The State of Cybersecurity Today

2018 has been a rough year, with at least 15 major companies seeing data breaches since 2017 according to Business Insider. Data breaches and other security threats are on the rise, so it is more important than ever to have a good cybersecurity strategy in place.

New security legislation

One major change to the state of cybersecurity was the introduction of GDPR legislation by the European Union in May. This comprehensive privacy protection policy is founded on the idea that any data about a person is that person’s sole property, and companies can only collect and use that data in ways that person has explicitly consented to. This wide-reaching legislation affects all companies that have clients in the EU, no matter where they are based.

Penalties for non-compliance are stiff. Companies that do not comply with GDPR standards, fail any audits, or experience any data breaches can be fined up to 4% of their global revenue or €20 million, whichever is higher. Companies that fail to produce the appropriate records when asked can be fined up to 2% of their global revenue, or €10 million, whichever is higher.

In order to avoid massive fines for non-compliance, it is essential that all companies ensure their data is safe and that the chances of a breach occurring are minimal.

Continued Threats

There are several types of cybersecurity attacks that continue to pose a threat to companies around the world.

Ransomware

Though this type of cybercrime is beginning to lose traction against other, newer, types of cybercrime it is still a threat.

One way to minimize the amount of damage a ransomware attack can do to your company is to store data in the cloud when possible and backup all other data regularly. If none of your data is stored on an infected computer then there is no reason you will need to pay the cybercriminals in order to recover it.

Phishing

Phishing attacks tend to cast a wide net in order to try and capture as much information as possible some attacks are more targeted. These targeted attacks, known as spear phishing, target certain industries, companies, or even individuals.

Should you or one of your employees fall victim to a phishing scam and reveal their password and username, your entire computer system could be compromised. Since the cybercriminal has a legitimate username and password their unauthorized presence is less likely to arouse suspicion.

The best way to keep your company safe from phishing scams is not to fall for them in the first place. Make sure your employees know how to identify suspicious looking emails and teach them what sort of information they should, or should not, reveal over email and other electronic messages. Should one of your employees fall victim to a phishing scam the best course of action is to have everyone change their passwords as soon as possible.   

New threats

As companies are becoming better prepared against cybercrimes, new threats are constantly emerging, making the never-ending challenge of keeping data secure even more difficult.

Cryptojacking

Cryptojacking refers to a criminal practice that involves the unauthorized use of someone else’s computer to mine cryptocurrencies. To do this cybercriminals infect your machine with a malicious program that diverts some of your processing power to mining cryptocurrencies.

Though this may seem like a relatively benign attack the real problem lies in the fact that an unauthorized user has access to your computer system. This means they may be able to access sensitive data or hijack your computer or entire computer network.

If one person is able to gain access, this likely means your systems are vulnerable. Just because your current “guests” aren’t interested in killing their new cash cow doesn’t mean that the next person who exploits the same vulnerability won’t do more damage.

The best way to keep unauthorized users off your computer is to scan all uploads and downloads for malware and quarantine any devices you suspect may be infected.

Best practices for all businesses

Cybersecurity is complex, multifaceted, and constantly evolving. However, there are a few things all companies should be doing to keep help keep their systems, and data, secure.

Use a firewall

Firewalls are the first barrier between your company and cybercriminals. Some companies have even begun setting up internal firewalls for added protection. You should also make sure any employees who work remotely also have appropriate firewalls in place.

Install anti-malware software

Anti-malware software is one of the first lines of defense against cybersecurity attacks and is able to detect malicious software such as malware, viruses, ransomware and spyware.

Document your cybersecurity policies

Documenting your cybersecurity practices is important for two reasons. One, you can cover your bases when it comes to legislation such as GDPR, and two, you can better educate your employees about good cybersecurity practices.

Backup all of your data regularly

This will help minimize the damage a possible ransomware attack could cause.

Educate all of your employees

By making sure all of your employees understand basic cybersecurity practices you can help stop problems before they occur.

Use multifactor identification

Multifactor identification is a simple way to add an extra layer of security. Employee’s cell phones work well since it is unlikely cybersecurity criminals will have both the cell phone and the password.

Make sure all devices are secure

A lot of smaller and medium-sized businesses use BYOD (Bring Your Own Device) policies in order to cut costs. However, all devices that have access to company computer systems and data need to be properly secured.

Enforce safe password practices

Passwords should be strong and changed regularly. You should also make sure no employees are writing down their passwords.

Conclusion

Cybercrime is constantly evolving and changing, so cybersecurity needs to keep pace. The best defense against all of these threats is to have a comprehensive cybersecurity strategy in place and regularly run practice simulations (such as penetration tests or tabletop exercises) with your employees and cybersecurity personnel in order to prepare them for possible scenarios.

You should also review all of your security practices regularly, and make sure your security personnel are staying up to date. Ensure that your employees are keeping their computer programs and operating systems up to date since many companies regularly release security patches that correct recently discovered security concerns.