Why Cyber Security should be taken seriously
In 2020 Cyber security should be one of the key focuses of your business, the developing online age has seen the number of threats similarly develop and your business needs to stay up to date in order to avoid these threats. They come in many shapes and forms, and many people have this perception that the most important method to employ would be an anti-virus with backups however today, this is simply not enough. Systems like biometrics, two factor authentication and extensive user training should be applied in order to protect you and your organisation.
The world is more connected than ever and threats can come in all form and have become more clever at accessing your data. One key way which can sometimes be ignored is that your employees need detailed user training on the threats of modern day cyber criminals. This often comes in the form of phishing where users will receive messages coming from a seemingly legitimate source asking for information to do with passwords, credit cards etc. Especially in 2020 where there has been an increase in the number of spoof emails using the address of a compromised user to send out these threats as if it has come from them. This is why user training must be implemented to identify the threats which are becoming increasingly difficult to spot.
Ransomware is a huge problem in 2020, there have been many new stories in recent years about these types of attacks notably the WannaCry cyber attacks that took place all over the world and targeted the NHS in the UK putting patients data at risk. However this could have been prevented if proper cyber-security regulations were followed. This includes staff training, proper anti-malware applications and software updates. More recently an entire city in the United States was compromised with ransomware demanding hundreds of thousands of pounds and bringing the city to a standstill.
(please see below BBC news article)
But what exactly is Ransomware and how has it caused this amount of damage?
Ransomware is a malicious piece of computer software which can enter a network from various methods, such as phishing a users login details, in the form of downloaded software and in 2020 can even be spread through social media. Due to all these different ways of attacks it is difficult to maintain a consistent anti-virus software across all devices and failing to keep virus databases up to date can also cause problems. This is why user training is one of the most crucial steps in cyber security, even if it is only training to make a user suspicious and teaching them to check with their IT department first. This is a great idea to keep your business from becoming compromised. Ransomware seeks to encrypt all of a users files and folders and displaying a message only offering to decrypt the data if a sum of money is paid, often in untraceable sources such as bitcoin. This is always a bad idea as even if they do decrypt the files (unlikely) you are still vulnerable to the same attack occurring again and more money being requested.
Social engineering is the process using people to gain unauthorised access to a network or computer system. In the modern age this definition is quite broad as often many people would associate social engineering with something such as phishing, where a hacker would email in using a compromised account you may recognise or with a piece of data you would not expect them to know and get you to fill out forms or download files.
Even the best firewall and spam detection methods may not be able to protect you from something such as another user who you are in contact with having their account compromised or details leaked. Social engineering does not only occur through this method. It can occur when someone calls up pretending to be your bank to get account details or more commonly in your business to gain unauthorised access to places or data they shouldn't have. This can be something like being friendly in the workplace in order to gain access to files and documents that they would have you believe they are allowed to look at when in reality they are trying to steal the data.
A Trojan is as the name suggests a malicious piece of code or software which disguises itself as another application. These methods can often be destructive to data. Trojans often occur most frequently in unlicensed, non commercial software which may be a pirated copy of the original software or a software that does something similar to another commercial software except is cheaper or free. In business typically programs are only allowed to be installed by your IT team and they will likely be aware of the threats. Nevertheless it is still crucial that you keep your IT team trained well on these type of threats and even if users cannot install software themselves keeping them aware is a great idea especially in BYOD (Bring your own devices) environments where user devices can bring external threats into their network.
In 2020 these are the biggest threats to security that often struggle to be dealt with by typical anti-malware methods. Being aware is always the best method of protection as users will be able to look after themselves and not feel like they rely on an anti-virus to protect them if they do something wrong.
Logixal takes cyber security very seriously. From our printers to IT department we make sure any potential access point is safe and secure. To support this we completed the cyber essentials certification in order to ensure we had up to date 2020 security methods and in in Late May 2019 we received our cyber essentials certification. Proving our security methods were up to date and our employees and customers data was safe.