By the year 2020, the cybersecurity market is expected to grow to a whopping $107 billion. While many businesses are aware of the growing threats they’ll be expected to address, the dynamic nature of cyber crime makes it difficult to plan ahead. What can you to future-proof your budget? Are you missing anything in your security plan against today and tomorrow’s security threats?
This is one of the top concerns. Social engineering is the act of manipulating people to break a security process or share personal information. People have an innate sense to try and solve other people’s problems. Hackers know this and try to take advantage of it.
The best counterattack against social engineering is through employee education and awareness. Educate users of phishing tactics and the consequences of clicking email links. Ensure employees follow the corporate security policy to protect the business.
An employee may be required to occasionally travel for work. They may take some time to catch up on work while waiting in the airport lounge, hotel or coffee shop. But working off a public Wi-Fi creates a security risk.
Employees should assume that working off a public network provides no privacy. All sensitive information should only be transmitted through the corporate virtual private network (VPN).
Hackers create fake social media accounts that look similar to legit businesses to steal people’s personal online information. Other techniques they use are fake online surveys and contests or fake customer service accounts.
To prevent your corporate social media account from being hacked, limit who has access to it. Include in your policy what information can be shared over social media.
Sometimes when an employee leaves the company or is unhappy about their work environment, there is a risk that they may leak confidential information. Insider threats also extend to permanent or temporary employees, and third-party partners.
To mitigate the risks, employees or third-party partners should only be granted to the specific systems or drives that they need to do their jobs. When employees no longer work for a company, their access rights should be immediately removed from all systems.
Stolen or Lost USB Drives and Laptops
You’ve heard the stories of people having their laptops stolen while standing at an airport counter. They just put their laptop down for a second and then it was gone. Or they can’t find their USB drive.
First, they need to report the lost USB drive. As part of the corporate security policy, all data on the USB drive should be encrypted. Laptops should have software installed that allows you to remotely wipe data off the stolen laptop.
As part of their regular security training, include:
- A refresher session to remind employees of phishing scams and the latest news on security threats
- Never give out their passwords or leave their laptops unlocked in public places
- A walkthrough of the corporate security policy
Remarkably, 95% of security breaches are a result of human error. It is impossible to prevent 100% of security breaches but a review and refresher of the security policy will help minimize mistakes and encourage employees to follow best practices.
Mobile Security Threats
More and more employees are using their personal devices at work. The easy access does come with some risks. You don’t want your personal or company information to land in the wrong hands.
As part of the corporate security policy, enforce employees to use a strong password on their phones. In case the phone is ever lost or stolen, install software to remotely erase the data.
Training Your Cyber Talent
In order to stay ahead of the game, cyber professionals require ongoing training in the latest technology. It is difficult to expect your cyber talent to be well-versed in the latest technology if the company does not allocate budget for them to do training.
Aside from assuring that your cyber professionals are well trained, they also need access to the latest technology to combat security threats. They can use the latest methods but this will only take them so far in ensuring the security of the company without utilizing the latest technology advances.
Technology is always evolving. Being aware of security threats can help ensure you have the best preventive measures in place for the continuity of your business.