Top Threats to Your IT Security in 2021 (And How to Address Them)
2020 saw cyber crime rates rise by 31%. This upward trend has continued on a similar trajectory since the inception of digital technology and shows no signs of slowing down.
Cyber crime is an ever-present threat to your business and your workforce. Your digital assets have immense value — their loss can destroy your business. Cyber security should be a top priority in 2021, but with so many avenues available for hackers to exploit, what kind of threats should you be paying closest attention to right now?
Despite being an ageing practice (relatively speaking), phishing emails remain one of the greatest threats to your organisation’s security.
Generally, when our minds turn to phishing emails, we think of poorly put together messages from fake looking email addresses, often riddled with horrible code formatting and spelling mistakes.
But, while these kinds of mass phishing attempts are still ever-present, phishing can get far more sophisticated when it comes to corporate cyber crime. Phishing hackers can use the vast array of personal information available online to build a profile of their victims.
Often digging up details from social media — LinkedIn being a great place to start — phishers work out the best target within your business. For example, if they want customer payment details, they’ll go after the accounts management team. They’ll then be able to check for personal information to sprinkle into the email to make it seem genuine, perhaps referencing a gathering or recent picture of a pet based on a social post. They’ll then be able to ascertain who their target works with, build a fake email that looks genuine, and set up their message.
They may even pretend to be you.
With so much background research, these emails can be really tough to see for what they are. They’re intelligent cyber attacks that your employees will not anticipate. So how do you protect against them?
You make sure your employees do anticipate them.
Use training to make sure your employees are aware of the threats they face from phishing. They might not always know if the email is a phishing attempt straight away, but they can learn to look out for warning signs, such as requests to share data or passwords.
This awareness can lead to a new policy, such as ensuring employees never ask for sensitive data over email or that passwords and data are shared through internal and monitored systems rather than email accounts.
Shadow IT is a bit of a buzzword, but it simply describes the use of unapproved software through your systems and network.
With the introduction of cloud software, coupled with unprecedented levels of internet access, it’s become increasingly easy for your employees to use internal system software to access online services and programs — take Skype, Dropbox and CRM services as examples.
They’ll use these in place of your approved company software, often for innocent reasons, such as being familiar with the software, believing it to be a more effective tool, or just out of pure habit.
Since this ‘shadow’ software hasn’t been assessed or approved, it can pose a security risk. The software could carry malware or present an unprotected backdoor to attackers, or it could be used to share data without proper encryption and protective measures.
The simple solution here is assessment and policy. Crackdown on user profiles and search for unapproved software usage while also educating staff on the risks they pose.
Creating awareness both within your technical teams of the potential for shadow software and your employee base as to the damage this shadow software can have could dramatically reduce the risk of it becoming a problem for your business.
Back to more buzzwords with IoT — Internet of Things.
IoT devices is a collective term used to describe the diverse range of new hardware creeping its way into modern life. From smart speakers to wearable tech, the IoT device market is growing rapidly.
While these innovations tend to make life easier, they are also novel and well within their infancy. We’re still learning about their unique security vulnerabilities and design flaws to this day. For example, back in 2019, hackers learned they could use laser technology to influence smart home speakers like Google Home and Alexa.
Simply put, we just don’t know how these machines can be used to potentially infiltrate IT systems and gain access to data.
The easiest way to solve the problem is to avoid integrating IoT smart technology with your business, but that might not be feasible if the tech in question is important for processes.
Instead, it may be more prudent to consider how much access your IoT devices have to your network and what methods of protection you can put in place to put distance between them and your data, should they fall prey to cyber criminals in the future.
With remote work on the rise following the COVID-19 pandemic, businesses face a new cyber security problem.
Remote working devices need to connect to your systems, but they cannot be covered in the same layers of security as your local hardware. With staff now using off-site hardware to work, there is a serious risk of remote cyber breaches.
The answer to this problem lies in endpoint solutions.
There are services like the Microsoft Modern Desktop that allow users to access their entire suite of work software through the cloud. They only need a monitor and a device capable of streaming the remote desktop. Their actual ‘computer’ setup is all virtual — stored and managed online, not on their devices.
This kind of setup gives businesses near-total endpoint control.
Instead of protecting the entire remote system of each remote employee you have, you only have to manage a single endpoint for each of them.
By securing access to your cloud service using systems like two-step authentication and regularly updated access controls — plus a policy that ensures no other hardware is installed on the device used to access your workspace’s cloud platform — you can seriously reduce the chance of remote workers causing cyber breaches.
An important note here is to remember the risk of shadow software.
With remote workers all accessing a cloud system, shadow software installation will be directly housed within your cloud servers, not external drives. This makes it even easier for hackers to infiltrate your network, as they’re already inside the walls, so to speak. If you’re running remote desktops, shadow IT policy must be clear and strictly enforced.
This was posted in Bdaily's Members' News section by Optimising IT .
Enjoy the read? Get Bdaily delivered.
Sign up to receive our popular morning National email for free.