However, there’s tremendous potential to educate employees on the types of cyber threats that will most likely impact their office.
In addition to training employees on cyber risks, it's important to also teach them about physical safety. As we've discussed in a previous post, data breaches often begin with human error, and network security at a physical level is just as important as the firewall. By taking a proactive approach and empowering them with information, you’re immediately tightening your office security.
Learn more today about how Twinstate can help you avoid cyber threats.
Originally published on 02/12/2016