It’s almost time for Halloween. But as we all know, there are plenty of scares to be had in cyber security year-round — and 2014 has been more frightening than most. So in the spirit of the season, let’s take a look at the scariest threats out there in the digital landscape, and, more importantly, how to protect your business from them.
- Ransomware: Ransomware hackers lock you out from your own system and force you to pay a ransom or face the destruction of your files. Businesses like Code Spaces have filed bankruptcy and closed their doors, while other companies like Evernote have paid their ransom. Either path is expensive and terrifying, with the potential to drive you out of business.
- The Internet of Things: The advent of smart appliances like refrigerators and printers offers convenience, but these machines can be an open door to cybercrime. Because they aren’t built with security in mind, they’re vulnerable to hackers looking to steal data and obtain information on you and your family. In one real-life case, a baby monitor was hacked by strangers who harassed an infant in the dead of the night.
- Webcam Spies: Just a few years ago, the idea that a stranger could watch you at home through your computer might have sounded a little paranoid. Today it’s an unfortunate reality. Hackers can control your webcam without the in-use light going on, watching and recording you – and sometimes blackmailing you with the footage.
- Financial Fraud: The idea of your bank account being drained without warning is terrifying. So is finding out that someone has maxed out credit cards in your name and ruined your credit rating. Both can usually be fixed, but filing claims and proving fraud – not to mention waiting for stolen funds to be replaced – can take months and require an exhausting checklist of paperwork and phone calls.
- Stolen Photos and Documents: The massive iCloud breach and recent Dropbox attack attracted attention mostly because of the celebrities involved. But regular people and businesses are seeing their private documents stolen and shared publicly too, from financial statements to risqué photos to intellectual property.
Now you might be thinking that not all of these apply to your business. So here’s the truth: everyone is at risk for these in one way or another. Whether you’re striving to protect your organization, your customers or your home network, you simply cannot assume you’re safe. Someone may want to steal your intellectual property or spy on an important board meeting. My own mother was targeted by Ransomware pirates.
So the question becomes: how do you defend yourself? Some suggestions:
- Be vigilant at work and at home. A lot of people follow security procedures at work, but are more relaxed at home because they assume their personal devices and accounts won’t be an attractive target. That just isn’t true. Protect everything with the same diligence, especially if you are accessing company systems from your home network.
- Pay attention to any odd events. Hackers are stealthy but sometimes certain signs crop up. You might be receiving strange emails or texts, or your computer might be behaving oddly, with redirected Internet searches. Don’t shrug these off as random snafus; they could be your first warning sign that your system has been infiltrated.
- Educate your customers. Don’t assume your customers understand security basics. Make an effort to educate them on smart practices, such as not logging into bank accounts on public unsecured networks. The iCloud breach showed that many people didn’t realize when their photos were automatically uploaded to the cloud. Similarly, consumers who buy smart thermostats or appliances don’t always know how to configure them safely, allowing them to ‘talk” to the Internet at large.
- Assess your provider’s risk management strategy. With so many insecure providers out there, it’s important to make sure yours has the expertise and technology to protect you. Ask about two-factor authentication, web application firewalls, monitoring, malware analysis and threat intelligence. If your provider is only using one layer of security, I can almost guarantee you will run into trouble.
Hopefully you can see why you must take preventive measures before you fall victim to one of the above scenarios. Remember, anyone can be targeted for attack – but anyone can practice strong security too. Protect yourself and your organization now, and you’ll be glad you did.