1 minute read
SAFEGUARDING YOUR ORGANIZATION FROM COMMON CYBER SECURITY RISKS
Developing a true resilient organization means considering even newer and ever-evolving risks like cyber security. Increased reliance on technology has increased cyber risk, leading to the compromise of clients’ financial data, costly recovery and potential reputation damage.
When detecting, responding to and recovering from threats, faster is better. The first step is to acknowledge the cybersecurity risks that expose an organization to a hacker’s malicious attacks. Some of the most common cyber risks and threats for businesses are:
Frank DeLucia
Senior Vice President
Hub International Northeast
frank.delucia@ hubinternational.com
(212)338-2395
Malware: Malware is malicious software that cybercriminals insert into a company’s web pages or web files after they’ve penetrated the business’ site. Bad actors then steal sensitive corporate data, including customers’ personal information. Malware can also redirect a company’s web pages to other sites and insert pop-up ads onto a company’s web pages or website. Removing malware requires constant network scanning.
Ransomware: Ransomware gains access to sensitive information within a system, encrypts the information so the user cannot access it and then demands a financial payout to release the data. Ransomware is typically part of a phishing scam; by clicking a disguised link, the user downloads the ransomware. Ransomware infections are specifically focused on users with higher levels of permissions such as administrators, to inject malicious code. In almost every case, the user or owner of a targeted system will receive instructions on how to regain access. A ransom is clearly presented, along with preferred denomination and payment method, and sometimes a deadline for payment.
Phishing: In phishing, a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing personal information, banking or credit card details and passwords. The information is then used to access accounts and can result in identity theft. Other forms of phishing include vishing or voice phishing, smishing or SMS phishing, and whaling or email purportedly from one of a company’s senior figures.
Data breaches: A data breach exposes confidential, sensitive or protected information to an unauthorized person who then views or shares the files in the data breach without permission. Data breaches happen most often because of weaknesses in technology or in user behavior and are not always caused by an outside hacker. Serious damage is possible if a hacker steals and sells personally Identifiable information or corporate intellectual data for financial gain or to cause harm.
Best practices to avoid a breach include patching and updating software, high-grade encryption for sensitive data, upgrading devices when a manufacturer no longer supports software, enforcing “bring your own device” security policies, enforcing strong credentials and multi-factor authentication, as well as educating employees on best security practices.
