By Brian Greenberg, CIO/CTO, Partner at Fortium Partners.
This article first appears on Forbes on 2/23/2023.
The average cost of a data breach last year was $9.44MM. Of those companies that did suffer a breach, 60% were forced into bankruptcy within six months. No one wants to end up a statistic like that. Hence, the priority of cybersecurity has increased as a growing concern for businesses in all industries. The security risks come in many forms, from cyber-attacks, phishing, and data breaches to insider threats and vulnerabilities in Internet of Things (IoT) devices. However, most businesses don’t know where to begin and have limited resources and smaller IT teams, if any at all. In this article, I’ll show you what you should be on the lookout for and what high-priority solutions you can employ to address the top issues to be aware of in 2023.
First, things first—cybersecurity threats.
- Cyber Attacks: an increasingly common occurrence in today’s digital age. These attacks can take many forms, such as malware infections, phishing scams, ransomware, and network intrusions. One of the most common types of cyber attacks is ransomware, software designed to encrypt a computer system making it unusable and holding the company hostage for ransom paid in cryptocurrency, often bitcoin.
- Data Breaches: A security incident in which sensitive, confidential, or protected data is accessed, disclosed, or stolen by unauthorized individuals. They can have severe consequences for organizations and individuals whose information has been compromised. There are many ways that data breaches can occur. Some standard methods include hacking, malware infections, and phishing scams.
- Phishing Attacks: a common type of cyber attack in which the attacker uses fake emails, text messages, or websites to trick the victim into giving away sensitive information, such as login credentials or financial information. These attacks can be challenging to recognize, as the attackers often use branding and logos designed to mimic those of legitimate companies or organizations.
- Insider Threats: Insider threats are a type of security risk that occurs when an individual with authorized access to an organization’s systems, networks, or data misuses that access to cause harm. Insider threats can take many forms, including employees who intentionally or unintentionally cause damage, contractors who have access to sensitive information, and third-party vendors who have access to an organization’s systems. Insider threats can be challenging to detect and prevent, as the individuals involved often have legitimate access to the systems and data they are compromising.
- IoT Security: The Internet of Things (IoT) refers to the growing network of connected devices that can communicate and exchange data over the internet. These devices, which include everything from smart thermostats, security cameras, and intelligent lightbulbs to medical devices and industrial equipment, have the potential to revolutionize the way we live and work. However, as the number of connected devices continues to grow, so does the risk of security breaches and other threats. One of the main challenges with IoT security is that not many devices have good protection designed within the device.
The top five things you can do to protect yourself right now are.
- Multi-factor Authentication (MFA): is ubiquitous today and available on most platforms for free. Using MFA is the simplest way to protect your accounts. MFA has the highest rate of return and the most significant impact on protecting you, your organization, and your information. Microsoft has reported that 99.9% of all compromised accounts did not use multi-factor authentication. MFA is available to nearly every organization. All you need to do is turn it on and enforce it in your organization. Indeed, you should turn on MFA on all your accounts as well; LinkedIn, Facebook, Instagram, Gmail, Apple, Microsoft, Slack, Twitter, Amazon, Dropbox, etc… do it, and do it right now.
- Password Management: Good password management is complex and essential, and passwords need to be everywhere. But it doesn’t need to be that hard to manage. Password management solutions are not expensive, and some are free and built into your systems, such as Apple’s iCloud Keychain and Google. Some companies have robust versions that work on many platforms, such as 1Password, which also has versions for businesses that store your MFA token, so you don’t need a separate authenticator app like Google’s or Microsoft’s.
- Audit User Accounts: Add this task to your calendar to review accounts quarterly. Ensure that former employees no longer have active accounts in your system, and all active account holders are limited only to what they are required to do for their jobs. This principle is called the Principle of Least Privilege.
- Update Software: Ensure all your computers are up to date on the latest operating systems, patches, application updates, and anti-virus software. Outdated computers, phones, tablets, etc., pose a security risk to your entire organization. Enable automated updates, get up to date, and reduce your risk.
- Backups: Disaster will strike. It’s not a question of if but when. Be prepared for this inevitability by backing up all computers and data you depend on to keep your business functioning. ‘Trust but verify‘ that your backups work by testing the recovery process regularly. Backup is your insurance policy, it’s not sexy, but you’ll be thankful you have it when disaster strikes. Get started by enlisting a professional to help ensure you’re safely protected instead of taking it all on yourself. The complexity of interdependent systems can make it difficult, and you don’t want any data slipping through the cracks.
- Bonus—CyberSecurity Insurance: Get Cyber Insurance. You get it for your home, your car, your health, and your business. Make sure you have the right coverage for cybersecurity events that’s not included in your regular business insurance. See here for more on cybersecurity insurance.
Businesses are increasingly at risk of cyber-attacks and other security threats. Most companies have fewer resources and less advanced security measures than giant corporations. Therefore security can become an oversight, making companies attractive targets for attackers, who may see them as an easier target. The consequences of a security breach or other cyber attack can be severe. In addition to financial losses, the business may suffer damage to its reputation, which can be challenging to recover. Customers may also lose trust in the company and may be less likely to do business with them. For these reasons, companies must prioritize security to protect their business and customers. By taking these and other steps to improve their security posture, businesses can better protect their business and customers from the risks posed by cyber-attacks and other security threats.
Brian Greenberg is a Partner at Fortium Partners. He works with companies of all types leading technology initiatives, reducing risk, and increasing operational efficiency. He is a contributor and member of the Forbes Technology Council and teaches at DePaul University. Connect with him on LinkedIn and see how he can help your organization reduce risk and organize your IT systems.
You must log in to post a comment.