Protect your business from cybercrime

By Ajay Singh

The shift to working from home has made businesses more vulnerable to data theft and fraud

The night shift to work from home due to the pandemic opened business systems to a variety of cyber risks. Office environments provide multiple levels of security, while users working remotely exposes systems to possible breaches and data breaches.

Hackers have found multiple ways to exploit weak IT infrastructure in employee homes to steal user credentials, using phishing scams to exploit people’s anxiety and desire for news and updates, and attacking online meeting platforms like Zoom. In this new scenario, organizations face the daunting task of identifying and closing potential security holes and eliminating or mitigating related cyber risks, even when grappling with business disruption. supply chain, manufacturing shutdowns and the economic impact of the COVID pandemic.

Indeed, the frequency and extent of cyber attacks increases. Indian government data shows Indian citizens, business and legal entities faced nearly seven lakh of cyberattacks through August of this year, a 175% increase over the same period last year .

So, most organizations have taken some basic steps like prohibiting employees from using company-supplied laptops / computers for personal use so that the devices are only used for work-related activities. Notices asking them to strictly follow company guidelines such as usage VPN (Virtual Private Network) to connect to the company’s information systems, using only trusted applications approved by the company, by changing their default home Wi-Fi passwords, by disabling access remotely and updating all operating systems, antivirus applications on computers and other devices used for office work, and not sharing meeting links publicly or through social media platforms also followed.

However, all of this is not enough. Businesses must go beyond the simple cyber hygiene. In the short term, in the midst of the pandemic, there are a few types of cyberattacks that businesses need to prepare for and protect themselves:

Ransomware


Ransomware is a type of malware intended to deny access to a computer system or data by encrypting the information and keeping it “captive” until a ransom is paid. According to reports, there was a 200% quarter-over-quarter increase in ransomware attacks in India between April and June 2020, with four new cases detected during that time. Spam emails loaded with malware or a link to a website that triggers a nuisance download are some of the methods used for ransomware deployment.

Protecting your systems from ransomware attacks involves fundamental aspects of cybersecurity, such as changing default passwords on all access points, training employees not to click on suspicious email links , maintaining up-to-date data backups without the use of USB drives, and updating all operating systems, applications and system software on time.

Phishing


Considered the leading cause of cyberattacks worldwide, phishing is a type of social engineering attack where the attacker attempts to steal sensitive information such as passwords, or trick people into installing software. malicious by appearing to be from a trustworthy source. Using multi-factor authentication and training employees to recognize phishing emails can help prevent a cyberattack.

Data leaks


This happens when classified information is passed from an organization’s systems to the outside world, intentionally or accidentally. This type of security incident can be damaging, costly, and time consuming to discover and repair.

Data leaks can be prevented in a number of ways by identifying and monitoring access and activity to critical data using solutions such as data loss prevention (DLP) or digital asset management (DAM). ) or both in tandem. These solutions enable the use of data encryption, control of your network, and the implementation of endpoint security measures to improve data security.

Trade-offs of professional emails


Hackers use various tricks to perpetrate cyber attacks, and companies should provide cyber security training and awareness to employees on this subject. In a recent case of business email compromise, cybercriminals forged emails to redirect a payment of Rs 62 lakh from a reputable cosmetics company, intended for one of its overseas suppliers, to their own. Bank accounts. Such attacks are on the increase and in a work from home scenario, where employees are not face to face asking for clarification, they can result in huge monetary losses.

A high degree of vigilance and situational awareness is required to prevent such attacks. In addition to being advised to be cautious and vigilant in the face of such attempts, companies should implement tighter controls to create a culture of safety.

Internal threats


One of the most underrated cyber threats is that of an insider causing data breaches through negligence or to deliberately harm the organization. In today’s work-from-home scenario, both possibilities are very real. For example, home workers may be momentarily distracted and make mistakes, while disgruntled employees who have been fired may deliberately compromise information security.

To avoid this, organizations may need to increase monitoring of user behavior, implement segregation of duties, and follow an access principle that offers the least privilege only to the extent necessary to perform the job.

Cyber ​​threats are constantly evolving and long-term measures are needed to combat them. Organizations will continue to be the target of, and likely to be, cyber attacks. It is up to leaders to actively develop protocols, controls and policy guidelines that can address cyber risks and protect their data even as we move forward in a new way of working.

– Author of CyberStrong: A Primer on Cyber ​​Risk Management for Business Managers (SAGE Publications India)


Source link

James F. So