Today’s breed of criminals doesn’t hang out in dark alleys waiting to snatch your wallet or purse. Rather, they attack through the Internet from the comfort of their rooms, with a much bigger loot in mind.
The State of Data Security
So big, in fact, that companies globally are now losing an average of $3.92 million per breach. And if that sounds shocking, this will blow your mind: US companies are losing more than double that. A single data breach incident is likely to cost your organization upwards of $8.19 million.
Well, you could argue that antivirus software providers are responding with better, more sophisticated data protection tools. But, while it’s true that various solutions have been advancing progressively, it turns out cyberattackers are developing their tactics correspondingly.
69% of organizations now fear that antivirus programs are useless against the new types of threats they’ve been seeing.
Then, to make matters worse, it seems cybercriminals are not only getting more aggressive but also attacking more frequently. By 2017, it was proven that hackers were typically attacking every 39 seconds.
And just when we thought they’d take a break during the pandemic, they moved their activities up a notch. As workers switched from their offices to home workstations, hackers didn’t hesitate to follow the trail -- so much so that the number of reported cybercrimes subsequently increased by 300%, according to the FBI.
Now, in the light of these recent trends, you can be certain you’re a target too. They’ll try hitting your company’s system whether you like it or not. However, the outcome depends on how well you seal all the possible loopholes. To help you with that, here are some of the best data security checklists, which you might want to leverage.
One particular thing you should keep a close eye on is the devices connected to your network. Every single endpoint device is a potential vulnerability that cyberattackers could eventually take advantage of. It just so happens that cybercriminals are particularly fond of capitalizing on the resultant BYOD weak links. On top of that, it’s no secret that the use of IoT is rising fast within the corporate world. You can expect more than 31 billion connected devices by the end of 2020, and 75 billion by 2025.
Businesses simply love the BYOD strategy, because it enhances their overall workplace productivity quite substantially. So, you can bet they're not going to drop it anytime soon. And neither should you, especially when you apply the following data security checklist to protect the system:
- Encrypt devices.
- Delete all information when disposing of devices.
- Install/update applications from and via trusted sources only.
- Implement biometric authentication within MFA.
- Don’t allow applications access to personal data.
- Monitor system updates and install them in a good time.
- USB devices: separate personal and business devices, and scan for viruses.
- Physical security: lock/turn off devices before leaving, and then lock offices.
With over 120 billion business emails exchanged every day, this is undeniably one of the main modes of communication across organizations. And, when you break it down further, it turns out the average office worker receives about 121 email messages per day.
Cybercriminals know this, too, and they’ve figured out that most individuals are probably too busy to sort out the bad emails from the legit ones. Therefore, it’s understandable that 94% of malware attacks in 2019 were channeled via email. Phishing and unauthorized access are high on the list of common email attacks.
Sadly, though, you can’t really control the flow of email messages from third parties. But, you can implement the following:
- Don’t use personal accounts for work purposes.
- Enable spam filtering.
- Offer security training on detecting and preventing phishing attempts and malware attacks.
- Turn off the automatic download of attachments.
- Don’t email sensitive data.
- Double-check email addresses.
Internet Access Security
All in all, the Internet is at the very center of the data security crisis. Although organizations are still victims of physical intrusions, the number of cases is dwarfed by the number of web-based attacks.
And we’re not talking about email attacks alone. Even websites are increasingly used as points of attack. Domain impersonation cases, for instance, rose by 400% within the first four months of 2020. What’s more, it is said that cybercriminals deploy a new phishing website every 20 seconds, and 74% of them even come complete with HTTPS compliance.
Despite all these threats, organizations are still scaling up their Internet operations -- so much so that 27% of companies now believe that they’ll migrate 95% of their critical workloads to the cloud within five years.
That, of course, raises the stakes for all the players. Nevertheless, you could protect your system by taking the following measures:
- If you use social media, limit admin access.
- Don’t use suspicious applications.
- Install a malware-detection system.
- Set up bandwidth restrictions.
- Don’t connect to free Wi-Fi spots.
- Routers: select WPA2 Personal setting (WPA Personal) + a strong password.
- Don’t allow public access to sensitive data.
- Don’t use free services for file sharing.
- User authorization: limit the number of failed access attempts.
- Use a VPN.
- Verify financial transactions before proceeding to the next step.
On the software front, cybercriminals continue to ride on DNS tunneling, SQL injections, denial-of-service (DDoS) attacks, and phishing, as well as malware.
And with the trend rising, the year 2020 has already seen more than 40 million instances of web application attacks. Organizations are having a difficult time dealing with cross-site scripting (XSS), broken authentication and session management, SQL injections, etc.
These techniques are typically used to launch ransomware attacks, which MSPs believe are one of the biggest threats facing small and medium-sized businesses. Four out of five managed services providers surveyed in a 2019 ransomware study placed it right at the top of the list of malware threats.
If that worries you, here is a data security checklist for protecting your software environments:
- Set up automatic updates.
- Install the latest version of antivirus.
- Develop a policy for end-users that specifies the software they can install and keep on their devices.
- Monitor and manage access privileges.
- Regularly scan for vulnerabilities and bugs.
- When installing third-party software, check the license agreement, and monitor compliance.
- Disable autorun.
- Set up a backup schedule.
- Make authentication mandatory for all users.
As a system infiltration attempt that relies on submitting randomly guessed passwords, a brute-force attack might be dismissed as a low-risk threat, an attack with a comparatively low success rate.
Interestingly, though, industry figures prove otherwise. More than 5% of successful data breach incidents come from brute-force attacks. However, it’s not difficult to imagine why, when you take into account the behaviors and tendencies of account holders. Apparently, only 28% of them keep their passwords in a secure password manager; 18% reuse passwords; 51% use the same passwords for work and personal accounts; and 69% admit to sharing passwords with colleagues.
Further reading Password Management Best Practices
Then, to crown it all, it turns out that about 23 million account holders naively use the “123456” series for their passwords. That’s in addition to other common passwords such as “sunshine” and “iloveyou”. You can even go ahead and attempt to unlock random accounts with such basic passwords. You’ll be surprised by the number of accounts that’ll proceed to log you in.
That said, the best practices here include:
- Always change the default password.
- Choose strong and unique passwords.
- Don’t reuse passwords.
- Don’t use the same password for different accounts.
- Never share credentials or store them at your desk.
The poster pack includes:
- Best practices for creating strong passwords
- Reminders on how secure passwords should look like
- A chart to check if your password is secure enough
The Final Word
Overall, the field of cybersecurity is quite extensive and fluid. There’s a wide range of vulnerabilities to cover and their parameters are always changing with time.
Therefore, as you proceed to protect your system across multiple layers using this data security checklist, remember to review and update your security systems from time to time. Most importantly, though, take no chances when it comes to data security. You’ll be saving your organization millions of dollars in possible losses.