2016 was a record year for malware and phishing data breaches, and according to various industry experts, these hack attacks are only expected to continue increasing throughout this year. With the majority of these incidents occurring due to a lack of malware preventative measures, it’s especially important to educate the workforce on today’s most successful hack attacks to create a solid last line of defense for your company. Here are the top six most destructive attacks:
- Ransomware: Ransomware is enemy #1. It can take down an entire network with one ransom message. The destruction can be minimized, however, by encouraging employees to limit permission of network shares (logins/access) to only those that need it, as well as to back up all important information.
- Phishing: With tax season in full swing, the number of phishing incidents has drastically increased—especially CEO Fraud and W-2 Scams. As a result, the most high-risk users now include accounting and HR employees. To ensure these users are an effective last line of defense for your company, make sure they constantly update and strengthen company email filters and activate an incident response plan to curtail possible damage if a network is breached. For assistance drafting an incident response plan, see more here.
- Phone Scams: All employees should be trained to avoid phone scams because any department could be a target. No passwords or personal information should be provided to unknown or unverified callers. If a bank is calling about a transaction, hang up and dial your bank to make sure the call is legitimate.
- Outdated Antivirus Software: The AV industry’s Virus Bulletin (VB) has confirmed that antivirus software isn’t protecting your computer the way it used to. In fact, proactive detection rates have dropped 10-13% over the past 9 months. This means that nearly one in every 200 malicious emails will make it through the filters, so remind your employees to take precautionary steps to avoid downloading a virus.
- The Internet of Things: All company users should be aware of the Internet of Things, meaning the overall nature of connectedness. No matter where an employee accesses his or her email, wireless protocols are employed to establish that connection. As a result, all employees should be trained to change passwords often and disable remote access to any and all networks.
- High Dependence on Web Services: An over-dependence on web services should also be considered when thinking about a possible attack. To help every employee become an effective last line of defense in this regard, it’s important to discourage shadow-IT, or the establishment of personal storage separate from your IT department storage. This can be more easily breached and there are no reinforcements at the ready if a breach does occur. Additionally, discourage interaction with third-party services online and through mobile apps. In most cases, it’s difficult to tell if the information being shared is actually getting to the right people, or if it is being intercepted along the way. This is especially dangerous if private information is shared.
Overall, it is essential to train your employees, take proactive measures frequently, and stress the importance of online security. Adding an employee firewall can only benefit your IT company, so be proactive instead of reactive!