By: Brian DeVault
There are a lot of Cybersecurity threats to be aware of when trying to protect your business. One of these threats being brought to the light is called smishing. Like phishing emails, smishing texts are social-engineering scams that aim to manipulate people into turning over sensitive data such as Social Security numbers, credit card numbers and account passwords or providing access to a business’ computer system. They rely on persuading you that the sender is a familiar or trusted source and that urgent action is needed to secure a benefit, resolve a problem or avert a threat. It is important to have a plan in place to avoid such attacks.
Assess
Prior to implementing any type of plan, you want to assess where you are with your current state of business, figure out what your desired state is, then set a path to get there. It is important to understand the different threats you are up against depending on what type of business you work for.
Mid-Market companies could be targeted more, as they have more valuable assets than small businesses, but fewer IT security resources than enterprises. While all companies, regardless of size, mostly face the same types of risks, small and midsize businesses are more susceptible to them due to a combination of factors, most of which involve a lack of resources combined with a lack of focus on cybersecurity issues. Understand what type of business you work for and you will have a better understanding of what threats you need to be looking for, so it will be easier to avoid them.
Training
It can seem impossible to prevent a cyber attack, but the majority of them can be prevented, either by endpoint security tools like endpoint detection and response (EDR) software and next-gen antivirus applications, or strict security policies and compliance guidelines. NETRIO partners with a company called KnowBe4 which can be very helpful for your business. KnowBe4 is the world’s most popular integrated platform for security awareness training combined with simulated phishing attacks. They help thousands of organizations to manage the continuing problem of social engineering. Their mission is to train business’s employees to make smarter security decisions.
One of the most important concepts to grasp with cybersecurity is that maintenance is a constant job. New attacks develop monthly, if not daily, and your approach to guarding against them can’t be limited to annual training. If you only updated your network devices once a year, your security would be a nightmare.
As the number of data breaches and hacks continue to rise, it’s vital for your business to take steps to ensure you don’t find yourself in the headlines. Just like with any organizational transformation project, that means getting your team to buy in and build habits. Training is the key here, as well as constant reminders that there are threats out there and maybe even a “live fire” exercise to show how easily you can fall victim to an attack. Remember that cybersecurity is a team effort, and you need to put your employees in a position to succeed.
Multi-Factor Authentication (MFA)
Over the past few years there has been a revolution in the way that business works. Businesses now rely on cloud applications to utilize their powerful features, be more productive and collaborate with virtual teams. This has become even more important during the Covid-19 pandemic as, for many teams, remote collaboration has become absolutely essential for continued business success. As we rely more on these accounts, it’s critical that organizations ensure they are secure.
Adding a second factor makes it significantly much harder for malcontents to cause damage, since attackers now must have two objects in their possession to move forward with their actions. Additionally, MFA is becoming more ubiquitous and easier to use, which creates less friction with end users. This makes multi-factor authentication attractive for organizations looking to boost their security policies without creating much additional overhead. One other key point to add – many end users are now concerned about their online security and what it can mean to them, which means they are motivated to protect themselves and their accounts.
Multi-factor authentication guards against account compromise by ensuring there is an extra level of security attached to every single log-in attempt. If an attacker is able to compromise an account password and there is no additional MFA in place, they will be able to change the account password and effectively freeze the legitimate user out of the account. Sometimes, it can take months before compromised accounts are even identified. With MFA in place, users are alerted to all suspicious log-in attempts, and attackers are effectively blocked from access, even if they have the account password. It’s highly unlikely that a cyber-criminal will also possess your smartphone or fingerprint as well as your account password, and so MFA massively improves account security.
This blog post is part of NETRIO’s weekly Whiteboard Wednesday series. Follow along on Linkedin and YouTube each week as Brian and Mike discuss use cases, new technology, and trends.