What You Need to Know About Cyber Security Attacks

There is an increased need for organizations to protect themselves from cyber attacks.  These threats come in many forms and according to Symantec internet security, small to medium-sized organizations are targeted 65 percent of the time. 

The internet has a 'dark side' that most are unaware of.  When we use Google or YouTube, for example, we are using the Clear Web which comprises only about 1% of the internet.  The Dark Web is a community of websites that is not accessible through regular browsers.  The Dark Web also gives users access to guides on how to hack into vulnerable systems, as well as purchase exploit kits, malware, and viruses.

The risks to organizations include hackers gaining access to financial institutions, stealing trade secrets, leaking medical information, accessing employees’ records, stealing customers’ private data such as credit card numbers, social security numbers, etc. They have made a business out of hurting your organization.

Cyber threats are on the rise and projected to increase dramatically. According to a new report by Hewlett Packard and the U.S.-based Ponemon Institute of Cyber Crime, hacking attacks cost the average American firm $15.4 million per year, double the global average of $7.7 million.  Yet, when your organization takes proper precautions the chances of being subjected to cyber threats can be reduced.                  

Cyber insurance is becoming increasingly valuable to organizations that are vulnerable to data breaches and ransom attempts by hackers, but this does come at a cost. Often, the biggest flaws in an organization’s IT environment come from the behavior of the employees themselves and compliance to a comprehensive IT policy. Many high-profile cases of organizations being infiltrated by hackers began with an employee opening an email attachment from an unknown source. Having knowledge of the best practices in IT security and communicating these practices regularly to your employees will help to reduce your insurance liability and perhaps even lower your insurance premiums.

Computer systems including smart phones can be breached in many ways when using the internet.  However, there are effective ways to protect your computer or network:

  • Install a firewall and anti-virus software and keep it updated. 
  • Change passwords regularly and do not use the same password for every account.
  • Run regularly scheduled computer scans to detect and eliminate malware (malicious software).  As new threats are identified, your security software company sends updates that are only valuable if you apply them.
  • Educate your employees and family about security awareness, prepare an incident response plan, and obtain cyber insurance.
  • When sending sensitive, financial, or private data online make sure the website is secure.  An encrypted website will start with https: and will have a padlock icon in the address bar. 
  • E-mail with private data must be sent securely because it passes through multiple servers before arriving in a recipient's inbox.

A common entry way for malware is through 'phishing' e-mail attachments. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization or source. An email will be sent to an organization’s Accounting Department from what looks like the CEO instructing them to wire transfer funds. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers will take advantage of current events, natural disasters, concerns, major political elections, and even holidays. Phishing scams are getting more sophisticated every day. To avoid being a victim:

  • Be suspicious of unsolicited phone calls or email messages from individuals asking about employees or internal information.  If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with your company.  Or else verify it by contacting the company directly by checking previous statements for contact information. 
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this type of information. 
  • Do not send personal information over the Internet before checking a website’s security.
  • Pay attention to the URL of a website.  Malicious websites may look just like a legitimate site, only slightly different in a spelling or a different domain (i.e., .com versus .net).
  • Always install and maintain anti-virus software, email filters, and firewalls.

If you think you are a victim and you believe sensitive information has been revealed about your organization, take the following steps:

  • Report it immediately to the appropriate personnel including network administrators.  They can be alert for unusual and suspicious activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised.  Watch for any unexplainable charges to your account. 
  • Immediately change passwords that might have been revealed.  Use strong passwords that contain the first letter of a phrase or a combination of alpha, numeric, or symbols, and if you use the same password for other accounts, make certain to change all accounts using that same password. 
  • Watch for signs of identity theft and consider reporting the attack to the police.

A second type of risk with an alarming growth rate is called Ransomware.  In this type of breach, the hacker encrypts all the data on your computer or network into complete gibberish and you are asked to pay a ransom to obtain the virtual "key" to access your data.  In some cases, paying the ransom doesn't ensure the release of the key.  According to The Travelers Insurance Company, ransomware attacks are getting more numerous and more sophisticated every year with 4,000+ incidents occurring each day since January 2016. If you are a victim of ransomware you should:

  • Call your insurance carrier for support before responding to the hackers’ request. 
  • Maintain regular backups of your data. This can minimize the damage in the event the key isn't exchanged for the ransom.

The potential for cyber security attacks should continue to be a concern for organizations in 2017. Yet, you can reduce your organization’s risk by taking proper precautions and developing best practice protocols to be implemented by all employees. 

  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client
  • client