Welcome to installment two of our Cybersecurity x Sustainability series. This month, we will focus on prevention strategies that can minimize exposure to potential breaches.
Prevention Activities
Educating ourselves, our family members, and our work teams about cyber risks: what they look like, how they work, and how to prevent them is key. Developing preventive practices such as forwarding “phishy” emails to the IT security team, running virus scans, and completing training on best practices for electronic and data systems can minimize the occurrence of hacker incidents.
Common Cybersecurity Risks
Malware (the abbreviated term for “malicious software”) is a type of software file or program designed to gain access to user files for one or more purposes.
- Ransomware – a type of malware program that encrypts user files, rendering them useless to the owner, with a demand or “ransom” to be paid to have data unencrypted and restored to the owner
- Spyware – malware software used to access and track user credentials including passwords, credit card or bank account information, and other sensitive data
Phishing is a type of cybersecurity risk aimed at tricking users into providing information by pretending to be a legitimate company. Phishing emails can be quite convincing with logos and information that appear to be from a known company.
MitM, or “man in the middle” attacks, come in many different forms. One version that a company’s remote workers should be well aware of is from WiFi Eavesdropping in which an attacker creates a public WiFi network or hotspot that appears to be a legitimate nearby business, then intercepts all the user’s activity and sensitive data.
DNS Spoofing involves the creation of websites that look just like the ones users are used to visiting, so there is no hesitation in entering login data and passwords…but the fake site is controlled by hackers and allows them access to all account data.
Virus Scanning Software
Utilizing reputable virus scanning software with frequently scheduled scans is another way to add a layer of prevention to your cybersecurity prevention protocols. While no virus scan can prevent user-enabled risks, it can be useful in identifying known attempts for hackers to access data.
Work Team Education
Ensuring your staff members are aware of cybersecurity risks and best practices for avoiding errors is key to prevention. If your company has a dedicated IT team, ensure they provide information to employees about opening email attachments, responding to requests for information, and rapidly reporting any suspicious websites, emails, phone calls, or other potential risks.
If you own a small business without an IT team, consider alternate cybersecurity training from an online source such as Travitor or even free videos available on YouTube.
For remote workers, have virus software installed on company-owned devices with automatic updates and scheduled scans. Consider providing secure internet access devices for travel. Inform users about using only password-secured hotspots from personally-controlled devices vs. public WiFi.
Threat Evolution
There is no single resource that can educate and protect users from cybersecurity threats. Hackers aren’t stupid. They are constantly developing innovative ways to breach security systems and trick users into handing over sensitive data.
This means that we are each responsible for shifting our perspective to assuming every access point should be critically evaluated prior to entering sensitive data.
Coming Up
Stay tuned for next month’s discussion of protection methods aimed at limiting access, utilizing software systems, and having policies and procedures in place for rapid identification of threats and incidents.
Join the Inner Circle
Fine, so it’s more of a lumpy collection of protons and neutrons than a circle, but we call it The Nucleus, Orbital Project Management’s inner circle of information…delivered right to your inbox.
