As technology evolves, so does the sophistication with which hackers manage to infiltrate and steal your company’s personal information. These days, it’s not a matter of “if” your company gets hacked; it’s a matter of “when”, and luckily, more and more businesses are coming to this realisation and putting the correct procedures in place.
Ransomware is the most predominant type of hack an SME business will encounter. One of the most significant cases of this type of cyberattack was the Colonial Pipeline Attack in May of 2021. Hackers managed to pull this digital heist off using compromised passwords that stakeholders suspect were found on the dark web.
The Accenture “State of Cybersecurity 2021” report found that cybersecurity attacks have risen by a staggering 31% from 2020 to 2021.
The IDC (International Data Corporation) has predicted that by 2025, various cloud services would have accumulated 175 zettabytes of data globally (that’s 175 with 21 zero’s behind it)! These databases include video steaming, personal, healthcare, dating apps etc. This means by 2025, the cost of international cyberattacks would have reached the $10.5 Trillion mark.
With that in mind, YEO has taken a deep dive into how businesses are exposed to cyberattacks and the actions they can take to prevent them.
- Flaws in “Forgot Password”:
We’ve all had to reset our passwords at some point in time, which, if you ask us, is something people don’t do enough. But, what happens when there are flaws in the system that are meant to be protecting these passwords? These could include non-existent CAPTCHA’s, sending your new password in clear-text (not encrypted) to your email, easy-to-answer security questions or invalidating an old password as soon as the user clicks the “forgot password” link.
The prevention of the above problem is sensitive, especially if you have multiple accounts on different sites that need protecting. However, there are a few sure-fire ways to ensure your company passwords stay safe.
- Update your company passwords at least every six months;
- Once you have changed your password, make sure to log out all other “sessions on your other devices;
- Don’t allow Login ID Guesses;
- Ensure the Password Security Policy is applied (more than eight upper & lowercase characters, a mix of letters, numbers and symbols);
- Give your “reset password” link a short lifespan, meaning as soon as you receive it in your inbox, change your password immediately to prevent hackers from intercepting it.
- Unsecured WiFi Networks:
When we say “Do not use unsecured WiFi networks”, we don’t just mean “don’t use the mall’s public WiFi”; it also includes your company’s local internet host at the office. It’s surprisingly easy for hackers to access your Wifi network, allowing them to access all incoming and outgoing internet traffic. Once they have this door open, they can use your network to download illegal content, hack your employee’s accounts, and gain access to your company devices.
The fix for this may sound like a lot, but you’ll be sleeping much easier once you have the following in place:
- Immediately change your network name and password to something solid and unique;
- Similarly to point one, you will want to update these at least every six months;
- Enable network encryption (your network provider can help with this), keep your router’s software up-to-date;
- Turn off network name broadcasting;
- Use trustworthy VPS to access your network;
- Establish a good firewall.
- To err is human; spotting a phishing email or text is divine.
Although cybercriminals have mastered seamless emails, text messages, and voicemails to lure their targets – once those poor souls click those links, they unlock the door for hackers to download confidential company files, install malware on the company network, and access all your employees’ data.
Although hackers are now more ‘up-to-speed’ with creating flawless emails, there are still telltale signs of something being “off”. For instance, a link without the “Hypertext Transfer Protocol Secure” (HTTPS://) in front of it indicates that your connection/communication isn’t secure.
Here are a few other things to think of when receiving a possible phishing email:
- Think before you click. Take a good look at the links attached to emails or texts, and if it’s from a person or company you’re not familiar with, or it just looks suspicious, chuck it directly into the “spam” folder;
- Additionally, set your “spam” filters to “high”;
- Never download files you don’t know;
- Offers of prizes are a scam,
- Delete any requests for personal information or password;
- Keep your devices secured;
- Reject bids and offers of “help”.
- DDoS attacks:
Otherwise known as “distributed denial of service”, DDoS attacks happen by way of bots or other traffic sources to overload a company’s servers. This influx of traffic will disrupt servers and hinder clients/users from using your site, app, or service. Basically, it’s an obnoxious way for hackers to prevent your business from functioning the way it’s intended and could inflict an immense amount of brand damage – and no company is immune to such an attack.
Statistically, DDoS attackers have a few favourite targets in mind, including online retailers, financial & fintech, government entities, online gaming & gambling sites/apps, and IT service providers.
If your company falls under one of these categories, you’re going to want to have a look at the following fixes:
- Have server redundancy, meaning that your company has prepared for such an attack by having backup servers to host connections and communications while you mitigate the one under attack;
- Create a DDoS response plan that includes step-by-step instructions on how to proceed, maintaining business continuity, escalation protocols, informing stakeholders and staff members, team responsibilities, etc.
- Ensure solid network security by following the points raised in number 2 of this list,
- Keep an eye out for warning signs by noting slow performance, crashes, unusual amounts of traffic coming in, poor connectivity and high traffic to a single page/option on your site or app.
- Human error:
If there’s one thing every company can rely on, it’s that humans make mistakes. A vulnerability that hackers rely on every time they get the chance. Whether it be a team member clicking a phishing link, unsecured employee passwords, leaving company devices lying around or using a restaurant’s WiFi network to do some work during lunch – the possibilities of human slip-ups are endless.
We believe that cybersecurity is everyone’s job, which means every person in your company should be tuned in to how cybercriminals can infiltrate a company and how they can work towards prevention. Here are a few ways you can do this:
- Regularly research new ways hackers are attacking companies;
- Arrange frequent, company-wide training on what you have found;
- Ensure that each employee is savvy on password security and phishing emails/text/voicemails;
- Enforce frequent password changes;
- Have a strict “no unsecured networks policy” or require all work devices to only be used in the office.
- Send phishing attempt test emails to all your employees.
Companies are responsible for keeping themselves wise to the world of hackers if they want to prevent a data breach or cyberattack—using existing, trusted software and apps to thwart assaults on your business is essential.
Keeping companies and individuals safe from cyberattacks makes us proud of the YEO Messaging app. By implementing unique features such as our patented facial recognition technology (otherwise known as YEO Mode), incorporating Geofencing, Burn-After-Reading and always-on encryption, we know that private communications stay just that. These features make it impossible to be scammed, hinder phishing attacks, and keep confidential communications in their appropriate environment.
Ready to give YEO a go and see how it can keep your confidential company communications wholly secured? Download it on the AppStore or Google Play here.