It’s Dangerous Out There, Take This: How To Protect Your Association From Cyber Attacks
As the world of small- and medium-sized businesses (SMBs) increases its reliance on the internet, the importance of digital security and security follows closely behind. According to the Ponemon Institute’s State of Cybersecurity in Small & Medium Size Businesses survey, 67% of SMBs experienced some form of cyber attack in 2018, an increase of 6% from a year earlier.
Even more alarming, only 28% of these organizations feel its defenses are “highly effective.” However, the solutions are out there. The problem is, organizations don’t always know where to look. In fact, nearly half of survey respondents are unsure how to incorporate suitable cybersecurity measures. Help is near. Associations that incorporate the following measures can better protect data and safeguard against attacks.
CHANGE THE CULTURE
Integrating proper cyber security requires a top-down culture shift. First, management needs to acknowledge the need for cybersecurity, and then they need to initiate an organization-wide buy-in plan. This may include running information or training sessions highlighting why proper security is important, what the potential threats are, and how everyone can contribute to protecting the organization against them.
While cyber threats can come in many different shapes and sizes, organizations can focus on the biggest and most prevalent. According to Ponemon Institute study, the most common attacks in 2018 were phishing and social engineering, web-based attacks, general malware, stolen devices, denial of services, and advanced malware attacks. The more prepared users are, the lower the chances they fall for predatory attacks.
Know Your Enemy – Phishing, Denial of Services, and Zero-Day Attacks
Simply providing staff with some quick training on how to handle the most common attacks can make a major difference.
Phishing threats involve attackers sending emails with a fake “from address” or even worse, from a trusted source like a hacked email account to persuade targets to provide valuable information or to open attachments infected with a computer virus or other malware. Since it is one of the easiest ways of attacking any organization, it is therefore the most common way to break into computer systems and networks. To minimize this threat, everyone in your organization should never open any kind of email attachment or click on any link that was submitted via email without requesting it from the sender. This includes especially emails that you received from senders you know. Additionally, always hover over links to verify the path goes where it says it does or ensure the email header details, like “reply-to address” and “return path,” align with the trusted source’s actual information.
To protect against denial of services (DoS attack), which is when attackers flood web servers with requests to intentionally overload them, organizations can set up on-premise and cloud-based protections to detect and reroute any potential attacks. Vocalmeet provides this type of protection to all of its clients.
For advanced malware attacks, like Zero-day exploits that expose unpatched software vulnerabilities, one of the fastest-growing threats, organizations and users should keep well configured firewalls in place and even better, should limited access to servers that host your online applications only to certain IP addresses like the one from your office or a company VPN etc. More importantly use only essential applications in your public facing network to reduce the amount of potential vulnerabilities.
Make an Inventory and a Plan
In order to protect its assets, an organization needs to first review what assets it has and who and what has access to the information. This may involve making an inventory of every device, all software, and each user that is connected to the organization’s system. Perhaps most importantly, these inventories must be updated regularly. In addition to providing a useful overview of the organization’s system, updated inventories can then be used to identify someone or something with unauthorized access.
The next step is to create a security plan that everyone in the organization can understand and follow. According to the CyberEdge Group’s 2017 Cyberthreat Defense Report, “Low security awareness among employees continues to be the greatest inhibitor to defending against cyber threats.” Even the most basic plan can improve security drastically, such as ensuring employees log off when away from their devices and reporting unusual happenings or activity.
Maintain Proper Technical Hygiene
To ensure the organization’s security remains intact, every member must commit to the process. This may include regularly updating security and malware protection software, including antispyware and antivirus software, and using a firewall when connecting to the internet and securing Wi-Fi networks. Users should also ensure they stay up-to-date on software updates. Though many of these tasks get put off until the most convenient time, they should be prioritized for best results.
Specific Hardware and Software Configuration
While many modern devices are built for convenience and accessibility, the trade-off, unfortunately, is often a lack of security. Organizations can overcome this by streamlining the functionality of its software and hardware. A web server with only web service functionality, for example, reduces the vulnerabilities and the risks of attacks.
Similarly, many technology users increasingly take security risks to increase convenience despite the growth in cyber threats. This usually results in users employing poor passwords or even keeping the default passwords, which can often be looked up online and cracked easily. The organizational solution is to force users to regularly change their password, require them to use their own individual accounts for all activities, and establish a lockout policy for wrong attempts.
Manage User Privileges
While the majority of cyberthreats are external to an organization, limiting user privileges and permissions can go a long way to eliminating a large portion of internal cyber weaknesses. This may mean that some users don’t have the same level of access to information as others. Some users might not be able to install software or use specific websites, for instance.
Organizations should also restrict admin privileges. Since admin access and credentials allow users to make drastic system changes, controlling this power can limit any malicious or accidental threats from the inside. If admin access is needed by standard users, these privileges can be offered temporarily and supervised carefully. By practicing this level of control, organizations can also prevent phishing attempts, as admin credentials and access are more carefully monitored and protected.
Get an Insurance Plan
Even for the organizations that take every precaution, cybercrime still remains a very real possibility and a serious threat. Therefore, establishing a backup plan and an insurance policy in case of an attack is every bit as important as trying to prevent one.
One surefire method is to create and maintain backups of all-important information and documents. Setting systems to back themselves up automatically can take much of the legwork out of this process. While this doesn’t eliminate the threats, it can soften the blow if they do occur. Another option is to obtain an insurance policy that protects against cybercrime. Not only can insurance coverage help manage and minimize the risk of malicious cyberattacks, but it can also provide organizations with an overview of their systems, their vulnerabilities, and their level of risk.