Are cybersecurity risks keeping you up at night? Did you know the greatest cybersecurity risk in your company is the person who sits behind the keyboard? In fact, 90% or more of successful cyberattacks are caused by human error.
Here’s how easily it can happen:
It’s been a long day. One more email and you’re done. It’s an email from Microsoft asking you to click immediately to repair an email issue. Fine. You click and the link opens a login screen. There’s a Microsoft logo at the top, so you enter your username and password. Nothing happens. Oh well. You decide to go home and call tech support in the morning.
Scenarios like this play out across businesses in Cleveland and throughout the country every day.
It seems harmless at first, except that the email wasn't really from Microsoft. It was from a cybercriminal who then takes over your email. From there, "you" send emails to all your contacts so the cybercriminal can try to collect more usernames and passwords.
With a little bit more attention, you might have been able to spot the email as suspicious. Cybercriminals rely on our short attention spans and willingness to click.
Becoming a cyberattack victim can have destructive effects on your business. It’s worth the investment to develop a strong cybersecurity approach. This includes acknowledging the threat, understanding your risks, and managing your risks by implementing the right tech tools and staff training.
The good news is there’s a lot you can do to help stop cybersecurity risks from keeping you up at night.
Acknowledge the Real Threat
Smaller companies often don’t see themselves as targets. As a result, they don’t invest in cybersecurity tools or staff training. Their networks are easier to access and more vulnerable to attack. You wouldn’t leave your physical office unlocked all the time, so don’t leave your network unsecured.
If you use the internet, your company faces cybersecurity risks. It’s just that simple. No business is too small (or too large) to be a target.
Everyone has information that can be sold or otherwise exploited on the web.
6 Common Cybersecurity Risks
Hacking doesn’t magically happen on its own. A combination of strong technical tools can block a wide variety of threats, but nothing is foolproof. So, cybercriminals have learned to trick us to get what they want.
Let’s look at six common cybersecurity risks:
Clicking on Links in Phishing Emails – These emails may look like they’re from legitimate sources and often include logos. They’re actually designed to deposit malware or trick you into entering your username and password. They use credential theft to try to get access to lucrative spots like banking websites. If you click on a suspicious email, you could also become a victim of ransomware or other malware.
Responding to Spear Phishing Emails - These can be harder to spot because they don’t necessarily want you to click on anything. In a spear phishing attack, the goal is to trick you into sharing information. Spear phishers often target human resources or financial people with very convincing requests that appear to come from “real” email addresses. Be careful.
Visiting Dangerous Websites – Websites can be infected with ads that look legitimate. But if you click, the ad can deposit malware on your machine. Infected websites can also steal power from your computer, which is known as cryptojacking.
Responding to Fake Support Pop-Ups – A pop-up appears on your screen with a message from Microsoft. It tells you to call the number shown to get help. You panic and call. The person on the other end asks for your Microsoft username and password. Don’t give it. Instead, hang up and call your IT support team.
Working Remotely and Using Public Wi-Fi – When you use public wi-fi anywhere, you expose your machine to bad actors. Your machine can become infected and you won’t know it. When you return to the office and plug it in to your network, you’ve bypassed all the technical security tools meant to keep cybercriminals out. Anything cybercriminals deposited on your machine can then spread to your entire network.
Using and Sharing Weak Passwords – Until your computer can recognize your face or fingerprint, we still need passwords. Make sure you create strong passwords and don’t share them. Don’t write them down on a sticky note and put on the back of the keyboard, either.
Everyone who uses a computer faces the same risks. So, everyone needs to be smart about their behavior online. (And don’t click!)
Managing Cybersecurity Risks
To manage cybersecurity risks, take a three-pronged approach: assess your risk, implement the appropriate technical tools, and put the right procedures and training in place for your staff.
Creating a cybersecurity risk management plan is essential. As with any risk assessment, you’ll evaluate your threats and vulnerabilities along with the likelihood and impact of any cyberattack. This can be time-consuming, but it’s important. Your planning will help you determine your next steps.
There are technical tools you should have in place. If you’re in a regulated environment, many of these are mandatory. If not, deploy as many tools as you can. The goal is to “lock the door” and block as many intrusions as possible. That way, there are fewer human judgments to make.
Cybersecurity Technical Tools
- Managed firewall to act as your first line of defense against internet security threats
- Managed anti-virus and anti-malware to help block malicious code that might enter from inside or outside the network
- Regular patching to fix Windows vulnerabilities
- Reliable backup in case you need to restore a file or your entire network
- Two-factor authentication so that if your username and password are stolen, cybercriminals still don’t have the second authentication code for access
- Machine encryption so if your device is stolen a criminal can’t access the data
- IP blockers to keep users from unknowingly clicking on known dangerous websites
- Password management software so you don’t have to write down all your passwords
You’re not finished when you deploy technical tools. Since we know human error causes most breaches, you’ll want to implement procedures to educate your staff. Cybersecurity procedures include:
- IT user policies so everyone understands what’s expected when using technology
- Ongoing cybersecurity staff training to help create a “human firewall” and prevent careless clicks
- Immediately removing former employees from network access (just in case)
- Properly disposing of old equipment so old hard drives containing data don’t fall into the wrong hands
Work with an IT services provider that specializes in small businesses to help you put all the right elements in place. A specialist will offer the right technology to match your business goals, provide responsive support, and offer peer-to-peer advice. They’ll make sure that every dollar you spend today supports a long-range goal to help protect your business from cybersecurity risks.
With the proper tools and training, here’s how our story might end differently:
It’s been a long day. One more email and you’re done. It’s an email from Microsoft asking you to click immediately to repair an email issue. But your email is working fine. You double-check the sender’s address and it isn’t from Microsoft. Not even close. The logo doesn’t trick you. You delete the email. Time to go home. You’ll sleep well tonight.
If you’d like to know more about how CRU Solutions can help keep your business safer, contact us.