In the past decade, millions of businesses in key industries have been subject to malware infections. The numbers continue to rise as attacks get more sophisticated and organizations are moving towards virtual working environments. The pandemic caused a 600% increase in cybercrime as hackers rolled out phishing attacks on massive scales—an example of which is tricking targets into clicking infected links posed as legitimate sites of the Centers of Disease Control and Prevention (CDC) and the World Health Organization (WHO).
So what exactly can organizations do to mitigate risks and curb these destructive attacks? In the Ascent Conference held in 2019, Karl Kispert, managing director at MGO Technology Group, LLC, revisited the basics and emphasized security awareness in dealing with threats.
Security Training vs. Security Awareness: What’s the Difference?
According to Kispert, security training and security awareness are not the same things. “Training is teaching a body of knowledge to an individual,” he explains. “Awareness is changing the culture as you’re building it, or as you’re expanding your company.” Building security awareness and incorporating that knowledge into your framework helps you craft a comprehensive incident response plan to use if and when a breach happens.
Kispert brings up these fundamentals you can base on to be fully aware of your security posture and avoid falling prey to ransomware and phishing attacks:
1. Back up your data daily – Albeit basic, Kispert stressed the importance of having secure and reliable data backup at all times for easy recovery in case attackers get ahold of your data.
2. Update your operating systems – Doing this crucial step fixes any existing vulnerabilities your system may have and ensures that everything is working correctly. For added security, limit the number of people who can use or install the software.
3. Monitor your network closely – It is critical to understand how your network configuration—attackers easily penetrate unsecured and misconfigured wireless networks. You must monitor who is on it at any given time and who has access to which information, especially when you’re tied up with a third-party vendor. Invest in an enterprise license for reputable antivirus software to fortify your network against attacks.
4. Use two-factor authentication – Activating two-factor authentication helps you verify your users’ identities as they use your services and provides an additional layer of security within your network. Kispert strongly advises against sharing passwords with anyone as this is giving away all your sensitive information for free. Moreover, attackers can break a weak password within milliseconds—using a combination of alphanumeric characters and symbols makes a password less likely to be figured out.
Cybersecurity awareness is essential regardless of what stage your company is currently in. You have to be aware of what everyone is doing, what information you are sharing, and who should have access to your data and network. The strategies above will help you identify gaps your infrastructure may have and steer you in the right direction regarding security as your business grows.
Watch Karl Kispert’s full session below:
[su_youtube url=”https://www.youtube.com/embed/ELJK1G8cGEE” mute=”yes” title=”Data Protection and Consumers Right”]
Photo by Kaur Kristjan via Unsplash.