Cyberattack. Hackers. Cybersecurity. Long gone are the days when these words conjured up images of anonymous creatures hunched over a keyboard in a dark room with mysterious green and white ciphers running across their black screens. With global digitization came new risks and dangers affecting companies large and small, individuals of all means. As of today, there are over 14 billion accounts and over 800 websites affected by cyberattacks. And those are just the identified ones. As cyber criminals develop new tools and techniques, it is imperative companies do not underestimate the scale of the impact one small vulnerability in their systems can cause. If large financial losses and reputational damage do not sound like a good time, below is a short list of things to consider when thinking about protecting your business.

Data Backup

Although backing up your data may seem quite obvious, it is a very important step in company’s cyber resilience as this will keep you one step ahead of cybercriminals if an attack were to occur. One of the most common attack tools in the bad actors’ arsenal are various strains of ransomware. After getting access to company’s systems (via phishing emails or malicious pop-ups, for instance), ransomware encrypts all the files it can access and deems them unusable. In order to regain access to an   key, the victim is required to pay a ransom demanded by attackers, that can range from a few thousand to millions of dollars. Reportedly, this year, the highest ransomware payment of $75 million went to the Dark Angels gang. The amount has beaten the highest reported ransomware payment of 2023 that came to a £37.8 million. It can get very expensive.

By backing up your data on an external device, another computer or the cloud, the criminals cannot use it for blackmail and extortion. Despite the unpleasant fact of the attack, the company will be able to get back to work quicker and will not need to worry about paying a ransom.

Up-to-date Software

Unfortunately, having a copy of your data is only useful if it has not been stolen prior encryption as this would pose a risk of said data being sold or exposed on the dark web. Therefore, the best method of protecting the company from unwanted guests is to ensure all possible safety measures are implemented. Again, it seems obvious, but it is vital that all software, both and not, is up to date and switched on. Always download the latest versions of software and, where possible, set everything to update automatically to avoid missing anything important. When downloading updates manually, ensure they come from an official source and are compatible with your hardware and operating systems. And always ensure that everything that should be on is on – antivirus, firewalls and VPNs will not save you if they are “tucked away in a drawer” when they should be actively running.

2FA and MFA

Two- or multiple-factor authentication is a great tool that can prevent criminals from being able to access internal systems and data. By requiring multiple forms of identification, the company ensures they know who is accessing protected information. While it may seem frustrating having to take extra steps when accessing your emails, files or VPN services, this can be imperative useless. The dark web provides a great selection of compromised accounts to fit any taste and budget with combolists consisting of emails and passwords being one of the most popular and accessible products of the cybercrime sphere. By requiring and external source of identity authentication, a correct email and password combination will only give a criminal a peace of mind that whoever sold it in the first place did not lie about authenticity. The more internal services require 2FA or MFA, the harder the system as a whole will become to breach.

Staff Training

As staff are usually the centre of operations in a company, it is imperative that enough time and resources is put into improving their knowledge of the cyber risks and how to protect themselves and the company. In the current data-driven age, this knowledge will be useful not only in the workplace but in the everyday life.

One click on a link embedded into a malicious email can cause disruptions affecting whole countries. For instance, one of the biggest known ransomware attacks is believed to be caused by one stolen employee password. Colonial Pipeline, the owner of a pipeline system carrying fuel from Texas to the Southeast in the US, suffered an attack in May 2021 that disrupted operations across the whole country for days resulting in massive financial losses. Not to mention a hefty ransomware payment of $4.4 million in bitcoin, of which only $2.3 million was successfully seized by the U.S. Department of Justice.

Although Colonial Pipeline is not the only example of damage done by one leaked password, it is a great example of the importance of staff training. Educating your employees on how to identify suspicious emails and applications, how to create strong passwords and change them regularly, how to update their software and use new security measures like 2FA ensures they are informed on best practices for cybersecurity.

Filtering

Although this is not a step that can be applied to all businesses, setting up filters on emails and websites that can be accessed from within the company can contain the risk of infection. Bad actors design emails and websites to look like official entities. Email filters scan sender’s identity, keywords, content and attachments to identify validity and potential threats. Blocking certain websites that are known for malicious pop-ups will reduce the risk of an accidental installation of malware. Filtering with addition of educated staff is a good starting point for a safe and secure cyberspace.

Conclusion

Unfortunately, there is no foolproof way to be fully protected from cyberthreats. Therefore, it is important to take all possible measures to minimise the risk and, if an attack were to happen, to be well prepared to deal with it with minimal damage. The above points are a decent starting point, however, it is important to remember that as protective tools expand and develop, so do the tools used by malicious actors. Cybersecurity is not a one-time effort, but an ongoing process of vigilance and adaptation. By making staying on top of latest cybersecurity trends a priority and investing in strong defensive mechanisms, there is a good chance that if a criminal knocks at your glass door, you will detect them quicker and have effective tools and procedures to act accordingly.

Reference List:

https://cypfer.com/how-can-i-protect-my-company-from-cyber-attacks/

https://www.ncsc.gov.uk/collection/small-business-guide

https://www.axios.com/2024/08/16/ransomware-payments-price-record

https://www.techtarget.com/searchsecurity/tip/The-biggest-ransomware-attacks-in-history

https://haveibeenpwned.com/

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.