With Black Friday coming to a close, Cyber Monday begins. But, rather than focusing on shopping for deals on computer software and hardware, it might be better to think about your cyber threat management and how to combat cybercrime (cyber crime). Just like with Black Friday, many malicious actors try to take advantage of Cyber Monday to sneak past your company’s network security architecture to steal data.
So, before your employees start sorting through all of the online deals for tech-themed gear, you might want to improve their cybersecurity awareness—and, take a few other precautionary measures.
The Cost of Cyber Threats
In the cybersecurity business, an ounce of prevention is worth well more than a pound of cure. After all, according to research sponsored by IBM, “the average cost of a data breach globally is $3.86 million.” This figure doesn’t include all of the indirect costs of a data breach, either.
Aside from the immediate monetary costs of trying to recover from a breach of your company’s network security architecture, there are hidden costs that can be difficult to quantify, such as a blow to your reputation and loss of business when customers leave for fear of further data loss or theft.
The worst cost, however, is the risk that your business could go under. According to research cited by Inc.com, “As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.”
Raising Cybersecurity Awareness
It should be noted that many data breaches are the result of employee mistakes—as stated by Tech Republic, “more than 40% of senior executives and small business owners report that employee negligence or accidental loss was the root cause of their most recent data security breach.” Worse yet, that same Tech Republic article notes that “more than 25% of United States workers admit to leaving their computer on and unlocked when they go home at the end of the day—a behavior that breaks every security best practice policy ever implemented.”
Simply improving employee awareness of cyber threats and best practices could do wonders to curtail unsafe cybersecurity practices. The question is, “how can you increase cyber threat awareness so employees engage in safe shopping online (and keep to cybersecurity best practices at work)?”
Some basic cybersecurity awareness measures include:
- Setting up a Formal Cybersecurity Training Program. Many companies put their employees through a basic cybersecurity training program. However, the trick is to not treat this training as a “one and done” solution; rather, it should be an ongoing part of your business—complete with refresher courses and integration with your onboarding process so every new employee starts with a set baseline of cybersecurity knowledge.
- Testing Employee Awareness of Cyber Threats. It’s important to reinforce training with periodic tests of the knowledge the training was meant to convey. For example, sending out imitation phishing emails to test whether employees fall victim to them—or, putting together a quick quiz to test employee knowledge about cybersecurity best practices during department meetings or similar events.
- Circulate Stories about Major Cybercrime Events. If another business in your industry suffers a major data breach, share the story with your teams so they can learn from the examples of others. This helps reinforce the importance of following cybersecurity best practices.
- Implementing a Cyber Threat Intelligence Solution. Cyber threat intelligence solutions help companies stay abreast of emergent cyber threats that they may have to contend with. Many managed security service providers (MSSPs) use a variety of threat intelligence feeds to proactively monitor new cyber threats and improve their customers’ network security architectures against them.
Types of Cyber Threats to Watch Out For
There are innumerable attack methods that cybercriminals will employ against your business. Many of these threats ebb and flow in popularity as attackers discover new vulnerabilities or exploits—and as security service providers find new ways to protect against these cyber threats.
Some common attack methods to watch out for include:
- Phishing and Spear-Phishing Attacks. The basic idea behind a phishing attack is that the attacker sends an email or other communication to a person in an organization—usually with the goal of tricking them into willfully handing over sensitive information. This information could be user login credentials, financial information, proprietary company data, or anything else that could be used or sold for a profit. Alternatively, the goal of the phishing email could be to get the victim to download malware that the attacker can use to meet their objectives.
- Ransomware Attacks. While on the decline as more companies learn to use disaster recovery solutions to thwart them, ransomware attacks are still commonly used against small to midsize businesses (SMBs) that may not have the resources for a comprehensive data backup solution. These attacks rely on malware to encrypt the victim’s data. Once encrypted, the attacker offers to provide the encryption key if a ransom is paid.
- Distributed Denial of Service Attacks. Abbreviated as DDoS attacks, this form of attack can use a variety of methods to bring down a victim’s network so they cannot deliver critical services. Much of the time, these attacks are used to either mask another attack type or to make a political statement. Businesses can be especially vulnerable to DDoS attacks during major shopping events like Black Friday/Cyber Monday because they’re busy handling the increased traffic to their site.
- Phony Online Storefronts. Some cybercriminals will set up fake online storefronts during major shopping events to try and trick people into visiting them. Once on the malware-laden site, your employees may get their information stolen and have malware downloaded to their computers—among other potential consequences. This is why it’s important for your employees to practice safe shopping online at all times.
Need help protecting your business from cybercrime? Speak to a cybersecurity expert today to learn more!