The biggest cyber security risks for every business
Due to an enormous increase in cyber attacks and cyber security risks, the topic of digital security has come to the front of many businesses’ minds. Businesses of all types, sizes and industries are being attacked mainly due to a lack of preparation and organisational security awareness.
But what are the weakest links for most businesses when it comes to cyber security risks?
The number 1 weak link for businesses when it comes to cyber security risks — by a long, long shot — is their own people.
From falling for phishing emails, and clicking on links or downloading documents that turn out to be malware, to being a victim of business email compromise (BEC) scams that end up losing the company a lot of money, employees are a company’s greatest liability when it comes to cyber security.
Tackling this problem can be difficult for employers: simply getting rid of employees isn’t an option when you need them to run your business! Educating employees on cyber risks is a key step, but this does require resources, and the participation and full buy-in of employees. This may sometimes be a mammoth challenge, as employees who have “always” done things a certain way may be reluctant to change.
Change is the key word. A simple change in the way they work can make all the difference needed in order to safeguard the company.
However, it is key for businesses that employees understand the risks that poor cyber security practices present for the business. It could even impact themselves personally, too. Nobody is indemnified from any cyber risk.
In many cases, people are the weakest link in a business’ cyber security.
Ensure that any accounts associated with your business are secured by a strong password, and two-factor authentication (2FA), if possible. Underline to all those working in the business that they must not reuse passwords from other online accounts for any of their work accounts. You can make it part of your IT policy that employees have to change their passwords every 30 or 60 days, although the effectiveness of this approach has been debated.
YDOX will soon have a third level of authentication with its facial recognition technology which will make it impossible for anyone to gain access to a certain file or folder if it is not the intended recipient.
The importance of keeping software updates current is critical as many software updates include security feature updates. Many attacks spreading world wide are exploiting a critical vulnerability in the Windows operating system known as Eternal Blue. Eternal Blue allows the malware to spread within corporate networks without any user interaction, making these outbreaks particularly virulent & detrimental to any organisation.
Other companies — the weakest links
A problem that many businesses encounter in the current business climate is that it is not just their cyber security practices that they have to worry about: they also have to worry about the cyber security protocols of other businesses they work with.
Your company may have stringent cyber security practices implemented, but if a third party your company deals with is compromised, then attackers could potentially gain access to your network.
I was recently involved in as a technical advisor on a case where an email containing an invoice for a very large amount got intercepted – “phished”. The bank account details on the invoice was changed to that of the hackers and the email was delivered to the recipient with the edited invoice. The recipient unknowing of what was happening, paid the invoice in full.
Needles to say, the money was lost and a lot of damage was caused both financially and reputation-ally. By not using a tool like ydox to prevent such a situation, they were attacked despite their own internal security measures.
Network segmentation, or dedicated servers that vendors can use so that they do not connect directly into your company’s network, can help safeguard against weak links in third parties’ cyber security. If that isn’t possible, it is wise to at the very least have a conversation with potential vendors before doing business with them to ensure they take cyber security seriously, and have appropriate practices in place.
BYOD — bringing in trouble
BYOD (Bring Your Own Device) is an increasingly popular practice that many businesses are embracing: convenience and flexibility are the main reasons. If employees bring in their own devices they can also take them home, or traveling, allowing them to work from places other than the office. Allowing employees to bring their own devices to work can present its own problems.
However, some businesses embrace BYOD without fully considering the security risks that it may present. Employees’ personal devices are unlikely to have the same level of security as corporate devices, and may be significantly easier for hackers to compromise. Companies that allow BYOD should ensure they have a strict BYOD policy in place that they ensure all employees follow.
Steps such as only allowing access to company networks through a virtual private network (VPN), and ensuring employees implement 2FA on all their accounts are definite steps that should be included in such a policy.
As with so many of the issues mentioned on this list, employee education is key: employees need to understand what good cyber security practices are, and the potential consequences for the company if they are not followed.
ydox was built specifically to address and mitigate the cyber security risks mentioned above
ydox is a secure cloud based file management system with 3 levels of encryption and user authentication in place. Aside from the security it is also highly convenient to manage your files with ydox. It can be accessed from any device, anywhere in the world. You can share critical or sensitive files with third party stakeholders without the file leaving the secure environment of ydox.
Your standard office files like Word Excel and Powerpoint can be created and edited within ydox, providing a end-to-end secure home for your files. The detailed user activity log provides deep level audit trails in order to track and stay on top of any possible human errors. Every version of a file gets stored and backed up, so file versioning gives you access to previous file versions when something goes wrong – again ruling out the human factor. A small change in the way companies work with files will make ydox very successful in implementing and maintaining security measurements when it comes to file management
Take the small step and get your business on ydox, the benefits are endless and the risk mitigation is high. The sweetener on top of everything is this; you can brand ydox with your company’s brand – end to end.
by Carl Wallace | CEO of Digital HQ