2020 will forever be remembered as the year that rewrote the cybersecurity textbooks. Have you studied for 2021?
Cyberattacks and data breaches have been around since the birth of our modern technological age, but the pandemic of 2020 increased cybersecurity threats on a scale we never imagined. Just because we are in a new year doesn’t mean the danger has passed. In fact, the risks are at an all-time high.
Once businesses realized the benefits of their employees working from home and transitioned to a permanently remote environment, they have become even more susceptible to hackers, and here is why:
- A rapid transition to remote work without time to implement additional safeguards to systems.
- Increased reliance on mobile devices over unsecured home networks.
- Bad actors increased intelligence using social engineering attacks to exploit fears caused by the pandemic.
These are just a few reasons that we saw a remarkable increase in data breaches during 2020: with the majority occurring in the second half of the year. Looking back, it’s easy to see why businesses were more vulnerable to cybercrime during the pandemic. They say hindsight is 20/20, right.
To keep businesses running, CEOs and leadership were forced to transition their staff to a remote environment to ensure business survival. Unfortunately, without the luxury of time, giving employees access to corporate databases without increased security measures left the doors open for attackers.
In a recent postl, I touched on how human error can be one of the biggest threats to your security. Unfortunately, there are times that a disgruntled or careless employee will be the cause of a breach. Stress and home life distractions also increase the likelihood that frustrated, and burnt-out employees will forget basic cybersecurity protocols.
Ransomware is malware that steals your information and holds it hostage until you pay a ransom in return for the info. Obviously, this is a scary situation, but never pay into this money pit! Even if you pay the ransom, they can demand more money, and there is no guarantee they will return the information.
Hackers that utilize ransomware are evolving their methods, and I predict they will be even more sophisticated in 2021. As they become more confident, they will likely seek out larger targets while devoting months or years to studying companies to learn their policies and procedures to carry out their attacks. Get ahead of hackers and provide security awareness training to your staff so they can identify phishing emails and avoid them, and work with an IT company that can implement advanced security defenses in your systems and continually monitor them to ensure new vulnerabilities are patched immediately.
The pandemic has accelerated the development of edge computing, optimizing internet devices and web applications by moving data storage and computation closer to users for faster response times. This minimizes the need for long-distance communications between client and server, which means faster speeds over less bandwidth. High-speed 5G networks coupled with this edge technology will help to enable mobile computing and Internet of Things (IoT) technologies. Unfortunately, this also leaves data at increased risk for a breach because of additional entry points into a company’s system.
Now that you know what to look for, what are you supposed to do about it? I suggest focusing on these risk-mitigation strategies:
Secure your remote worker’s home offices by mandating that employees frequently scan their home networks for botnet and command/control traffic and use a VPN to encrypt traffic from one end to another, protecting their passwords, financial data, and emails. Passwords should include uppercase characters, lower case characters, numbers, symbols, and even some gibberish in-between. The harder to guess, the better!
I think it goes without saying, but I will say it anyway, ensure employees maintain compliance with software updates and have antivirus installed on all employee devices—laptops, phones, tablets, USB drives, etc.
Implement dual-factor authentication based on usernames and passwords, security codes, or employees’ biometric data (fingerprint or Face ID) across all devices that contain confidential customer or financial data.
Educate your staff on what it means to have a privacy footprint via social media and social networking apps and advise that they delete high-risk apps from any device they use to access company data.
Last but not least, address credential stuffing. Advise your employees on the dangers of reusing usernames and passwords for their personal and professional log-in credentials. At ReachOut Technology, we offer a free Dark Web Scan so you can find out if any of your companies’ information has been compromised. We offer the scan as a courtesy because we know that knowing is better than wondering.
The events of 2020 and increased cybersecurity risks will force companies to be more vigilant about determining if their remote workers’ home offices are secure or not— because playing the guessing game just isn’t going to cut it in 2021.