One way or another, data breaches or ransomware attacks begin with one common denominator.
Human Error.
Whether it is someone clicking on an email. OR misconfiguring a router or server. Or even using a default or easy-to-crack password. Or it’s not having patched a computer. When a ransomware attack occurs, it’s certain that someone made a mistake.
What’s worrisome to me about 2020 is that hackers are going to greater lengths to get into your systems.
They are specifically targeting you and your company like a well-targeted marketing campaign. They are scanning your network from the outside for very commonly misconfigured pieces (mistakes that someone on your IT team could have easily made without noticing much).
The IT industry has yet to find a complete cure for cyberattacks. And that’s leading to major consequences—your team’s personal data, your trade secrets, your client lists and information—all put at risk because hackers are learning and improving their methods of getting in (and for the most part, we aren’t getting better at even doing the basics at keeping them out).
News for data breaches and full-blown ransomware attacks are now a common news story item on the nightly news. You’ve probably heard of a hacker getting into chatting with a little girl through a Ring Doorbell.
I’m sure you know at least one business in your community that was shut down or crippled by a ransomware attack in the last couple of years.
The sad truth is hackers are good at their jobs.
My question to you: why aren’t we doing more to address this?
The cost of cyberattacks today is enormous. Just take a recent story of The Heritage Company—an Arkansas-based telemarketing firm—forced to shut their doors (on Christmas Eve) because of a two-month ordeal trying to recover from a full-blown ransomware attack.
Can you imagine having to send out a Christmas letter to your team underlining that their positions have been terminated (all 300 of them!) because of a ransomware attack?
On top of that, could you imagine being that business owner forking out enough money to cover everyone’s salaries for the last 2 months because business was at a standstill? Could you imagine personally going bankrupt because of your emotional attachment to your business, left with nothing but a lost legacy from your family run business? These things are all realities today.
Now there is no silver bullet to completely protect you and your business from an attack, BUT there are many things you might not be doing right now that would better your chances or avoiding or surviving one:
Educate your team—nearly 70% of breaches and attacks start with some form of user-related activity. Clicking on a link or attachment. Responding to an email with sensitive information. Inputting credentials into a malicious web form. The list goes on. If your team doesn’t understand the latest tactics, how are they supposed to protect your data?
Start taking security serious from the top—leaders that see security as a critical part of doing business in 2020 have organizations that are much better off. Make sure your leadership team understands current risks and incorporates the cybersecurity landscape into strategic planning for your quarter or year. Simply getting an annual risk assessment is probably not good enough today as it might have been 20 years ago.
Make sure your vendors are protecting themselves—you likely do business with all sorts of vendors—many of which have access to your network. Make sure that they are taking a serious stance on cybersecurity—at least as much as you. One of the growing targets in 2020 is vendor-related vulnerabilities. I want to make sure you are making a list of all of the companies and organizations you work with and start diving into their security stances.
Update your passwords—using the same password for everything is no longer acceptable. Hackers have probably compromised at least one account and it’s only a matter of time they try to access information from other accounts you have with that password. I know it’s hard to remember passwords, but consider using a password vault to help with this. Make sure your passwords are complex and aren’t common phrases, names, or terms.
If you could only get one takeaway from this blog, I hope it is that ransomware attacks ARE devastating. If you aren’t thinking about and keeping up with your risks, you likely are not doing enough (and your IT certainly is not doing enough) to keep a solid lead over cybercriminals hungry to get in.
