The levels of cybersecurity: why the stakes are higher than ever before
A cyberattack to an individual can lead to major consequences for a company as a whole. With cyberattacks increasing, it's crucial for businesses to educate employees on proper safety.Posted — Updated
As technology becomes more ubiquitous across the world, so does the risk of a cybersecurity attack. From phishing schemes to ransomware, bad actors are capitalizing on security flaws at every level of companies, exposing data and gaining access to sensitive information.
With more data held online and in the cloud than ever before, the consequences for not protecting your information and properly educating users are dire.
"There are really four categories of cybersecurity readiness at an organization, and unfortunately most of the people who come to us fall into the first two. The first is passive — where the organization, IT team and leadership team are doing the bare minimum around industry standards to protect their network. There's also the reactive approach, which means a little bit more leadership from the team, but they review their security measures sporadically, maybe three or four times a year," said Brian Baker, a senior cloud solutions consultant at RapidScale, a managed cloud services provider.
"The best organizations are taking advantage of these last two buckets, which are 'proactive' and 'progressive.' With the proactive approach, the leadership team understands the real dangers of cyber security. Data security policy and procedure reviews occur monthly. The progressive approach is even stronger. There is deep C-suite involvement in setting and maintaining data security measures in an ongoing fashion," said Baker. "The organization's stance is that it is under constant attack and it utilizes advanced security technologies like encryption, tokenization, and multi-factor authentication to protect the business. Usually these organizations leverage outside vendors to support their IT team with security audits, awareness training and implementing policies."
Even the smallest information leak can have surprising consequences.
"Recently there was a grocery store chain that had a data breach, and you might think as an end-user that you don't really care if somebody has your name and address. But actually, that's one-half to two-thirds of what they need to steal your complete identity — and they can get the rest typically through social media interactions or phishing attacks," said Duane Barnes, vice president and general manager at RapidScale. "In order to protect your information, you need to have complex passwords, not something like your dog's name or your birthday. We strongly recommend a password generator, then a tool to store those passwords. Most end-users want to use the same password for their bank, their insurance, their loans and so on — so it's really not hard to figure out how to cross-pollinate from there."
Employees working from home have added another layer to cybersecurity threats. With more employees using their own networks or even public wifi, they may be unknowingly exposing company information to potential attacks.
Not only does this affect individual employees, but it also has a lasting effect on the reputation of the company.
"We had a customer maybe a year and a half ago, and a payroll file that contained all their employees' names, addresses, social security, numbers, and more that they suspected was lost in a phishing attack — because effectively, the phishing attack gives the hacker access to your email, and oftentimes your entire computer," said Barnes. "In this case, it was an HR payroll person's accounting computer. A few months later, about 20 or so employees had income tax returns filed on their behalf by the hacker, then they redirected those funds offshore and into accounts where they could get the money back."
"All this had resulted in months of headaches, employee claims and insurance claims and trying to try to make it right," he finished. "Ultimately it's a huge risk to the company's image, their brand and their ability to attract employees."
According to Barnes, one of the best ways to protect your company is as simple as educating employees on how to deal with threats and increasing password security. Many companies now require two-factor authentication, as well as password changes every 90 days. Additionally, companies like RapidScale can conduct seminars and exercises that test employees' knowledge of cybersecurity.
While cybersecurity insurance is also an option, there are certain stipulations that may interfere with coverage, like no coverage for employees working from home. According to Barnes, a careful review of your policy is key, as well as taking logical first steps for protection.
"In security training, they tell you to start with the front door — and they literally mean that. Before the cloud, people used to have a closet in their office with a couple of servers, and that's where all of their stuff was, and physical theft was a big issue. Now, multi-factor authentication and changing passwords is a way to lock the front door," said Barnes. "What we see frequently happen in smaller businesses is they pay somebody to come set up all their IT, but they don't pay for the ongoing maintenance of it. It's like buying a house and never changing the air filters or doing any repairs, and you wonder why it's falling apart."
For Baker, cyber attacks aren't slowing down anytime soon — and they'll likely continue to grow.
Since any threat to an employee can also wreak havoc on a company as a whole, it's important to make cybersecurity a key component of your company culture.
"I've been doing this for 25 years and when I look back, technology just wasn't an integral part of every single user's day back then. Now there's been a total 180-degree shift, and one of the most important positions in the company is to protect the business and make sure that folks are safe," said Baker. "One of the reasons it has become so dangerous for organizations is because one bad actor could shut a business down — and all of these ransomware attacks are not slowing down. They're going faster, and they're more frequent, and even if you have insurance, a loss of revenue could severely affect your position in the marketplace."
Copyright 2023 by Capitol Broadcasting Company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.