We do not mean to scare you. Well, maybe a little bit. After all, Halloween is almost here, and if you like to be frightened, this blog post is for you.
According to a University of Maryland report, cyber thieves attack computers every 39 seconds. That’s right. 39 seconds. Pretty chilling, even though many of these attacks are amateurish attempts to seize on poor password security. However, the frightening fact is cybersecurity is just that, a daily, evolving concern.
As Halloween creeps up, the following are several petrifying cybersecurity scenarios that could lead to nightmares for your business or organization.
Falling for hocus pocus and other malicious tricks
For businesses and employees, hocus pocus comes in many dark digital ways, including deterioration and distortion. Deterioration occurs when a company loses control over its business practices. As a result, the company can become more vulnerable to a myriad of attacks. Cybercriminals are opportunistic, stealthy, and speedy in their attacks. For example, many businesses use AI (Artificial Intelligence) to improve efficiency. That’s great, but untested AI may lead to some unexpected and unwelcome surprises, such as more exposure to bad actors. In addition, new technological advancements can mean new federal laws, decreasing a business’s control. Surveillance and privacy laws are also growing, which means identifying possible insider threats could become more complex, preventing a company’s ability to monitor employees better.
Cybercriminals are also good at distorting information and the technology companies deploy. Attackers who hack into your cloud, for example, have the potential to falsify documents that tell employees to move funds into the attacker’s account.
With the advent of technology comes bots and other vehicles spreading false information. This can lead to more employees not trusting the integrity of the information they see. Or the opposite could happen, with people mistakenly trusting false information. Either way, these scenarios can hurt your business. If cybercriminals have falsified information about you, communication with customers becomes more difficult and trust can erode.
Creaky and vulnerable apps
Old applications should frighten everyone because they are far more vulnerable to attacks. These applications include email, operating systems, and web browsers. While new threats are evolving, many feed on old security vulnerabilities. Malwares are looking to exploit the same vulnerabilities repeatedly. Businesses that fail to patch those weaknesses are asking for trouble. Unfortunately, it is all too common for a company or individual users on a network to dismiss the update reminder messages that pop up because they do not want to spend a few minutes of work time to run an update. Many users see updates as a burden but think of the loss of time, money, and business that could result from not doing a quick update. Businesses need to keep apps updated, install virus-scan applications and security solutions, and schedule regular auto-scans.
Failure at the firewall
A network firewall stands as a barrier between your computers and the internet, but it does not ensure safety. You could find yourself in a cybersecurity nightmare if you are not monitoring the firewall. Firewall best practices include using tools that can track data like current rule configurations, event logs, and alerts. Without a firewall monitoring tool, it is hard to make a good decision about rule configurations and firewall management. Fortunately, there are security monitoring services you can employ. If you outsource your IT networking, make sure your provider offers 24/7 monitoring.
Scaring sharing of passwords
According to SurveyMonkey, 34 percent of adults in the United States share passwords or accounts with their coworkers. Pretty scary and risky. If attackers get into your system, shared passwords make it far easier for thieves to widen their access to other parts of your network. This can turn a single security incident into a full-blown and damaging breach. Don’t let this happen. To safeguard your company, demand separate user accounts with strong passwords. A best practice is to use multi-factor authentication requirements and require password changes every three months.
No one has your back
Without automatic backups that happen at least once a week with copies stored offsite, businesses could find themselves in a truly frightening situation. One of the old axioms of life is the importance of having a backup, and this certainly holds true in cybersecurity. The boogeyman is real and comes in many forms, including malware. The Organization for Economic Cooperation and Development reports that 30 percent of computers in the United States are infected by malware, which can steal your data and infect your network. Malware can also lead to ransomware attacks. Backups are essential. If a data breach happens, or in an event of a natural disaster, your information is stored in a safe place.
Ignoring the threats within
According to an IMB report, 60 percent of cyberattacks are initiated by employees and vendors within your business. More than half of these attacks involve evil activity, while one-quarter are accidental. In other words, your workers within your company could be the most treacherous part of your cybersecurity threat outlook. Exorcize the threats from within by developing cybersecurity policies, including internet and email usage guidelines, and continuous education and training with your team focusing on the latest threats. Never assume all your employees understand the basic best practices for cybersecurity.
Fearing the audit
Here’s an unsettling fact: Many businesses do not conduct regular audits. A new survey by Protiviti and ISACA revealed that one in five organizations do not expect their 2022 audit plans to address the risk of cybersecurity breaches. An IT security audit is not done to embarrass the IT department. An audit is designed to protect your data, systems, and employees. Regular audits, either by an in-house expert or an outside consultant, will keep your security systems updated and ensure your company does not become the next cybersecurity horror story. The audit is not the grim reaper. It is your friend.
Skeletal Remote Policies
With remote/hybrid work becoming the norm, it is vital for companies to train employees while providing them with the tools they need to stay safe and secure at their home office or in public spots. If you have slim or no policies in place, the consequences and costs can be high. A detailed and clear remote work policy is vital to ensure your employees take the proper precautions to protect the company and its clients.
Ghouls pilfering lost or stolen devices
Many cyber ghouls are lurking, and here are some hair-raising statistics compiled by Kensington that should scare companies into action:
- One laptop is stolen every 53 seconds
- 70 million smartphones are lost each year, with only 7 percent recovered
- 4.3 percent of company-issued smartphones are lost or stolen each year
- 80 percent of the cost of a laptop is from a data breach
- 52 percent of devices are stolen from the office/workplace and 24 percent from conferences
Employees with company-issued devices need to be vigilant, and your company should have a policy in place on how to handle, store and use these devices. To minimize data loss, you should also have an employee protocol that outlines what to do when a device is lost or stolen.
Exorcizing cybersecurity demons
Cyber-attacks are not apparitions. They are real. Sixty-four percent of companies worldwide have experienced at least one form of cyber-attack. During the Halloween season and throughout the year, VirnetX can help you stay off Nightmare on Cybersecurity Street and on a safer, more secure path. Happy Halloween!
For more information about our products, including Matrix and War Room, download our white papers: “Remote and Vulnerable: Securing a Changing Workforce from Cyberattacks, and “Winning the Fight for the Virtual Conference Room.” In the meantime, please let us know if you have further questions about Matrix or War Room. Our sales team would be happy to talk to you.
VirnetX Holding Corporation is an Internet security software and technology company with patented technology for secure communications, including 4G LTE and 5G security. VirnetX’s software and technology solutions, including its secure domain name registry and Gabriel Connection Technology™, are designed to facilitate secure communications and to create a secure environment for real-time communication applications such as instant messaging, VoIP, smartphones, e-readers, and video conferencing. The Company’s patent portfolio includes over 200 U.S. and foreign granted patents, validations, and pending applications. For more information, please visit www.virnetx.com