Six Simple Ways To Protect Against Cyberattacks
There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.
This famous industry quote, attributed originally to former McAfee vice president Dmitri Alperovitch in 2011, has perhaps never been more relevant. The great expansion of our digital footprint, accelerated unexpectedly by the Covid-19 pandemic, offers almost unimaginable opportunities, but comes with the very real risk of cyberattacks.
A study by the University of Maryland found hackers are launching cyberattacks every 39 seconds on average. That means 2,244 attacks a day, any one of which could end up being extremely costly to the victim, whether it’s an individual or an organization. According to IBM, the global average cost of a data breach in 2020 stands at $3.86m, with more than half caused by malicious attacks. And that’s before we count the costs associated with the private data that has been stolen, be it passport numbers, credit card information, or medical records.
The sudden shift to work-from-home (WFH) this year makes cybersecurity an even more pressing issue for organizations. As the number of employees connecting remotely increases, so do the potential entry points for cyber attacks. It’s understandably a lot easier for a business to secure its on-site devices than to ensure each individual is using the right tools and taking the necessary precautions at home. And the speed at which our daily routines were upended when the pandemic hit meant there was very little time to set up and test security systems for displaced teams. It’s no wonder, then, that 70% of large businesses recently surveyed by AT&T believe that widespread remote working is making their companies more vulnerable to cyberattacks. Or that many recent studies suggest cyber attacks have increased during the Covid-19 crisis.
What are some of the most common cyberattacks today?
Given the potential costs, organizations need to protect themselves against cyberattacks. But before we run through some of the best ways to do this, it’s worth examining the most common attacks to be aware of.
Malware is malicious software installed on a computer, often without the user being aware. Once active, it can be deployed in several ways, including to spy on user activity (spyware), block key files until a ransom is paid (ransomware), or gain unauthorized access to the computer (trojan).
Phishing involves scammers pretending to be a trusted organization and luring targets to click on a link, download a file (to install malware), or enter sensitive information (such as passwords or banking details). Phishing attacks typically start with an email, though they can also be done over the phone or by text message.
Distributed Denial-of-Service (DDoS) attacks attempt to bring down an online site or service by overloading it with traffic. It’s a tactic sometimes adopted by ‘hacktivists’, but can also be used to extort victims or distract them while launching other cyberattacks. Powerful DDoS attacks have targeted the websites of governments and some of the world’s biggest companies in recent years. In June, for example, Amazon Web Services (AWS) reported that it had defended itself from the largest ever DDoS attack.
A zero-day attack occurs when hackers can exploit a newly-discovered software vulnerability before the developer/provider has released a fix. These attacks, often using malware, can be especially dangerous as it may take victims a long time to realize they are under attack or be able to defend themselves from it.
Structured Query Language (SQL) injection attacks target the server-side of applications, including the database. Hackers can inject malicious code that allows them to view or manipulate hidden data, or control an application’s data-driven behavior.
How can we prevent these cyberattacks?
Now that we have a better grasp of some of the main security risks, here are six things you can do to protect yourself against damaging cyberattacks:
Know what to look for: Most cyberattacks involve some human interaction - clicking on a malicious link, inadvertently downloading malware, giving up sensitive information, etc. Ensuring you and your team are aware of the risks and can detect potential attacks is half the battle. For example, a Verizon report on data breaches in 2019 found that 94% of malware was delivered by email. So everyone in the organization needs to be extra careful when clicking on links or opening attachments, even if they seem legitimate at first. Knowing what to look for - minor spelling errors in the email address or website URL, the unusual syntax in the email, a request for personal details - will help prevent attacks.
Use strong passwords: Passwords are essential these days, but it’s always important to stress that they need to be strong to be an effective first line of defense. Using ‘ABC123’, ‘Admin’ or other default passwords is the cyber equivalent of leaving your front door unlocked - and this isn’t a safe neighborhood. It’s also important to change passwords regularly and to use different passwords for work and personal access. It can be a hassle, we know, but it’s worth it to keep your private information safe. Some sites, like 1Password and LastPass, offer support with managing your team’s cybersecurity. Multi-factor authentication (MFA) is another security mechanism that requires individuals to provide at least two credentials to confirm their identity. This is often a password plus a confirmation on a separate device.
Keep all software and systems up to date: This is a basic requirement but easy to neglect if you don’t have a dedicated IT department. Cyberattacks are continually evolving with technology, becoming increasingly sophisticated and threatening. The good news is that defense systems are also being upgraded all the time, so it’s vital to install the latest patches and security fixes on all company software and systems (you should do it on your devices too). A firewall is another important security device that shields the organization from external attacks by blocking unwanted traffic and unauthorized network access. In all cases, during the WFH boom, it’s increasingly important to ensure endpoint protection - that is, protection on each device that can connect to the business network.
Use a VPN: A ‘Virtual Private Networks’, or VPN, is a useful security mechanism in a remote working environment. It allows team members to connect securely to a closed network as if they were connected through the same in-office network. A VPN for remote teams should be encrypted and password-protected, so your team can ensure data sharing will be closed to outside access. Several cloud-based services, like Amazon Web Services, use their VPNs to boost security. These services have an additional benefit of large bandwidth, which can help protect against some DDoS attacks.
Back up your data: You’ve probably heard this a million times already, but there’s a reason for it. You can take all the precautions and still be the unfortunate victim of a cyberattack. Regularly backing up your data can mitigate the damage to you and the wider organization, both in terms of recovery time and financial losses.
Consider Zero-Trust Architecture: “Never trust, always verify.” That’s the fundamental philosophy of zero trust thinking, which is at the cutting edge of cybersecurity, especially when it comes to protecting remote teams. It is essentially a holistic security model in which no-one is trusted by default, even if they are already inside the network. As such, it requires strict verification from all people and devices trying to access applications or data. Zero-trust architecture can incorporate different technologies and security mechanisms - the key message is that cyber protection is the priority over ease of use, speed, or functionality of access.
Interested in hiring talented Latin American developers to add capacity to your team? Contact Jobsity: the nearshore staff augmentation choice for U.S. companies.