There are so many lessons we have already learnt from 2016: if you’re a celebrity you should probably start taking very good care of your health; now is not the time to buy Euros; any business, big or small, is a potential victim of a cybersecurity attack. As we pass the half way mark of 2016, here are the top five security lessons that 2016 has taught us so far and five tips to make sure that you end 2016 on a high, rather than in the headlines.
No one is safe
‘It’ll never happen to me’ is the scourge of the security world. It’s so easy to think that your company is either too big and strong to be breached, or too small to be of interest. Newsflash – you’re not. Attackers try just about anything and anyone to get to your system and research has shown that the majority of companies don’t even realise they’ve been breached.
Learn from the mistakes of the high-profile embarrassing breaches from this year such as LinkedIn, Tumblr and – a little further back to the end of last year – TalkTalk; get your security up to scratch, fast.
Ransomware is the one to watch
While phishing scams are having a decent punt for the top spot, ransomware has been on a roll this year. Recent studies suggest that a quarter of all malware attacks are now from ransomware, which is a type of malware that encrypts all your data and then demands payment for the decryption key.
It often comes in the form of phishing attacks so be careful when clicking on links and educate your team about the dangers, because once it’s in your system there’s very little you can do about it. Paying the criminals will only encourage them and make ransomware more likely to increase in general, so make sure you’re regularly backing up your data so that even if they sneak into your system you’re able to outsmart them.
Attackers are getting smarter
As more businesses become security-savvy, attackers are becoming ever more creative about getting to the gold. For example, phishing scams are getting better at pretending to be from a legitimate source; the fake emails now often contain loads of personal info which makes them appear real in order to get you to click on a link that takes you to a dodgy site or triggers malware.
The information they use often comes from social attacks, like asking to become friends with lower-tier employees on LinkedIn, then using that to get to higher level execs.
Threats come from inside your house too
Breaches can come from inside businesses too, such as unsuspecting employees leaving the door open. This can either be because employees haven’t been educated on how to spot threats, such as adding people on LinkedIn that they don’t know as mentioned above, or from lower-level employees being attacked and having admin privileges that are too high, which then lets attackers get into sensitive info. It’s important that there are no weak links in a business.
The repercussions are real
As many of the businesses that have suffered this year would tell you, the repercussions of poor security practice are very real. From fines for not protecting yourself, to the losses from the breach itself – TalkTalk found that its profits were half what they had been the previous year – and reputational damage, there’s really very little excuse for not making security a top priority.
Five tips for protecting yourself:
- 2FA – you can enable two-factor authentication (2FA) across accounts for an added layer of security. This is now widely believed to be one of the best ways of adding a second level of security to your accounts, and will ask you to provide your password as well as another method of identification when logging in; this could be a code sent to your mobile phone or something you have on you like a USB key. MyUKFast users can enable this on their account now!
- Password manager – passwords need to be long, strong and unique to each account, but – if you’re anything like me – realistically it’s unlikely you’ll remember them all. You can get a password manager that will create strong passwords and remember them for you, then you just need to remember the one that protects the manager.
- Be proactive – it’s just no longer good enough to wait until someone’s attacking you before you put security measures in place. Vulnerability scans and penetration testing will help check your system for potential weak points and fix them; think of it like taking out insurance before you go on holiday – you need to have it in place before the worst occurs!
- Monitoring – an internal monitoring system that alerts you when something changes – which often indicates a breach – is also essential; attackers can lie undetected in systems gleaning valuable data for months or even years.
- Backups – the only real way to protect against ransomware and other disasters is by ensuring you have up-to-date backups of your system in a separate, secure location; it’s important to ensure these are completely disconnected from your existing systems as network shares are often targeted by ransomware amongst the local drives.
Take a look at our security page or give us a call on 0208 045 4945 for more information on the security solutions that UKFast offers.