Cybercrime is increasing. Even before Corona, the number of attacks on company networks was alarmingly high. In the global State of Ransomware 2020 study by Sophos, 57% of companies state that they have been victims of ransomware. Since home office and remote work have dominated everyday work in many places, organizations around the world have seen a significant increase in cyber-attacks.
E-mails and e-mail attachments in particular are typical gateways for hackers to break into company networks silently and in the shortest possible time with the help of harmful software. All data on servers and in the clouds fall victim to the attackers without protection if there is insufficient IT security. Experts report on known cases of organized crime in which large sums of money are demanded the decryption of company data. There is also industrial espionage and data abuse in online banking or online shopping. More than ever, organizations should protect themselves adequately, because simple virus protection is no longer enough these days. According to a computer security consultant, the following protective measures against cyber-attacks are the most important:
Make your employees aware of IT security and train them to deal with threats
People are still one of the greatest risks when it comes to corporate IT security. Since many employees work from home or switch flexibly between the office and homework, it has become even more important that the workforce is made aware of IT security. According to the Bitkom study Trust & IT Security 2020, most internet users are of the opinion that they are responsible for protecting their personal data themselves. Therefore, inform and train your employees comprehensively on the prevention of cyber-attacks:
Examine emails very critically:
Tell-tale signs of an email with malicious software include general salutations, alleged urgency, the request to disclose private data or verify an account, small spelling or grammar deviations, or cybersquatting, i.e., websites similar to www.go0gle.com. Employees familiar with the tell-tale signs will soon develop an eye for phishing emails.
Use VPN on public networks:
Since public networks are not sufficiently secure due to the unencrypted data traffic, you should explicitly ask employees to dial in anytime and anywhere via the company's VPN client.
Create secure passwords and change them regularly:
There are several ways to create strong passwords. Provide the workforce with a password guide and enforce regular changes to the passwords for all system-relevant accesses. In addition, all end devices should be configured in such a way that they lock themselves after a few minutes after inactivity and then have to be unlocked again with a password, fingerprint, or Face ID.
Since an email is often not enough to shake up busy colleagues, internal company workshops or information evenings are ideal.
Keep all systems up-to-date and secure, and do regular espionage checks
As a company, do not become negligent either and ensure the best possible protection for all systems:
· Patch early and often.
· Perform back-ups regularly.
· Keep current backups offline.
· Only allow access rights to third party apps/programs that are really needed.
· Protect data no matter where it is.
Make it as difficult as possible for hackers to break into your systems and gain access to sensitive company data. If a cyber-attack is successful and causes greater damage, you are at least protected against ransomware with backups.
Equip your employees with suitable work equipment even in the home office
While there may be excellent work equipment available in the office, mobile workstations in the home office and the like bring new needs with them. Thus, the security hardware must be mobile and flexible, but also state-of-the-art in order to guarantee maximum security. Especially when you are out, all devices should be protected from unauthorized access or the eyes of others. The following features increase the necessary safety standards for employees' work equipment at home:
- Hardware for face recognition, including suitable software, e.g., Apple Face ID or Windows Hello
- Fingerprint scanner
- Integrated privacy protection for the screen, e.g., HP Sure View
- Hard disk encryption, e.g., Microsoft Bitlocker
Make cyber-attacks more difficult where the first contact between victim and perpetrator usually takes place, and support your employees in the home office as well as in the office.
Invest in the best security software and anti-ransomware technology
Unfortunately, simple virus protection is no longer enough to protect a company from ransomware, industrial espionage, and data misuse. The following protective measures are urgently recommended:
Firewall as basic protection of the company network
A tried and tested firewall to protect your company network from cyber-attacks.
Individual proof of identity through 2FA
The 2-factor authentication offers further individual protection and should be used especially in security-critical areas of application within your company processes. For example, security tokens, PIN queries via SMS, fingerprints, or iris recognition are already used as a second factor of authorization in organizations.
Conclusion: Protect yourself comprehensively against cyber attacks
Hackers penetrate company networks faster than most employees suspect. It is all the more important to tackle cyber-attacks with protective measures at all levels. Well-trained employees who have developed an eye for dangerous malware close the first gateway. Correctly equipping corporate IT with reliable security software and anti-ransomware technology as well as security-compliant hardware makes it more difficult for cybercriminals to cause damage to the company network.
About Computer Forensics Lab
Founded in 2007, Computer Forensics Lab has gradually assembled a team of top computer forensics specialists and digital forensics investigators. We have many years of experience in advanced data recovery and digital forensics investigation.
Media Contact
Joseph Naghdi
Computer Security Consultant & Forensics Analyst
Website: https://computerforensicslab.co.uk
Email: [email protected]