imageAlt

Businesses: The Main Targets of Cybercrime

Businesses are the engines of economic growth and innovation. But they are also targets for cybercriminals intent on stealing valuable data. It might be staff records with social security numbers and salary details, banking and payment data, or customer account information.

Security: Knowledge & Software

A key part of the challenge is to have a fully secure IT infrastructure in place. It’s just as important to also ensure employees understand the true risks posed by data breaches or ransomware attacks.

This 17-step security health check takes you through each security topic to help IT teams and business owners understand the current security risks and bring light to topics you may not be aware of yet.

Often one of the biggest issues is awareness. Although IT leaders and security professionals are well aware of the impact of a breach, the flow of information to employees across a business can be more difficult. For smaller businesses, even owners and managers are sometimes unaware of the threats, and therefore little will – or can – be done to mitigate them. SMBs’ areas of expertise are rarely that of internet security, so it is no surprise that it isn’t always front of mind. It’s more important than ever to protect devices no matter what type of device, where employees connect, or what time zone they’re in. Business can be done anywhere, anytime – which means that a cyberattack can also happen at any moment. How vulnerable are the devices in your organization?FIND OUT

As an IT manager, business owner, or cyber security consultant, are you aware of the following threats that could be leaving the business devices you manage open to attack?
  • Company policy – failure to wipe/cleanse company devices, weak passwords, unrestricted bring your own device (BYOD) policy, widespread access to data
  • Compliance – lack of knowledge of data law and breaches, risks from non-compliant partners and vendors
  • Employee knowledge – no training on passwords, public Wi-Fi, or software protection
  • IT infrastructure – out-dated operating systems, no firewalls or antivirus, unsecure email services, no encryption for hardware, large numbers of devices with server access

It may be that you’re addressing some of this, but one weak link is all it takes to cause a breach. For example, if one of your employees uses unsecured public wi-fi in a café on a device they use to access private or sensitive company data, hackers may be able to use this as a point of entry into the wider company network. This can give them access to hard drives, devices/endpoints and software, allowing them to steal or leak data, or stage ransomware attacks.

Threats to your business:

  • Staff computing devices
    • Cybercriminals try to get employees to install spyware, adware, malware or viruses to their computing devices – from tablets and mobiles to desktop computers – so they can access everything your employees can access, and sometimes more!
    • These can take the form of simple malicious links or more complex social engineering attacks that trick employees into handing over passwords, logins or data.
  • Network
    • While networked computers allow easy access between employees and data sources, it also means anyone linked in is a vulnerability and could be the entry point to the whole of your business’ network.
  • The Cloud
    • While storing data and apps in the cloud has great benefits and contributes to a smooth overall digital transformation, it can leave you open to data loss or theft, and service hijacking if you’re not also using cloud-based protection
  • Passwords
    • Hacking passwords to devices and software is one of the most popular ways for cybercriminals to gain access to business data and devices
  • Mobile devices
    • Whether you operate a BYOD (bring your own device) policy or you provide company devices for work, your business is open to new risks. The main threat comes from devices without a PIN (or a weak PIN) that get stolen.
  • Staff
    • As well as external attacks, companies can fall prey to their own employees taking advantage of access: stealing data or damaging/infecting systems on purpose.
  • Emails
    • Emails are a common source of entry, from phishing to malware. For example: perpetrators send out mass emails disguised as an authentic communication from a bank (or similar) telling recipients to verify their account information by clicking on a link. The victim supplies log-in information and the bad actors take money from that account or divert money to theirs.
  • Websites
    • Many websites carry malware, adware and other threats that can be downloaded to devices automatically. Sometimes the sites themselves have been attacked and the editors don’t know of the risks their website poses.
By taking our IT Security Health Check, you will learn how well-protected your business is and specific areas for improvement.

TAKE THE IT SECURITY HEALTH

By compunetss

Coptic Greek Orthodox,