How to Guard Against the Most Common Cyberattacks
Cybersecurity has become a hot topic lately due to damaging cyberattacks that have recently been committed against large businesses that are critical to our nation’s infrastructure.
In the first attack, hackers shut down a major pipeline that transports gasoline to nearly half the East Coast, disrupting gasoline supplies for days and sending prices skyrocketing in some areas. Soon after, a cyberattack on the world’s largest meat processor forced the shutdown of nine beef plants, temporarily halting meat production and disrupting supply channels.
Cyberattacks are almost inevitable
Unfortunately, as technology becomes more sophisticated, so do cyber criminals. Even the most well-prepared and protected organization will probably experience a cyberattack at some point. There are many things a company can do to prevent or thwart such an attack, but certain points of entry are more vulnerable than others.
Keeping up with the latest privacy and security technology is an important part of protecting your organization. Your employees, however, are by far your biggest vulnerability. Cyber criminals bank on getting through to that one individual who unwittingly clicks on a phishing link or neglects to practice the security protocols outlined in company policies.
Phishing and social engineering
Two of the most common cyberattacks that target employees directly are phishing and social engineering. These schemes can be difficult to spot and lead to compromised user accounts and ransomware attacks. The best protection is user education and awareness. The more an employee understands about phishing and the value of their personally identifiable information, the less likely they are to fall prey.
Password sharing among employees is another potential danger. When employees share passwords to applications and websites, this can lead to many problems. It can be particularly dangerous when employees have access to banking and other financial websites. Password managers can help by ensuring the passwords are strong and shared only with those people with a need to know.
While it’s important for employees to have access to applications and information, this access should be limited to what is needed to do their job. A role-based resource policy helps prevent malicious attacks from inside an organization. A strong access auditing tool can also help by calling attention to odd employee behavior before it becomes a problem for the organization.
Implement strong cybersecurity policies
Your cybersecurity tools should include advanced barriers and preventative solutions, along with impenetrable policies and procedures. Make sure you can confidently “check off” these elements for your company:
-
- We have established clear policies and procedures for employees to use our organization’s information technologies.
- Our policies include requirements for employee passwords, including mandatory password updates and password strength.
- We have enabled multi-factor authentication (MFA) to further lock down applications and devices.
- We regularly train employees on how to identify and interact with malicious emails, spam, and phishing attempts.
- Our employees’ mobile devices are registered and tracked from an MDM system implementation.
- We implement technical defenses, such as firewalls, intrusion detection systems and internet content filtering.
Sound IT policies and up-to-date infrastructure, coupled with a strong and ongoing employee training program, can help minimize the risk of a potentially devastating cyberattack. Assessing your current IT risks is a good place to start.
Bill is the Director of Meaden & Moore's Information Technology Group. He has a diverse technology support and management background.