5 Cyber Security Threats Facing Businesses

Rise of the Mobile Workforce

The number of businesses moving to the cloud is predicted to grow. With this growth, comes new risks and viruses targeting businesses of all sizes, particularly small businesses, since cyber security is typically weaker when compared to larger businesses.

The growth of the mobile workforce creates new paths and highways for criminals to gain access to sensitive company data.

There are big risks you need to know about, whether your business accepts the “bring your own device” (BYOD) concept or issues standardized company devices to mobile employees.

Cyber Security

It’s hard to believe that just a few years ago, cyber security was low on the list of priorities for businesses. Today, now that many businesses are integrating remote data storage, mobile device management (MDM) and offsite data processing into their business, they’re giving cyber security a second look – especially after highly publicized data breaches like the Equifax data breach in 2017.

Online threats are everywhere and they aren’t going away anytime soon. Vulnerabilities like the Heartbleed bug, an encryption flaw (not a virus) exposed a wide range of popular websites – including GoDaddy, Dropbox, Yahoo and Netflix.

But this is just one of many ways your network can become compromised.

For this reason, anti-virus programs and regular software updates are still necessary to fix and prevent problems. Firewalls and logins are also still necessary to restrict access, but these things alone are no longer enough to prevent cyber-attacks.

1) Malware

Computer viruses like TeslaCrypt 3.0.1 ransomware, Badlock, CryptoLocker ransomware and CryptoWall ransomware can lurk in the background, stealing valuable data and extorting money from businesses.

When these programs infect your computer, they often make some parts of the system unusable.

What’s worse, they often remain hidden while harvesting your usernames, passwords and other valuable information. Malware has become sophisticated and proficient at luring employees into installing the software on business computers.

Simple instructions for employees to avoid opening attachments or downloading material from suspicious websites are no longer enough.

How does this work?

Recently a manager in an expanding business was hiring. She asked several candidates to email her resumes. When she tried to open one of the resumes, nothing happened.

A few minutes later, most of her data was encrypted and she was asked to pay $800 for the password to decrypt it. She didn’t notice the “resume” was not from one of the candidates and had inadvertently opened ransomware.

Luckily, she had backups of her data and didn’t have to pay.

Don’t want this to happen to you?  Contact us to start implementing new policies that guard against such sophisticated attacks and educate employees about the risk of cyber threats as soon as possible.

2) Vulnerabilities

Most software works well when employees engage in best practices when it comes to cyber security.

As long as they enter normal commands and data, everything is fine. Vulnerabilities crop up when an unexpected entry causes security to fail.

For example, did you know if you set the date of an iPhone to January 1, 1970, the phone will stop working?

Devices can react in unexpected ways when someone enters an unusual command. Hackers exploit such bugs to get around security. They input unexpected instructions to disable security and bypass logins or firewalls.

Good security includes regular updates of all software. Even then, there is a risk until you install the updates. Extra layers of security can guard against such breaches when they are due to a single vulnerability.

3) Unauthorized Access

Employees have access to your company network where they can see sensitive information and initiate actions to carry out operations. Just imagine if an outsider gained unauthorized access. How much could they harm your business?

Today, a favorite method of gaining access to a network is through valid user names and passwords, obtained from employees, subcontractors or visitors under false pretenses. Such methods are often subtle and sophisticated.

What might this look like?

Picture this: A man poses as an existing new employee. He has inside knowledge that the employee was hired, so he calls the company IT department posing as the new employee and states, “I don’t know how to log in, can you help me?” The IT department promptly gives out the new employee’s user name and password over the phone.

At Ontech Systems, we take extra precautions to ensure this doesn’t happen to our clients, but in-house IT might not be well versed on company policy or a new IT company might make this mistake if they were in the middle of something else or if it was a last minute request.

Such tactics can happen if you don’t take additional measures by establishing company security policies and educating employees about these risks.

4) Mobile Devices

Smart phones and tablets in the workplace have paved the way for a whole new wave of network vulnerabilities that allow easy access into a company’s secure IT network.

What kind of vulnerabilities?

• Lost or stolen phones
• Mixing business with personal apps on personal devices
• Mobile devices can be infected with malicious software
• Incorrect operations can lead to loss of data.

Businesses face a tough decision – on one hand, they want to allow mobile employees to do their job but at the same time, they want to limit access to the data they need.

(Hint: there is a solution to get the best of both worlds.)

Each business uses mobile devices differently. Through a layered security approach, you can customize your solution and maximize the value of your mobile device management strategy.

5) Threats in the Cloud

Many suppliers of cloud services have good physical protection of their data centers and effective software security features.

They encrypt all your data to keep it safe.

But the reality is this – their personnel must have access to your data for normal data processing functions.

If a server breaks down in the cloud data center and the supplier’s service people fix the problem, they often have access to your unencrypted data. When they run tests on the data, they may see it. If a hard drive has to be replaced, the data on the old drive is at risk. When you place your data into the cloud, it is critical to evaluate the services supplier’s security as well as your own.

When evaluating cloud service providers, there are several things to consider. If you have questions and want a reputable source, contact us.