Cyberattack: prevention is better than cure
Estimated reading time: 5 minutes
We barely finished writing our last blog on the prevention of ransomware attacks against US government agencies, when news related to other cyberattacks hit the newsstands. In the first week of 2020 alone, multiple (inter)national companies and governments reported cyberattacks. To act quickly and effectively in case of cyberattacks like these, Federal police in Belgium set up a Quick Reaction Force in December 2019. The establishment of a federal force shows the severity of the threat cyberattacks pose to institutions all over the world and therefore the importance of cyber security.
Table of contents
According to a 2019 Hiscox Cyber Reading Readiness Report, sixty-one percent of firms, spread across seven countries including Belgium and the US, suffered from cyberattacks in the past year. This is an increase of twenty percent compared to a ‘meagre’ forty-one percent in 2018. The average cost for losses related to cyber incidents per organization rose up from 229,000 to 369,000 dollars. Hiscox also mentions an intensification of cyberattacks: firms reporting four or more cyberattacks have increased from twenty to thirty percent.
As you’ll agree with us, establishing a Quick Reaction Force wasn’t a bad move by Belgian minister of Internal affairs, Pieter de Crem. But the Belgian Quick Reaction Force is (what’s in a name?) set up to react to cyberattacks. However, we think your organization should start investing in preventing them first, so it doesn’t end up being one of the statistics.
Investing in prevention has become even more vital this year, says the 2019 Hiscox Report. More firms fail the cyber readiness test Hiscox provides. To cybersecurity, unfortunately, there’s no generic approach. Therefore, we’ve looked into effective tips on cyberattack prevention that’ll help you get started today. Here’s what we found:
Appoint a head of cybersecurity
According to the 2019 Hiscox Report, the firms that did take action mention appointing a head of cybersecurity: a specific person in the organization who takes care of everything related to cybersecurity, including educating other staff members on cybercrime and the prevention of cyberattacks.
Raise awareness to cybersecurity threats by training your employees. This can be a challenge: nowadays, the variety in cybercrimes is so big – it’s hard for your employees to remember precautionary measures for every form of cybercrime. On top of that, there’s not always time and money to spare for training courses.
A convenient way to train your employees on the prevention of cyberattacks, is repeatedly displaying cybersecurity campaigns on every workstation and every public display. Use digital signage screens or corporate screensavers to do so. To assist you, we’ve created free cybersecurity awareness templates containing instructions and practical tips for your workforce.
This isn’t just a lot less costly than making all your employees take a training course, it’s also more practical. Training and awareness will be more effective when it’s not only dynamic, but also ongoing. As opposed to engaging in a single training moment, your employees will better remember the things they’ve learned when small pieces of information are continuously brought to their attention. This way, they can actually apply them on a daily basis. In doing so, they can form your first line of defense.
Dispose of hard drives accordingly
Erasing, deleting or reformatting confidential information will not completely discard it. Cybercriminals can recover data using specialty software. Hard drives should be erased or destroyed accordingly to make sure sensitive information is thoroughly removed.
Lock your devices
Over 25 percent of employees admitted to leaving their devices unlocked and unattended, says a state of the industry report by information security company Shred-it. Secure your desktop and your mobile device. This applies to assets and data storage as well. Make sure you lock your device every time you leave it unattended, and make sure it auto-locks whenever idle.
In case cybercriminals do find a breach in your defenses, make sure you’ve protected accounts with two-factor authentication. It adds a second step to your log-in process. Adding this additional step will make hacking into your accounts a lot more difficult for cybercriminals. The combination of mental (the password that’s in your mind) and physical (the security key or device you have for the second password) is a strong one. Because of it, criminals won’t be able to use software to automatically log into your account.
Secure your supply chain
According to a 2019 Dell EMC report, 63 percent of organizations suffered at least one hardware-level attack in the last year, and almost 47 percent suffered at least two. This was the result of the exploitation of vulnerabilities in hardware. Hardware-level breaches can be executed by targeting strategic web compromises and software susceptibilities, and by web application attacks. These attacks may have an effect on organizations’ hardware supply chains. Dell EMC urges organizations to properly secure every step in the hardware-supply chain.
Update your devices
Updating your devices usually takes time, which causes people to postpone updating. However, software updates often include critical security updates. In updating your devices, you will make hackers’ lives a lot harder; security vulnerabilities are often addressed in software updates. Enable automatic updates for your devices, making updating a lot easier on yourself.
The battle against cybercriminals is ongoing, expanding and getting more and more complex. Start raising awareness on cybersecurity risks today. Contact us to start preventing cyberattacks. Or download our free checklist on cybersecurity.