What is cyber crime?
Every business, regardless of their services, must deal with cybersecurity. Malicious cyber criminals target anyone and everyone that they think could be a target. This includes both active and passive cyber-attacks. How do these differ? A passive attack relies on human error: A link in an email, downloading a questionable executable, often relying on social engineering. Phishing (like ransomware in emails) is the most common passive attack. An active attack generally has a person attempting to gain access to the corporate network, possibly by trying to crack the corporate network’s password, gain access to services exposed to the internet, bombarding firewalls with queries till they fail, and more. According to a report by CSIS, cyber crime costs businesses and governments $600 billion annually. Cyber criminals make life difficult for everybody. What can be done about it? The most common attacks in recent years are ransomware. These have been so pervasive because they are caused almost exclusively by human error. Passive attacks like this are simple to avoid. A skilled attacker attempting to breach the corporate network can do substantial damage and compromise sensitive documents. This is much more pernicious than a passive ransomware attack. An attacker can attempt to crack passwords, gain access to sensitive information, cause disruption with Denial-of-Service (DoS) attacks and much more. To make matters worse, this is undetectable unless the network is being monitored. These criminals will enumerate anything facing the public. Websites, computers, even Internet of Things connected devices. Anything exposed to the internet is potentially vulnerable.
What can be done?
By performing regular security audits and having employee security policies in place, most attacks can be mitigated. Audits check for employee compliance with security policy, as well as look for vulnerabilities in the network. Employee security policies ensure that your employees are not exposing themselves or the company to risk. Examples of employee security policies include but are not limited to:
- Clean Desk – Any sensitive documents and/or devices should be secured before the employee leaves the building
- Password Security – By having a strict password security policy, brute force and dictionary attacks become nearly impossible. Datacom recommends a minimum password length of 12 characters, and the password must contain a combination of uppercase letters, lowercase letters, numbers, and symbols
- Multi-Factor Authentication (MFA) – By requiring MFA, such as SMS confirmation codes or authentication apps, an extra layer of security is added. Now attackers cannot easily exploit employees whose passwords have been compromised.
It is in every business’s best interest to protect their data and their customers’ data. By enacting straightforward company policies, a business can rest easy knowing cyber criminals will have a substantially more difficult time wreaking havoc.