Every year, data breaches cripple small businesses. In fact, according to Security Magazine, small businesses are the #1 target of cybercriminals. As a consequence, 60% of small businesses close within six months following a cyberattack. It is important for small business owners to understand the importance of data security. Further, they need to know how to achieve it. With this in mind, we’ve created this “cheat sheet”: 6 Data Security Tips for 2021.
Is your organization prepared for the increasing sophistication of organized cybercriminals? Bad actors are now using home offices as criminal hubs, taking advantage of unpatched systems and architectural weaknesses. Those breaches do more than just shake your company’s security — they also shake your customers’ confidence in your company.
Since February 2020, there has been a 600% increase in phishing. Moreover, 67% of businesses have experienced an IoT (Internet of Things) security incident. In Canada, nearly one-quarter of small businesses have fallen victim to cyberattacks since the Covid-19 pandemic began. And according to Statista, the average cost to U.S. businesses affected by a data breach in 2020 amounted to $8.64 million, up from $8.19 million in the previous year. In addition, 83% of small businesses do not carry cyber liability insurance.
In 2021, data security professionals are hyper-focused on 4 major threats: phishing, ransomware, IoT hacks, and 5G vulnerabilities. Each threat has become heightened during the Covid-19 pandemic as a result of the number of businesses that have transitioned to virtual-only operations.
4 Major Security Threats
1. Phishing
Phishing is a type of social engineering (the psychological manipulation of people into performing actions or divulging confidential information). In phishing, an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software, like ransomware, on the victim’s infrastructure.
Social engineering is sophisticated. For example, it can be used to mimic a supervisor’s email account, which then sends a message to an employee to ask for banking information and credit card details.
In spear phishing, links that contain malicious code are sent via online platforms such as Facebook Messenger. When you click on the link, you unleash a security firestorm.
These combined phishing tactics enable hackers to steal a small business’s critical financial, confidential and customer information in the blink of an eye.
2. Ransomware
Ransomware is a type of malware in which the hacker threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid to the hacker. It has been a problem for quite some time, but the sad reality of COVID-19 is that hackers have been working harder than ever to harm corporate entities through cyberattacks. Whether they’re a disgruntled employee or a vigilante hacker putting malware on a business’s computer system, one individual is enough to harm any company’s stability.
But this is not the only threat.
3. Internet of Thing (IoT) Hacks
IoT security is the technology segment focused on safeguarding connected devices and networks in the internet of things (IoT). Hi-Tech Security Solutions warns that there will be many new high-profile IoT hacks in 2021, some of which will make headline news, and Advanced Persistent Threats (APT) attacks will be widely available from criminal networks.
IoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. The dark web will allow criminals to buy access to more sensitive corporate networks.
4. 5G Vulnerabilities
A growing number of 5G vulnerabilities will become headline news as the technology grows. 5G is expected to cover almost 40% of the world by 2024, with data transfer speeds of up to 10 Gbps or more.
While the technology will certainly make life easier, it will also open the door for new cybersecurity threats to emerge. With high-speed data transfers, hackers will have the ability to infect data packets and conduct corporate espionage — all while remaining unnoticed.
As a result, much higher levels of security and monitoring will be required once 5G becomes the standard form of cloud-based data transfer and communication.
6 Data Security Tips for 2021
1. Have a secure, sophisticated hardware architecture multi-factor authentication instead of just passwords. According to Statista, 62% of U.S. companies have implemented two-factor authentication. Many colleges and universities across the country use the Duo Mobile app for this purpose. With Duo’s single-tap, user-friendly interface, users can quickly verify their identity by approving push notifications before accessing applications. It’s just as quick to deny an unfamiliar login attempt, so users can easily stop fraudulent attempts to access company data.
After entering their username and password, users must then do one of two things: 1) click on “send me a push,” which generates an “approve” prompt on the user’s phone, or 2) “enter a passcode,” which generates a 6-digit code to be entered in Duo Mobile. Successful completion of either of those two actions enables users to access websites, e-mail programs and other organizational platforms.
2. Safeguard your company’s hardware with cloud storage. Here at EZnet, we recommend storing data in the cloud, which capability we provide all EZnet Scheduler® customers. EZnet Scheduler appointment scheduling software is a cloud-based SaaS, which means we store our customers’ data in our cloud-based servers, including data pertaining to their customers or patients (for companies in healthcare). We have advanced security measures in place to keep data safe and secure.
3. Back up your data. No matter how diligent you are with data security, hackers will still try to get into your network—sometimes successfully—and encrypt your data with ransomware. Hence, backing up your data is an absolute “must.”
4. Sponsor employee cybersecurity training. Some organizations build cybersecurity into their company culture. For example, the University of California – Berkeley Extension, makes cybersecurity a required one-hour annual professional training for faculty and staff. In this way, the university keeps its data (i.e. – student data, financial data), LMS and e-mail system as secure as it can be.
5. Use firewalls to protect enterprise networks. A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. In essence, a firewall serves as a barrier between a trusted network and an untrusted network, such as between a private internal network and the public Internet.
6. Purchase cyber liability insurance. Cyber liability insurance covers financial losses that result from data breaches and other cyber events. This becomes a priority when your company or medical practice stores sensitive information pertaining to customers or patients, including social security numbers, health insurance I.D. numbers, credit card data or banking information.