What your employees need to know about cybersecurity

10/20/2024

THE THREAT IS REAL

Cybercriminals have the advantage

 

Businesses are faced with a continually evolving enemy: cybercriminals. While you have to plug and re-plug every possible hole in your security wall, day after day, cybercriminals only need to break through once. The digital landscape is growing every day. While you pursue efficiency and productivity by adopting the Internet of Things (IoT) and AI, your enemy sees them as just another entry point for cyberattacks.

 

What might these attacks look like?

 

Here is a look at some of the most egregious data breaches reported so far in 2024.

 

Tencent

In August 2024, a hacker named Fenice exposed the personal information of 1.4 billion Tencent user accounts, including sensitive data like emails, phone numbers, and QQ IDs. 

 

Change Healthcare

In February 2024, a ransomware attack compromised the personal information of millions of people. This included names, addresses, Social Security numbers, and medical records. 

 

AT&T

AT&T launched an investigation to contain malware after a data breach that could lead to multiple class action lawsuits. 

 

American Express

In March 2024, American Express revealed that a cybersecurity incident impacted a third-party merchant processor. 

 

Dropbox

Attackers breached the Dropbox Sign production environment and accessed customer personal and authentication information. 

 

Medical Informatics Engineering (MIE)

Cybercriminals accessed one of MIE's servers and maintained undetected access for 19 days. 

 

National Public Data

In August 2024, National Public Data disclosed a data breach involving nearly every American's Social Security numbers.

 

$9.44 million is the average cost

 

According to IBM's Cost of a Data Breach report, 83% of companies will experience a data breach, sometimes more than once. The average cost of a data breach in the U.S. has now risen to $9.44 million—over $5 million more than the global average.

 

Ransomware & Social Engineering

 

According to an article in Teampassword, “Ransomware is a type of malware that prevents you from accessing your critical data. Cybercriminals typically gain access through phishing scams, demanding a ransom to restore access. In 2022, there were 493.33 million ransomware attacks globally. Ransomware is just one of many social engineering tactics, including baiting, vishing (voice phishing), and pretexting. These methods are dangerous because they deceive employees into divulging sensitive information.”

 

How can you protect your business?

 

Best Practices:

 

1. Strong passwords. Should be at least 12 characters long and include upper and lowercase letters, special characters, and numbers. NO BIRTHDAYS, ANNIVERSARIES, PET NAMES, etc. Also, avoid recycling or using the same password for different sites, etc.

2. Use a password manager. Your employees cannot be expected to keep track of multiple, complex passwords. Without a password manager, they will resort to their old ways of using the same password for multiple sites.

3. Never share unencrypted passwords. This is often done via email, text, etc. The problem for you is that these systems can be easily hacked.

4. Work in the office. It may be tempting to bring your laptop to the coffee shop and catch up on work over a latte and muffin, but public Wi-Fi is notoriously vulnerable to man-in-the-middle attacks.

5. Multi-Factor Authentication (MFA). According to Microsoft, the implementation of MFA prevents 99.9% of attacks on accounts.

6. Phishing. It’s critical to train your employees on how to spot these attacks. Basically, if any email looks remotely suspicious, delete it. It is a good idea to take a screen shot of the suspicious email, and show it to your IT representative.

7. Tech updates. These are important because many tech updates include security patches.

8. Virus protection. Your employees must be instructed to implement and update virus protection on all devices that may be used to access company data.

9. Remote employees. Your remote employees must also implement all of the above steps. Your IT department should routinely log in to their devices and ensure that all the appropriate protections are in place.

 

Where to focus

 

According to a recent article by SCORE, every business should have three areas of focus regarding cybersecurity:

  • Data Protection: Implement advanced encryption and data protection protocols to safeguard sensitive information.
  • Employee Training: Regular cybersecurity training for employees can help prevent breaches caused by human error.
  • Incident Response: Develop and regularly update an incident response plan to quickly address and mitigate any security breaches.

 

How can ASN help?

 

If you would like to discuss any concerns you have regarding cybersecurity, we would love to help. Not only do we use robust, up-to-date cybersecurity procedures to protect our client’s data, but we can also review your in-house program and make recommendations as to how you can improve your odds against a cyberattack. Just give us a call – we would love to talk.