Russia’s invasion of Ukraine has intensified worries about malicious cyber activity. Every organization—large and small—must always be prepared to respond to disruptive cyber incidents. This is a good time to talk to your employees about the basics of cyber security and how they can help your company and themselves. Here are a few basic definitions and reminders to help you.
Information Security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide integrity, confidentiality, and availability. Employees should understand that accessing information is a privilege, and “need to know access” should be practiced. Sharing sensitive data should be taken very seriously, and employees should know your organization’s policy for protecting information.
Social Engineering
Social engineering in the context of cybersecurity is a type of attack wherein the hacker exploits human vulnerabilities through social interaction to breach your information system security. The hackers use influence, persuasion, deception, manipulation, and inducing to prompt users to reveal confidential information unknowingly. Employees need to understand when and how to identify a socially engineered attack. They need to be aware to slow down when someone is requested sensitive information and trained not to disclose or be manipulated to break company procedures.
Phishing
Phishing is the most well-known type of social engineering when an attacker sends an email to an employee requesting them to click a link to update or enter their password. The employee’s password is then sent to the hacker and used to compromise their online accounts. Employees need to understand how to identify a phishing attack and not click suspicious links.
Malware
Malware is any software intentionally designed to disrupt computers, servers, clients, or computer networks to obtain private information, gain unauthorized access to information or systems, deprive users of access to information, or interfere with the user’s computer security and privacy.
Ransomware
Ransomware is malware that encrypts data on a computer until the victim pays the hacker a sum of money. The average cost of a ransomware attack keeps growing in 2021. The average was $1.85 million, up from $283,000 in 2020 and $141,000 in 2019. It is crazy and scary.
Employees should be aware that ransomware is one of the most widespread threats targeting businesses worldwide. If the ransom is not paid, your computer and its data are unrecoverable. The best way to defend against ransomware is to prevent it from happening in the first place.
Browser Security
Browsing websites on the Internet is a privilege for employees, and secure browsing techniques should be practiced. Employees should be aware of how to identify suspicious websites and how they can be a significant risk for your company. They should also understand the importance of keeping browsers up to date and secure. There are various settings your system administrator can use to support browser security.
Incident Response
If your organization experiences a cyber security incident, we can help you set up a response plan. Employees must be aware of their role in the response effort. Your organization should practice responding to mock incidents at least annually and discuss steps on which plans and procedures are needed to respond to cyber incidents.
The world would be a better place without country or state-sponsored cyberattacks, but these are the realities we live with today. Proactive preparedness is the only option. iTelecom can help you with your cybersecurity needs, hopefully, before an incident happens, but we can help you after too.