Cyber security threats: how to protect our data from invisible enemies?

2021 10 22

Author: Giedrius Saulėnas

Along with the rapid digital technology development, the risk of facing cyber challenges for companies increases. Cyber hackers also took unique advantage of a pandemic situation: not all businesses had the chance to upgrade security systems during quarantine. People started using their work computers for personal needs, naturally forgetting computer security essentials.

Frequently, security issues start not with systemic errors but with the human factor. Every employee needs to know how to recognize and find security vulnerabilities before making them malicious.

Bearing in mind that the whole world suffers from cyber-attacks, in this blog post, we present key advice from our colleague Penetration tester Giedrius Saulėnas, also calling himself an ethical hacker. Discover how to protect the company and employees from cyber-attacks by simple means.

Evaluate if it is worth opening suspicious emails

Employees often face fraudulent phishing attacks, occurring due to people’s indiscretions. According to the Privacy Redefine statistics, in 2021, 56% of IT experts consider phishing to be one of the most dangerous IT security threats in the United States alone. The same survey data shows that every minute phishing attacks cause US companies around $18,000 in damage.

International research also states that as many as 96% of phishing attacks occur through sending emails. While security experts always point out to avoid opening suspicious emails, some people still don’t take the potential danger seriously.

“Opening a suspicious letter and clicking on a provided link might be dangerous. It is therefore crucial not to lose attention and to be critical of all incoming emails. You may ask yourself such questions: Do I know the contact? Is it written from an official postal address that I know? Take a closer look at the email title – are not there any mistakes? Attackers are extremely skilled in exploiting the principles of social engineering. That’s why detecting fraudulent letters might be complex, so it is necessary to be able to recognize such letters,” Giedrius highlights.

Thus, companies that want to strengthen their employees’ cyber security skills should organize relevant information security training. Although a company has already had such training, security-related information needs to be repeated regularly since the scale of fraud attacks only expands. Also, when new employees are recruited, it is difficult to be sure that their IT security knowledge meets current security requirements.

Update your devices regularly

Remote work has produced new difficulties in managing work equipment and making it more challenging for companies to ensure equipment safety. People started to use their work equipment for personal purposes and often kept forgetting to update current software.

“When a device is not connected to a company’s infrastructure, it is harder to make sure it is free of malware. Before returning to work in the office and connecting to the corporate network, it is vital to ensure that the latest operating system and antivirus program updates are installed. Although, the software may be automatically updated, it is employees’ responsibility to make sure that each device meets safety requirements,” reminds Giedrius.

Without operating system updates, you run the risk of failing to connect to company resources when you return to the office. Even if you can connect to your corporate internal network without updating your device, you could potentially compromise the security of the data on your device.

This year, a team of researchers from the Westphalian University of Applied Sciences conducted a study and found that, on average, one software device has 8 security vulnerabilities. The study proves once again the need to spread the word about the software updates importance. Not regularly updated software opens more and more opportunities for malicious programmers to cause cyber security challenges.

Significant data leaks are often related to out-of-date software. Therefore, if a software or operating system manufacturer sends notifications about required system updates, be quick to do so on your personal and work computers.

Ensure a complete security of confidential information

Sincere but efficient advice is deliberating information and access protection from the eyes of others. Remember that when working in offices, you are no longer alone in the workplace. For example, if you are working with sensitive documents, keep in mind that your colleagues might see such documents while passing by you. In this case, the confidentiality of the information you work with may be compromised.

It is necessary to lock your computer after leaving it, even for a short time. According to Giedrius, leaving an unlocked computer unattended can have negative consequences afterward. While you undoubtedly trust your colleagues, there is always the risk that a person with malicious intent who has entered the premises by social engineering may visit the office. Making such a seemingly small mistake when you leave your computer unlocked and step back for a short time, thinking you won’t take long to make coffee, can cost a lot.

Giedrius assumes: “A few minutes are still enough to send an email from an unlocked computer and activate a cyber-attack. Also, even if a person with malicious intentions does not come to an unlocked computer, a colleague can catch a joke by sending out funny or compromising information from your mail.”

It is noticeable that cyber hackers prefer small and medium-sized businesses, which usually have multiple security vulnerabilities caused by human factors, ignorance, or lack of attention to IT security. Last year, BullGuard carried a study in the US and UK and acknowledged that only one in five small and medium-sized businesses use information storage systems. Moreover, a third of these companies use free versions of security technologies that do not provide comprehensive protection for software and internal systems.

There are not too small companies for malicious hackers. Once they have access to one system, they can easily reach even larger ones. Without a doubt, IT security needs to be essential to everyone these days.