Adrian Jones, CEO of Swivel Secure
Protecting against online threats is vital for everyone, but it’s different for businesses. These aren’t traditional ransomware attacks, or email phishing scams carried out by people at home trying to make easy money. Business hacks are calculated.
People that target businesses are often looking to steal specific information. In the most extreme cases, these hackers are externally-funded, giving them the time and money they need to ensure their efforts are successful. Hacking is a full-time job for them.
We only have to look at the recent news that Yahoo received a hearty fine by the UK Information Commissioner's Office over a data breach affecting more than 500 million users to realise the impact of sensitive customer information, including names, emails, unencrypted security questions and answers being stolen.
It’s not just global attacks on such large businesses that are a threat. Smaller businesses and self-employed people are also a big target for hackers on a daily basis.
SME’s often feel that maintaining the same level of security of large corporations is impossible, due to their large budgets and dedicated cybersecurity teams.
However, the majority of hackers prey on those too busy to stay up to date with best practice for staying safe online, leaving them as prime targets and entry points for hacks.
Here we’re going to look at the common day-to-day threats to businesses of any size online, and what you need to do to make sure your company is kept safe.
Information worth stealing
According to some economists, oil is no longer worth more than gold, but data now leads the way. Therefore, business information has become extremely precious to the right people.
Where traditional online hacks might look to steal credit card information or personal details - business hackers are after more substantial data. From financial to customer interaction, data- sensitive client information is in high demand.
This is why many hacking operations targeting businesses have so much time, money and resources invested into them - because the reward of acquiring private data is huge. Many state-funded hacking groups work on stealing business information as a full-time job - ready to pounce on opportunities with the latest technologies.
These hackers don’t attempt a breach, then move on to the next target if they fail. It’s their job to make sure they get the data. If they fail a login attempt on a website and get suspended from the account, they simply create a new identity and try again.
It’s important for any organisation to make sure no one other than authorised users can access private information. Two-factor Authentication (2FA) solutions require users to provide a password, plus a one-time code to log-in to a platform - meaning their data can’t be stolen or replicated.
Busy staff don’t always have the time to learn cybersecurity best practice. Employees working in departments such as planning, finance, human resources and the administration staff that support them, have intense workloads - so it’s important they can work quickly and efficiently, without compromising their safety online.
It’s thought that as many as 95% of successful online hacks come down to human error. Mistakes are made by those who aren’t educated in online risks and can’t spot threats to their data. Sometimes it’s not a lack of knowledge, but a problem with relying solely on human performance. Even the most educated person can make mistakes that cause huge data breaches.
Organisations need to limit the risk of human error as much as possible such as staff reusing simple passwords that can be stolen using brute force attacks. An alternative precaution is the principle of least privilege - which suggests that users should only be able to access the areas of a network that they need, rather than all staff having access to everything.
Limiting what different users can access means that if someone clicks through a malware link, or their account becomes compromised, the infiltrator can’t hack into applications they are unauthorised to access.
With agile hotdesking a large part of many people’s roles, it’s important to secure your network when you have staff logging on from multiple devices at all times. Staff need to be able to access their files from anywhere, but they can’t risk the same files becoming accessed by unauthorised users.
Tokenless 2FA solutions can prevent security risks by authenticating the user every time they log-in from a different device. Staff can put 2FA software on their phones, and use the solution to generate a new one-time code every time they want to access the network using a different device.
Securing your network with 2FA software gives staff the freedom to use a hot desk working environment - without leaving private data open to hackers.
To increase flexibility for employees accessing their applications through different devices, 2FA systems should be licensed for each user. Users can have multiple tokens active under one license. This helps to improve uptake when implementing change and rolling out the deployment.
Third party access
It’s not just your workers that can spark network access risks. Third party users like clients and external healthcare advisors may need to access a local network - and it’s more difficult to regulate the security of people logging on externally from different devices.
IT staff do not have the time to assess and verify every log-in attempt when staff numbers are in the thousands. Where possible, businesses should invest in Risk-Based Authentication (RBA) solutions that let you set up automatic verification of users based on things like their location, IP address and more.
This automates and therefore reduces the workload away from the IT desk without compromising network security.
Watering hole attacks
Popular sites that drive a lot of traffic from certain groups within your business are often targeted by hackers. It’s called a watering hole attack because it mirrors predators waiting for prey when they fetch water.
Eventually, someone will click through a malicious link and become infected with malware, giving hackers access to their account information and potentially letting them move horizontally through the network.
IT staff need to make sure their colleagues aren’t accessing compromised websites from their network. Setting up a web filtering solution is one way to stay on top of potentially harmful sites. The filter constantly updates with sites that have been flagged as compromised or dangerous, and blocks users from accessing them from their network.
Keeping the work process efficient
Staff need to focus on their primary role, and online security is often an afterthought. Time-stretched staff need working practices to be as efficient as possible. This includes familiarisation and efficiency within their primary applications and platforms, and not having to spend extra time on additional concerns like online safety.
Secure solutions should fit into current working practices seamlessly. This way, staff can work how they choose, without their working patterns leaving the network open to attacks.
Recent high-profile business cases show us the startling consequences of a successful attack. Big corporations can hold millions of people’s data, sensitive confidential information and more - which can be incredibly costly if they end up in the wrong hands.
It’s a challenge to secure networks in an industry where staff need to access information at all times, and from multiple devices. So, our business partners need to find a solution that integrates with how they already work, and with minimal disruption.
Our BQ Bulletin emails will land in your inbox at 7.30am, Monday to Friday, with a mix of the latest local business news, national news, and features to inspire you. Sign up here!
Click here to read our privacy statement