There are always new threats in cyber security, but it helps to know your enemy – and surprisingly, they’re not all viruses! Here are some of the biggest cyber security threats facing your business right now:
1. Ransomware
- Ransomware is a type of malware that takes your data hostage by threatening to delete it, permanently encrypt it, sell it or publish it unless a ransom is paid. The ransom is normally in bitcoin or another cryptocurrency as they are harder for authorities to track.
- For the last few years, we have seen this sort of virus more and more and its detrimental effect on the businesses it attacks – costing them time, money and productivity.
2. Distributed denial of service (DDOS) attacks
- A DDOS attack is where a malicious hacker uses a botnet to bombard your website or server with access requests with the aim to overload it, making it crash.
- But what is a botnet? I hear you cry! Well, a botnet is a group of devices that are connected to the internet that are under the control of one user or a group of users. This is not to say that this user or group owns all the machines it has control of – the vast majority of machines in a botnet are machines like yours or mine that have been infected with a trojan virus that runs in the background undetected.
3. Phishing
- Phishing is when a spoof email is sent where a person pretends to be someone else, in order to trick the recipient into handing over sensitive information or money or downloading a virus.
- Sensitive information could be your bank card numbers, address, postcode, phone numbers, answers to security questions or even login information for online accounts; and a virus could be downloaded by opening an email attachment or clicking on a link within the email.
- If you feel like an email seems off or could be phishing, the best plan is to:
- Do not click anything in the email.
- Contact the sender via something other than email, to confirm that this email has been sent by them.
4. Insecure passwords
- Whilst they may be easy to remember, insecure passwords can be huge threats in cyber security.
- The most common way hackers ‘crack’ a password is through something called a ‘brute force attack’. This is where an attacker uses a computer to guess password after password extremely quickly. The goal for us then is to make it harder for the hacker to guess. Some of the best ways are:
- Add more characters to your password – we recommend at least 12 characters
- Use both upper- and lower-case letters
- Add numbers
- Add symbols
- By simply adding these steps, you can make a brute force attack take so long that it becomes useless!
- We also recommend that you use unique passwords for each different account. Worried about forgetting them? Have a look at password keychains, that will securely store your unique passwords
5. Not using multi-factor authentication (MFA)
- Whilst having a strong password is extremely helpful, teaming your strong password with multi-factor authentication is highly recommended.
- MFA is an additional process to verify that it’s really you logging in to your account. In the majority of cases, you can either get a verification code sent to your phone or email, or you can use an authenticator app (such as Google Authenticator) that gives you a verification code that changes often. All you need to do then is to type that extra verification code and you’re in!
- Whilst it might seem like a bit of a hassle, for your important accounts, it will give you extra peace of mind.
6. Not keeping devices updated – or end-of-life software – not patching for security updates
- Threats in cyber security are always changing and cyber criminals are always discovering new ways to get into your systems. This is why it’s so important to keep all of your devices updated – from your phone to your printer, your network switch to your NAS. Software updates can contain vital security patches that thwart hackers and reduce vulnerabilities.
- This is also why it is so important to make sure your equipment can still receive security updates and isn’t End of Life. End of Life means that the software you’re using is so old that the manufacturer is no longer creating updates or vital security patches. This could leave you entirely at risk.
- A couple of examples of software and their end-of-life dates are
- Windows 7 (14/01/2020)
- Windows 8 (12/01/2016)
- Windows Server 2012 R2 (10/10/2023)
- Windows 8.1 (10/01/2023)
- macOS 10.15 Catalina (30/11/2022)
- macOS 10.14 Mojave (30/11/2021)
7. Lack of internal training
- Lack of internal training on threats in Cyber Security is a huge risk to companies. When it comes to threats such as phishing, insecure passwords, and end-of-life operating systems, knowledge is power and the wider a company’s internal training, the more prepared they will be.
- Consider sending out information packets or having a team meeting on what to look out for – or even send your team this post, so they can be more aware of how to protect themselves and your business.
Elevate your security with our expert cyber security Managed Services. Shield your business from threats – act now for fortified protection! Give us a call on 01553 692727 or send us an email at [email protected] – and a member of the team will be in touch to discuss how ECS can help you stay protected!