Thursday, May 5, 2016 7:28 pm, Posted by Absolute Destruction
Symantec, the organization behind Norton Anti-Virus and the world leader of cyber security, published a discouraging report recently. In what they call the 2016 Internet Security Threat Report (ISTR), Symantec analyzed the incidences of online security breaches occurring in the previous year. According to their research, 500 million online identities were either stolen or exposed in 2015. And that was only the tip of the iceberg. Their study suggests that companies have underreported the full extent of their data breaches, so the exact number of compromised files and identities is unknown.
Even with some companies’ failure to register their breaches, the reports have increased by 23% since 2014, jumping from 348 identities to 429. The report indicates this raising statistic is due to incomplete website security, targeted phishing campaigns, and the increased use of randsomeware. It’s evident that cyber thieves are ramping up their game, learning new methods to exploit weaknesses in security and bait unsuspecting individuals. As hackers refine their skills, it only makes sense to upgrade your business’ methods of protection. Without evolving along with changing threats, your company will join the ranks of those breached businesses.
In this day and age, it’s rare for a business to operate without having a presence online. Regardless of your industry, it’s likely you have a website, a Google+ page, and profiles on various social media sites like Facebook, Twitter, and LinkedIn. While your Facebook profile (as an example) is protected by Facebook’s security measures, your website is entirely your own responsibility. A well-designed, user-friendly, and protected website can be expensive, but it’s worth the cost. Don’t cut corners when you create, upgrade, and maintain your site. According to the ISTR, three quarters of all websites are vulnerable to cyber-attacks, which cybercriminals take advantage of to infect and steal from the website’s users.
Get your IT department and website admin to beef up your security, and remember this applies to all websites – not just yours. Alert your employees to take care when they use company computers to access the Internet. Inform them of what constitutes a safe website (like verified site certificates, Secure Socket Layers, and firewalls) and where to find this information.
A memo regarding this won’t be enough, as most people will only skim the contents and not absorb the information. We suggest scheduling an online security tutorial for your entire company, so you can go over the facts, the consequences, and the defence against cyberscams. With enough time devoted to this training, you can also teach your employees how to identify and avoid phishing campaigns. These can appear as emails from trusted sources (or even upper-management), and they will ask for the targeted employee to release confidential information like usernames, passwords, and other data.
In a similar vein to phishing emails, you should warn your staff against ransomware viruses. These appear as attachments in emails that, should they be downloaded, can encrypt all of the files on the user’s computers. This software is incredibly advanced, and the only way to crack it is to pay the malware operator’s ransom. Knowing they’ve got you, these cyber criminals can ask for a high price.
We can agree that’s easier (and cheaper) to spend the time and money on proper education, so your employees are less likely to expose the company to threat. If you employ a BYOD (Bring Your Own Device) policy at your company, it’s also a good idea to remind your staff on the safe way to handle their tech. Limit the files that they can store on these devices, and enforce personalized password encryption on every gadget. Whenever you know your employees are upgrading their tech for newer models, schedule our electronic data destruction services. We can provide secured containers for you to collect their discarded devices until you have amassed enough for our mobile shredders to destroy. It doesn’t matter if that takes a few weeks or a few months; you can call us and schedule an appointment.
An educated staff is a protected one. When employees know how to avoid the biggest threats to online security, you can shield your company and avoid becoming a statistic in the next IRTC.