A Vaccine for Business: 7 Steps, That Will Protect Your Company From Viruses and Cyber Attacks

Featured article by Phil Collins

We have prepared several recommendations that will be useful to all entrepreneurs, regardless of the size of your business – whether it is a popular casino like PlayAmo casino Canada or just a new internet store. First of all, there are three basic principles: confidentiality, integrity, and availability. This triad is the foundation of information security worldwide for all companies, small and large.

1. Use Multifactor Authentication

A joint survey by the University of Maryland and Johns Hopkins University found that about 30% of people have never used two-factor authentication on their devices. And 64% had never heard of it at all.

However, two-factor authentication is an additional layer of security for accessing online platforms or devices. As a rule, the first level is a traditional password consisting of numbers and letters, and the second – additional data, which should be entered by the user. This can be, for example, an electronic signature, biometric data, location identification (when the bank blocks transactions if they are made in an atypical region), and so on.

2. Provide Reliable Control of Cloud Storages

On the evening of July 4, 2019, Google Docs users’ documents, not hidden by privacy settings, were available in Yandex search results. Users themselves drew attention to the Google Docs file output, and information about this quickly spread in social networks. Documents with all kinds of information – from companies’ participation in tenders to credit card passwords – were publicly available. Many of the publicly available documents turned out to be editable and vandalized.

At the same time, it is more difficult to detect unauthorized access to cloud storage, and you can log in to them from anywhere in the world. 61% of SMB users believe that it is not safe to store data in the clouds, but 94% of entrepreneurs still use cloud services. Many companies really don’t trust clouds, but with the right level of control and modern tools that are actively used around the world, it’s a reliable and very convenient technology.

3. Encrypt Information and Segment the Corporate It Network

The U.S. Agency for Cyber Security and Infrastructure Protection considers data segmentation and segregation a necessary condition for planning a company’s IT infrastructure. As the agency points out, this is an effective security mechanism that prevents the spread of viruses and the movement of attackers through the internal network. In a poorly segmented network, criminals can gain access to critical devices and systems, even if they get into the network through a junior employee.

Another critical security measure for companies is data encryption. By 2021, global IP data traffic is projected to be 278,108 petabytes per month. Thanks to encryption, hackers will definitely not be able to hack some of this data – the process assumes that any piece of information is encoded and read-only by a person who can use a special key.

4. Provide Secure Access for Employees Working Remotely

86% of company executives believe that remote employees threaten company data security. Ninety percent of cybersecurity professionals believe the same. Such a high percentage is reassuring to experts – if stakeholders understand the threat, they will invest in it. During the pandemic demand for systems and solutions that provide secure remote work increased dramatically, it was the most popular business request.

One of the surest solutions for remote employee security is to use a VPN, even when employees are working over home Wi-Fi. This tool directs traffic across the Internet from your organization’s private network and thus provides more security. Anyone who tries to intercept encrypted data won’t be able to read it.

5. Provide Regular Cybersecurity Training to Employees

Employee ignorance leads to data breaches and malware infiltration – in 2019, more than 75% of executives were confident that employees accidentally compromised corporate information, while 92% of employees said they did nothing to compromise the business.

Attacks are often unintentional, by company employees themselves, who are unaware of the possible consequences. It is impossible to build a process so that employees are completely deprived of the opportunity to make a mistake. Even work with e-mail can be dangerous: any interaction with a malicious message (opening an attached file, clicking a link, and so on) can lead to an attack.

In order to keep employees from making mistakes, it’s not enough to draw up regulations and send them via email. Cyber training needs to be conducted regularly, at least quarterly: training, lectures, role-playing, otherwise, employees will forget about the danger. In addition, companies should distribute cybersecurity news, memos, rules, and emergency contacts of employees who can respond to a problem as often as possible.

6. Engage Cybersecurity Experts. Don’t Skimp

EY experts say that in 2019, 54% of companies included cybersecurity in the area of expertise requested by the board, up from 40% a year earlier. Meanwhile, only 12% of companies are bringing in outside cybersecurity experts to analyze business risks. However, large companies find it useful to bring in outside experts to assess security systems. Some companies, such as those in the financial sector, are even required by law to do so.

In 2017-2019, 53 companies from different sectors (healthcare, finance, consumer goods, information technology, telecommunications) conducted an experiment – started working with IT, security experts. The average score across companies rose from 6.1 to 8.5 (out of 14 indicators for company security in terms of IT) over the three years of experimentation.

At the same time, the shortage of competent professionals is felt so acutely that during the pandemic, 400 volunteers with cybersecurity expertise banded together in the Covid-19 CTI League group to fight cyber attacks related to the new coronavirus. According to Reuters, the group spans more than 40 countries and includes executives from major IT companies such as Microsoft and Amazon, among others.

7. Regularly Analyze Insider Threats

While corporations and government agencies continue to fortify their computer systems in case of a cyberattack, it is important to remember that employees themselves can also be a security threat. Edward Snowden, who copied and published classified information from the U.S. National Security Agency, is a case in point.

In a Wall Street Journal (WSJ) survey of cybersecurity executives (nearly 400 companies participated), 67% said they were concerned about malicious employees. That’s significantly less than the proportion who viewed cybercriminals as a threat (88%), but more than those who worried about so-called hacktivists and hackers working for the government (63% and 60%, respectively).

Traditionally, the main way to protect organizations from insider attacks was to have the candidate vetted by security services. However, such evaluations of existing employees are usually not conducted. According to WSJ, 76% of insiders do not enter a company with the intention to steal something, but make the decision to commit a crime during work: due to deteriorating financial situation, negative experience, alcohol or drug abuse, poor management, etc.