You can be a business owner, manager, self-employed or hourly worker. But whatever happens, you need cybersecurity.
These days, operating systems, browsers, and many software applications have some form of cybersecurity built in, but that doesn’t mean you don’t have to worry about it, especially as large-scale cyberattacks in the past year have exposed the US security breaches.
You can reduce your chances of becoming a cybercrime victim (and there’s no way to be sure you won’t; chances are you’ve already been affected by some kind of cybercrime or data breach several times) by avoiding common mistakes. a 2020 Cybint report found that 95% of cyber security breaches they are due to human errors which are then exploited by hackers.
That should be enough for anyone to take a hard look at how you’re protecting yourself and your business.
For Technical.ly Cybersecurity Month, we’re diving into our archives to find relevant tips on the topic that you may have overlooked or forgotten. Here are six major cybersecurity mistakes that have been highlighted in our previous reports:
1. Not reviewing your cybersecurity in the last year or two, especially if you switched to a work-from-home or hybrid model
“When you’re not in the office, you don’t have that conversation in the hallway, so companies need to be proactive in raising employee awareness of cyberattacks and also of best practices,” he said. Harish Siripurapua Baltimore information security consultant who partnered with technology advisory firm think in systems to expand its cybersecurity portfolio when interviewed by Technical.ly in August 2020. “There is a huge opportunity for companies to educate employees on the risks of remote work.”
2. Underestimating the threat of cyber attacks and your own vulnerability
In January, based in Pittsburgh hornetsecurity published the latest edition of his Cyber Threat Reportwhich found that cybercrimes, including ransomware attacks, are increasing rapidly.
“We believe that raising awareness of cyber threats is really important to us, not only from a marketing perspective, but also because it is one of the biggest risks businesses face today,” Hornetsecurity CTO yvonne bernard he told Technical.ly. “But many companies still don’t realize it until it’s too late.”
3. Being less careful when hiring remotely
Hiring remote workers may seem less laborious than hiring in person, but in fact, you need to be twice as vigilant. In February, technology recruitment company MTC Hunt Group constant mark in the Philadelphia metro area discussed the rise of virtual interview scams, where an interviewee receives answers to technical questions from someone off camera.
“Companies need to be careful because employees can access IP and potentially personal customer data as well,” Constan said. “Working in technology, I had to complete training and compliance around handling data and personally identifiable information, but I had months to complete assessments. So is this scam just to put up contractors and hope no one notices? Or does it go further to access things?
It’s not just potential workers gaming the system (or worse), there are also fake remote job listings stealing personal information.
The best way to avoid these types of scams, Constant said, is to use reputable job placement companies when hiring or looking for work.
4. Clicking on a link that seems urgent without thinking
The COVID-19 pandemic brought with it a spate of phishing scams that took advantage of heightened public anxiety by, for example, claiming they may have been exposed to the virus or offering false information about vaccines.
“There has been a huge increase in COVID-19 phishing emails in recent weeks,” he said. swim connorco-founder of anchor safetya Newark, Delaware cybersecurity firm in March 2020. “They can be much more effective than other phishing scams, and the most susceptible people risk losing their business if they get scammed.”
Phishing emails falsely claiming a vaccine has been approved may be a thing of the past, but beware of unsolicited links claiming to be about a new virus strain or other world events that may provoke an emotional response.
5. Not involving employees in cybersecurity efforts
The best defense against phishing and other common cybercrimes is a well-trained team. In a guest post last August, Lior Koavichief strategy officer and executive vice president Advanced Solutions in McLean, based in Virginia cirenHe discussed some of the risks companies face and emphasized that security awareness training is not enough.
“It is common to find that training is delivered on an infrequent and ad hoc basis, making it unlikely that the knowledge will be absorbed and influence daily habits,” Kohavi wrote.
A better solution, he wrote, was a “collective contracting” approach in which each employee has the tools to actively combat cybercrime at all times.
“With the right tools, workers can become an active and effective part of the company’s defenses against email threats,” he said. “This means ensuring everyone has the ability to scan their own inboxes for threats when they need to. Instead of wasting time squinting at a potentially suspicious message while reminiscing about some half-remembered workout, they can quickly verify their concerns with the click of a button. Emails that contain traits consistent with a malicious message can be immediately forwarded to the IT security team for full investigation.”
6. Blaming yourself if an ad gets a lot of views and few conversions
It’s normal for a number of clicks not to convert, of course, but if you see a lot of clicks with few conversions, you’re most likely a victim of cyber ad fraud, and those clicks are bots. . According to a 2019 juniper research studyad fraud is a $42 billion industry and growing.
“A lot of people are what we call ‘unconscious Adams,'” he said. adam kaminskythen digital marketing specialist for Middletown-based cyber security firm Anuranin September 2020, referring to entrepreneurs who don’t recognize what happens as their ROI declines.
“One tactic is domain spoofing,” Kaminski said. “Basically someone sets up an IP address, sets up four other machines in the same room, but the machines are registered in Europe, South America, Canada, so we can’t really trace all the way back to an individual. But we can recognize that these IP addresses need to be monitored.”