In today’s business world, taking your organization online is no longer optional but mandatory. Although the internet provides your business with countless opportunities to grow, advertise, and reach new customers, it can also expose your company to a new threat: cyber crime. Modern cyber criminals can exploit your company’s vulnerabilities to break in and steal valuable information or damage your business.
In this blog, we’ll go over the five most commonly overlooked cyber crime vulnerabilities your business faces and provide you with tips on how you can better protect your organization.
1. Employees clicking on malicious links or downloading infected files
When most business owners think of cybercrime, they often imagine an external hacker trying to break into the company’s network. In reality, one of the most common yet overlooked cyber crime vulnerabilities your business might be facing is its own employees.
Employees clicking on malicious links or downloading infected files can expose your business by giving cyber criminals easy entry into your internal network. From there, they can steal your business’ or customers’ data, damage digital assets, and disrupt your business operations, often without you knowing it’s happening.
Proposed Tips:
The best and most cost-effective way to prevent your employees from exposing your business is by informing them on common tactics cyber criminals use, and educating them on employable measures to ensure they don’t fall prey to these tactics. Recurring seminars, test spam emails, and ongoing feedback, are important to keep these threats top-of-mind for all staff.
There are many 3rd party email security programs that can help filter incoming emails for spam and malicious links/attachments. It is however important to select a 3rd party program that is compatible with your company’s email platform. Some email platforms, such as Microsoft’s Exchange already comes with basic spam filtering.
2. Unsecured Wi-Fi networks
Wi-Fi networks are meant to be a convenient way for people to connect to the internet with their devices. But for hackers, Wi-Fi networks are a convenient way to access vulnerable devices/networks and gain entry to companies’ internal networks, for exploitation purposes. If unsecured, Wi-Fi networks are vulnerable and can be accessed by anyone with any device. Moreover, tracking activity and discerning malicious behaviour from regular activity can be difficult and resource-intensive. By the time a hacker has been identified on a network, it may already be too late.
Proposed Tips:
The first step is to secure your Wi-Fi network with a robust password that only company staff know. It is best practice to also change this password frequently, e.g. annually or semi-annually. If guests are often connecting to Wi-Fi, it is best to create a secondary Wi-Fi network with limited connectivity to the greater company network, and only share this secondary network with guests and non-staff.
A network firewall would also bolster your network security, and can most likely be implemented by your internet service provider, but also available by licensed 3rd party providers. A firewall will be able to stop or mitigate unauthorized access to your company network, and will often have features to customize the type/amount of restrictions for users entering your network.
3. Poor password management
It is common for people to use identical passwords for multiple online logins. While convenient, it places your multiple accounts at a higher risk for exploitation. This is a contributing factor that leads to hacked employee logins being one of the most common ways businesses get exposed to cyber crime. Therefore, ensuring good password management among employees is an effective way to protect against potential cyber crime, and is also a relatively easy and cheap solution.
Proposed Tips:
Although there’s no way to completely protect against an employee’s password being exposed, there are some steps you can take to make it harder for hackers to access their credentials.
It is good practice to have password requirements (e.g. numbers, special characters, etc.) for employee logins. The more complex, the harder it is for hackers to crack it using computer programs. Random password generators are good tools to create complex and hard-to-guess passwords. In addition, ensure that different logins for internal programs (e.g. server, email, etc.) have different passwords that are also different from personal passwords.
GIven the prevalence of working-from-home, it is also important to have an additional security layer for staff entering work networks in more uncontrolled IT environments. If company laptops are distributed, ensure this hardware is password protected with device encryption enabled. Multi-Factor Authentication (MFA) is a recommended security measure as an extra verification step for network access outside the office.
4. Inadequate security
In the world of cyber crime, there are four vulnerabilities that hackers can use to access your business:
- Human Vulnerabilities: Employees accidentally or purposefully allow hackers access to your business.
- Operating System Vulnerabilities: If your business relies on a certain software or operating system to function, hackers who breach it can gain access to other systems in your organization.
- Network Vulnerabilities: Networks like Wi-Fi or your company’s intranet can get hacked and used by hackers to access your company’s employees or information.
- Process Vulnerabilities: Your business processes and operations may create unintentional network vulnerabilities, e.g. 3rd party network access, or unsecured login info on desk.
Any of these vulnerabilities – or a combination of several – can be used by attackers to infiltrate your business network and harm your organization.
Proposed Tips:
A good start to check for system vulnerabilities on a holistic business level, is by running a systems penetration test. A penetration test, typically administered by a 3rd party, simulates multiple attacks on your network systems to reveal major vulnerabilities. With this information, you can more strategically implement measures to address these areas.
All businesses should have basic security software running on their internal network environment to run scheduled system scans but to also monitor for suspicious behaviour and activity. There is a wide range of options in terms of features and pricing, so you’re able to select what works best for your business needs and budget.
5. Outdated software and operating systems
Many new business software and operating systems have built-in defences to protect against modern cybercrime techniques. However, many of today’s businesses still use old operating systems or software for their affordability, ease of use, or they just haven’t got around to installing the update. Old software that is not up to date, can open up vulnerabilities for present-day hackers.
Proposed Tips:
Always ensure that your business is updating its software regularly and not falling behind by staying on older versions of programs and operating systems. Updates may address potential security vulnerabilities, include more robust security measures, all in addition to potential process updates that allow for more efficient workflows for your employees.
Be aware of how different programs will notify your business of released updates, and whether automatic updates are enabled, or manual updating is required. Some updates take longer than others, and require a certain amount of business down-time, so it’s important to be aware of this, to inform relevant staff, and to manage your business operations accordingly.
Conclusion
Even with implementing all these tips, it’s important there is someone dedicated to managing your company’s IT affairs on an ongoing basis, may it be a full-time employee or a Managed Service Provider (MSP). All these measures should be taken into account as part of a comprehensive security framework for your business, consisting of multiple security layers in various areas of your business.
However, regardless of the amount of measures or programs, there’s always a chance that bad actors will find a way to penetrate and cause harm, especially as technology advances. That’s why Park Georgia Insurance offers business insurance with optional coverages for cyber crime and employee dishonesty. That way, you can add another layer of protection in case all your other IT measures fail.
Get peace of mind with Park Georgia Insurance. Click here to speak to an advisor today and learn about the Business Insurance options available to you.