We all know that cyber attacks in 2020 have gone through the roof due to COVID, in part due to the massive shift of more people working from home. This shift from more secure office-centric networks to home-based workers has given hackers new avenues for attacks. But every year we have always been busiest helping companies recover from cyber attacks during the holidays. Hackers love the holidays, because shoppers and companies tend to be more lax about cybersecurity. E-commerce purchases are already up by 21 percent over last year, too, as more people shop from home.
Especially this year! With in-person activities discouraged, and work from home encouraged, it’s highly likely that an employee might use their business computer to do a little shopping after work hours. As many of our clients have discovered, all it takes is one person opening one legit-looking phishing email—and clicking on the link in that email—for the hacker to insert malicious code into the company’s network via that person’s computer. And in most cases, that code was not found by their MSP when they went looking.
This is a very common occurrence, but it’s worse now. A significant 53 percent of IT professionals surveyed recently said they had seen an increase in phishing since the start of COVID. And, all IT managers will tell you that their biggest concern is “the human factor.” No matter how much they do to secure the network, one unsuspecting worker can start a very dangerous and expensive chain of events.
What can you do to keep your company and workers safe?
It’s time that all of us business owners take cybersecurity as seriously as we do finance, marketing, manufacturing, sales, and other essential aspects of our companies. Because, in fact, one ransomware attack can stop all of this work, and, in the long run, even cause your company to go out of business. Sixty percent of companies experiencing a cyber attack go out of business within six months.
We highly recommend sending out a notice, preferably from the head of your company, stressing the importance of being careful while shopping from home, and listing what each person should do to keep that individual or the company from being a victim. The list should include:
- Encrypting their personal computer. This isn’t difficult to do on the popular operating platforms, and it shouldn’t have a negative effect on their computer’s performance.
- Keep personal computers up to date with upgrades. Most upgrades address any security issues in operating systems or applications.
- Never, ever click on a link in an email, even if it looks legit. There’s usually a way to get to the same location by going to that company’s site. This is especially true for any holiday “greeting cards” or “special deals.” And yes, even from people you know. They may have been hacked and the hacker is now pretending to be them. If you are expecting the email from the person, it should be ok.
- Be careful where you shop. We know of a company owner who innocently bought some lace from Estonia; the next thing she knew, her Facebook account had been hacked and someone was running ads for Russian gummies. Once they get into your computer, there is no end to the damage they can do.
- Never use unsecured Wi-Fi networks. They are open doorways to hackers.
- Don’t use the same passwords for multiple accounts. It’s actually better to use password managers such as LastPass or Dashlane; they’ll make it easier for you to use those garbled passwords—a different one for each site—that are more secure.
- Use 2-factor authentication wherever you can. It’s just the right way to do things now. Better to get on board.
- Be careful with your personal devices. Even your phone could let someone into the corporate network, not to mention all your personal information.
- Set up your credit cards so they notify you via email when there’s a charge. This is one of the fastest ways to detect fast-spending fraud. And when you do shop, it’s best not to store your credit card information with the merchant. Yes, it saves you a few seconds each time you buy, but it also multiplies the number of sites that have your personal information.
Here’s the bare minimum of what you need to do, as the company’s leader, for your company’s sake.
- Don’t assume you are safe. Cyber attackers are known to “dwell” in a company’s network undetected for months—accessing, downloading, and sharing confidential customer, employee, and company information and getting ready to launch a full-on ransomware attack. Normal IT checking won’t find that well-hidden malicious code. The best action you can take is to get a compromise assessment, where experienced cybersecurity experts scan your digital environment for signs of compromise.
- You should have a written cybersecurity policy—no matter how small your company is. Every worker should have a copy and there should be a quarterly review of the mandates.
- You should build 2-factor authentication into all your systems. This is true of email accounts, your internal chat program, and your site application.
- Your company should have a Chief Information Security Officer (CISO). Cybersecurity has gotten so complex and changes so quickly that it’s not enough to have an IT person or a managed service provider. You need a specialist. If you don’t have a budget for a full-time person, hire a virtual CISO.
- As mentioned above, make sure all your applications are up to date. Bug fixes and security patches are the main reasons that your apps should be updated.
This is a positive time of year for many; even with limitations on travel and gatherings, we are still thinking of friends and family, shopping, and meeting virtually. But the increase in attacks during the holidays are real. It’s just the way life is now, and it is definitely more positive to be safe than sorry.