An unprecedented increase in Cyber-attacks has occurred since COVID transformed businesses across the globe into Hybrid Work environments by initiating a surge in the remote workforce. It remains to be seen how many employees who currently work from home will return to the office. It certainly will not be everybody.
With the Cybersecurity vulnerabilities inherent in a remote workforce, cyber crooks swarmed like sharks. According to the United Nations, cybercrime is up by 600% since the inception of COVID – and that report was from 2020! Cybercrime continues to grow exponentially and the tsunami shows no signs of weakening for 2022.
This criminal upsurge affects consumers and companies alike, but as a prominent Managed IT Services among the IT Support Los Angeles Community, IT Support LA is most concerned with Cybersecurity threats against businesses.
There are new families and strains of the various threats that are out there, but the core nature of viruses stay pretty much the same. Criminals just figure out better ways to infect your system with them. If your business uses the internet (who doesn’t?), you are subject to these threats, and it would be unwise to take them lightly.
What are the top online risks?
The names of the Top Five have not changed, although placement in the list varies. Not all are malware, like Ransomware – they are also the vulnerabilities which thieves exploit. As has been the case for the last few years, the most common and profitable (for criminals), as well as the most devastating for businesses is Ransomware which again takes the Number One spot:
#1: Ransomware
Phishing, listed as #2 is the main tactic supporting a Ransomware strategy. A phishing email shows up in your inbox and urges you to either click on a link or open an attachment. Once clicked, the Ransomware infects your system, encrypts your data, and prevents access to both your data and your network until a ransom is paid in cryptocurrency. This is why every business MUST have a comprehensive Backup and Disaster Recovery Plan in place and regularly tested. If solid backups are in place, all infected devices can be wiped clean and the data restored from the backups – avoiding any ransom payments.
the FBI has determined there are at least 100 different strains of Ransomware – but however it gets in, Ransomware ‘s main purpose is to force you to pay the ransom – then, MAYBE, they’ll send you an decryption key. Over 40% of companies who paid the ransom failed to get their data back – these are criminals you’re dealing with, after all.
#2: Phishing
Simply put, it is a deceptive email – those infamous pleas for money from Nigerian Princes are Phishing. Ransomware, fraud, malware of all sorts, and data theft are the top motivations for these phony emails. Many look to be from a trusted source – FedEx, the IRS, a vendor or even a company superior. They copy or ‘spoof’ the logo and signature, so it looks legit. Some mine your social media for information about you that they can use to make you feel you know them.
#3: Data Theft
This is on the uptick due to the work from home surge in remote-device usage. Breaking into a smart phone or tablet to mine for data is easier than hacking into the office network. Stolen information is constantly for sale on the Black Market of Cyber: The Dark Web. A periodic Dark Web scan should be performed to see how much of your company’s and your employees’ data is there. You will be surprised.
#4: Malware
This is an all-encompassing term. Ransomware is a malware although viruses are the most prevalent form. Malware is a generic term for any software that has been designed to damage, disrupt, or gain unauthorized access to your computer system. Once in, there a variety of crimes on the agenda, from Ransomware seizing full control to quietly copying and exporting your files.
#5: Insider Threats
This has always been an issue: Staff with network access either maliciously or mistakenly ‘leaks’ data.
They may not even be current employees. With the recent disruptions in the workforce through mandated terminations or the record number of employees who simply quit their jobs, there needs to be a standard regimen of cutting ex-workers access to any part of your network. This seems obvious, but it is not done far too often.
Don’t Trust: Verify!
With the undeniable onslaught of cyber-attacks, the old laissez-faire, casual approach to Cybersecurity, access and user policies must go by the wayside. IT support companies worldwide are encouraged and thankful to see businesses entering an era of the widespread adoption of Zero Trust policies.
Frequently Asked Questions
Q: What is the meaning of zero trust?
A: According to McAfee, “Zero Trust is a shift of network defenses toward a more comprehensive IT security model that allows organizations to restrict access controls to networks, applications, and environment without sacrificing performance and user experience. In short, a Zero Trust approach trusts no one”.
Q: What is good cybersecurity?
A: That’s a very broad question. The best short answer is, “Good Cybersecurity is leaving nothing to chance.” The weakest spot is the untrained end-user – Security Awareness Training is not an option, it’s a MUST. What good are the most up to date Firewalls, Anti-Virus (AV), secure VPNs and Wi-Fi if an employee unwittingly lets the crooks in?
Security Awareness Training is not a ‘One & Done’ proposition. People forget. It must be repeated every 4 to 6 months. Over 80% of all successful Ransomware attacks are due to end-users falling for phishing scams.
Q: How do I find hidden malware?
A: Use a scanning program like Malwarebytes, Microsoft Security Essentials, or Emsisoft Anti-Malware. There is a lot of free malware scanning software available.
Q: How can you identify phishing?
A: Inconsistency: Either in the email address, domain names, links or in greetings or subject lines.
If an offer seems ‘too good to be true’ – it probably isn’t.
Suspicious links or attachments.
The sender asks to ‘verify’ information that they should already have.
Digging for info of any kind.
Bad Spelling and grammar. These crooks may be computer-smart but still can’t spell.
How secure is your network? It’s FREE to find out!
IT Support LA offers a FREE, no-risk network and security assessment to all companies in the Greater Los Angeles area with a minimum of 10- computers and 1 server. No strings, no obligation.
Just fill out the form on this page or call us at:
818-805-0909
