Cybersecurity is an ongoing concern for individuals and businesses alike. But when it comes to protecting your business, there are some unique considerations. From protecting massive amounts of data and equipment to training employees to cope with attacks, the following are some the biggest cybersecurity concerns that will impact you in 2019.
Spear phishing
Phishing is a type of social engineering where someone posing as a legitimate person or institution attempts to manipulate you out of your sensitive data. The more information that an attacker has about you, the better their chance of success. Spear phishing is the more recent and disturbing trend where hackers spend time observing you online, often breaking into your email to design a targeted phishing attack. They take information they have learned, such as who you trust and communicate with most often, and take advantage of that.
Businesses of all sizes have been targeted by spear phishing. According to the 2018 State of the Phish Report, 83% of respondents experienced a phishing attack in 2018 and credential compromise has soared 280% since 2016. When it comes to social engineering in general, and spear phishing specifically, knowledge is power. In addition to beefing up your cybersecurity, it is crucial to educate employees and institute policies in order to stay ahead of the attack. We recommend the following:
- No financial transactions should be processed or instructed via email. If someone does send such an email, follow up with a phone call before initiating the transaction.
- No employee personal information (such as bank information, social security number, W2, salary, etc) should ever be sent or requested via email. If someone does request this information in an email it should not be supplied to them in the same manner.
- Turn off contact “friendly names” and photos so that you just see the email address it is coming from. For more information about why this is effective read this piece by The Internet Patrol.
- Configure your email to make the most of the security settings available to you. For example, is it possible to indicate which emails are internal vs external? Talk to your MSP or tech support provider for assistance.
Cryptojacking
Cryptojacking is the unauthorized use of someone’s computer and resources to mine cryptocurrency. Hackers send phishing campaigns with infected links. Clicking the link infects the computer with Javascript code that auto-executes.
Cryptomining code then works in the background, while you continue to use your computer. A business network with many computers can be a tempting target for crypto miners. While it can be difficult to detect crypto mining, if you suddenly notice experience slowed network, overheating equipment, and very high electric bills, you may have a compromised network.
The best solution is prevention, and the best prevention is a dedicated IT team who can monitor your network and ensure that everything is running as it should be. If you can’t afford to hire on-site professionals consider partnering with a managed service provider.
Shadow IT apps
Shadow IT is a growing threat to cybersecurity and compliance. Shadow IT refers to any unauthorized use of software, hardware, or cloud service by employees. According to a survey by Logicalis CIO, over 98% of cloud services in use at businesses are shadow IT. Mostly chosen for productivity (Trello, Asana) or communication (WhatsApp, Skype), the issue is not necessarily the apps themselves but in their unmanaged use in the workplace.
Typically, shadow IT boils down to employees not feeling that they have all the tools that they need. Therefore, in order to address this issue, management needs to ensure that employees have access to approved tools that will address their needs. Additionally, many small businesses may not have policies in place regarding downloading software/apps. Now is a good time to implement such a policy, and to educate users on the importance of following such policies, with regards to maintaining security.
